*scratch*

In PasswordResetsController < ApplicationController

before_filter :require_no_user
before_filter :load_user_using_perishable_token, :only => [:edit, :update]

def create
  email = params[:email]
  user = User.find_by_email(email)
  unless user.nil?
    user.reset_perishable_token!
    user.save!
    Notifier.deliver_password_reset(user, edit_password_reset_url(:id => user.perishable_token))
  end

  flash[:notice] = I18n.translate('flash.password_reset_request')

  redirect_to(root_url)
end

private

def load_user_using_perishable_token
  @user = User.find_using_perishable_token(params[:id], DURATION_OF_PASSWORD_RESET_TOKEN_IN_MINUTES.minutes)
  unless @user
    flash[:notice] = I18n.translate('flash.invalid_password_reset_code')
    redirect_to(new_password_reset_url)
  end
end



In User < ActiveRecord::Base

acts_as_authentic do |c|
  # for available options see documentation in: Authlogic::ActsAsAuthentic
  c.logged_in_timeout = 3.hours
  c.login_field = :email
  # when blank, should not receive an error about length and an error about format
  c.merge_validates_format_of_email_field_options(:allow_blank => true)
  c.validate_login_field = false
  # can have blank passwords because we allow OpenID
  c.ignore_blank_passwords = false
  c.openid_optional_fields = [:country]
  c.transition_from_crypto_providers = [Authlogic::CryptoProviders::OldHash]
  c.crypto_provider = Authlogic::CryptoProviders::Sha512
end