Very minor UX nit. Clicking "change password" in the dashboard sends an email with a reset link, but the reset page only shows up in a logged-out session.
If you're logged in, the link just redirects to the dashboard homepage. Since users will typically still be logged in when the email arrives (they just clicked the change password button from inside the dashboard), they'll need to logout first.
Either a "log out first" line in the email, or having the link end the current session before serving the reset page, would smooth this over.
---
Thanks for building this, useful for some home projects.
Thanks, will look into what the best path would be. adding to the bugs list :)
Marking as fixed, was a prior html change that i overlooked
please have a go but right now it should not matter if you are logged in or not, the reset_token takes precedence.
Thanks for reporting!