X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/141eecb858cce126452baeb16905e25b6ceb13c6..06901b878f2c8057a6f9b7d2e0adfda425c68dee:/app/Access/Controllers/ResetPasswordController.php

diff --git a/app/Access/Controllers/ResetPasswordController.php b/app/Access/Controllers/ResetPasswordController.php
index eae4e5e25..a8a45dddf 100644
--- a/app/Access/Controllers/ResetPasswordController.php
+++ b/app/Access/Controllers/ResetPasswordController.php
@@ -66,7 +66,7 @@ class ResetPasswordController extends Controller
         // redirect them back to where they came from with their error message.
         return $response === Password::PASSWORD_RESET
             ? $this->sendResetResponse()
-            : $this->sendResetFailedResponse($request, $response);
+            : $this->sendResetFailedResponse($request, $response, $request->get('token'));
     }
 
     /**
@@ -83,7 +83,7 @@ class ResetPasswordController extends Controller
     /**
      * Get the response for a failed password reset.
      */
-    protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
+    protected function sendResetFailedResponse(Request $request, string $response, string $token): RedirectResponse
     {
         // We show invalid users as invalid tokens as to not leak what
         // users may exist in the system.
@@ -91,7 +91,7 @@ class ResetPasswordController extends Controller
             $response = Password::INVALID_TOKEN;
         }
 
-        return redirect()->back()
+        return redirect("/password/reset/{$token}")
             ->withInput($request->only('email'))
             ->withErrors(['email' => trans($response)]);
     }