From f9f94e21d10676aaa4a8a6809cb3bbc2fa60f536 Mon Sep 17 00:00:00 2001
From: Tom Coleman <tom@thesnail.org>
Date: Mon, 15 Aug 2016 12:01:56 +1000
Subject: [PATCH] Fix issue with `_expirePasswordResetTokens` for #7534

Also added a test to actually execute this code
---
 packages/accounts-base/accounts_server.js    |  2 +-
 packages/accounts-password/password_tests.js | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/packages/accounts-base/accounts_server.js b/packages/accounts-base/accounts_server.js
index f694b3a2bb..abeebd651a 100644
--- a/packages/accounts-base/accounts_server.js
+++ b/packages/accounts-base/accounts_server.js
@@ -1140,7 +1140,7 @@ Ap._expirePasswordResetTokens = function (oldestValidDate, userId) {
       { "services.password.reset.when": { $lt: +oldestValidDate } }
     ]
   }), {
-    $pull: {
+    $unset: {
       "services.password.reset": {
         $or: [
           { when: { $lt: oldestValidDate } },
diff --git a/packages/accounts-password/password_tests.js b/packages/accounts-password/password_tests.js
index fcabdfe8d3..61c78060e4 100644
--- a/packages/accounts-password/password_tests.js
+++ b/packages/accounts-password/password_tests.js
@@ -1468,6 +1468,20 @@ if (Meteor.isServer) (function () {
       }, /Incorrect password/);
     });
 
+  Tinytest.add(
+    'passwords - reset tokens get cleaned up',
+    function (test) {
+      var email = test.id + '-intercept@example.com';
+      var userId = Accounts.createUser({email: email, password: 'password'});
+      Accounts.sendResetPasswordEmail(userId, email);
+      test.isTrue(!!Meteor.users.findOne(userId).services.password.reset);
+
+      Accounts._expirePasswordResetTokens(new Date(), userId);
+
+      test.isUndefined(Meteor.users.findOne(userId).services.password.reset);
+    }
+  )
+
   // We should be able to change the username
   Tinytest.add("passwords - change username", function (test) {
     var username = Random.id();