From 8c50655ff2d905aa32ead7c2ae4bf8337ada6120 Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Sun, 15 Jun 2014 10:58:53 -0700
Subject: [PATCH] Disable IP check for password recovery, resolves #376

---
 lib/web/account.js | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/lib/web/account.js b/lib/web/account.js
index d091a639..728331a4 100644
--- a/lib/web/account.js
+++ b/lib/web/account.js
@@ -645,6 +645,8 @@ function handlePasswordReset(req, res) {
  * Handles a request for /account/passwordrecover/<hash>
  */
 function handlePasswordRecover(req, res) {
+    logRequest(req);
+
     var hash = req.params.hash;
     if (typeof hash !== "string") {
         res.send(400);
@@ -663,18 +665,6 @@ function handlePasswordRecover(req, res) {
             return;
         }
 
-        if (row.ip && row.ip !== ip) {
-            sendJade(res, "account-passwordrecover", {
-                recovered: false,
-                recoverErr: "Your IP address does not match the address " +
-                            "used to submit the reset request.  For your " +
-                            "security, only the IP which initiates the reset " +
-                            "may reclaim an account.",
-                loginName: false
-            });
-            return;
-        }
-
         if (Date.now() >= row.expire) {
             sendJade(res, "account-passwordrecover", {
                 recovered: false,