My App has logins uniqe to each Account, where accounts have a subdomain.
I then override the find_for_authentication method in the User model. I got this method from the wiki: This works great for logins.
However, user from one subdomain can send a reset from other subdomains, because the find_for_authentication method is not used for that.
How can I restrict the password reset functionality to find only users for that account/subdomain?
