Delete any outstanding tokens when a user changes their email

This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.

app/controllers/users_controller.rb

@@ -366,7 +366,7 @@ class UsersController < ApplicationController
         else
           flash[:errors] = current_user.errors
         end
-        token.destroy
+        current_user.tokens.delete_all
         session[:user] = current_user.id
         redirect_to :action => "account", :display_name => current_user.display_name
       elsif token

app/models/user.rb

@@ -56,7 +56,7 @@ class User < ApplicationRecord
   has_many :sent_messages, -> { where(:from_user_visible => true).order(:sent_on => :desc).preload(:sender, :recipient) }, :class_name => "Message", :foreign_key => :from_user_id
   has_many :friendships, -> { joins(:befriendee).where(:users => { :status => %w[active confirmed] }) }
   has_many :friends, :through => :friendships, :source => :befriendee
-  has_many :tokens, :class_name => "UserToken"
+  has_many :tokens, :class_name => "UserToken", :dependent => :destroy
   has_many :preferences, :class_name => "UserPreference"
   has_many :changesets, -> { order(:created_at => :desc) }
   has_many :changeset_comments, :foreign_key => :author_id