diff --git a/app/models/email_token.rb b/app/models/email_token.rb
index b20450be78f..820ea078f9b 100644
--- a/app/models/email_token.rb
+++ b/app/models/email_token.rb
@@ -23,10 +23,6 @@ class EmailToken < ActiveRecord::Base
     SiteSetting.email_token_valid_hours.hours.ago
   end
 
-  def self.confirm_valid_after
-    SiteSetting.email_token_grace_period_hours.hours.ago
-  end
-
   def self.unconfirmed
     where(confirmed: false)
   end
@@ -52,7 +48,7 @@ class EmailToken < ActiveRecord::Base
 
     user = email_token.user
     failure[:user] = user
-    row_count = EmailToken.where(id: email_token.id, expired: false).update_all 'confirmed = true'
+    row_count = EmailToken.where(confirmed: false, id: email_token.id, expired: false).update_all 'confirmed = true'
 
     if row_count == 1
       { success: true, user: user, email_token: email_token }
@@ -85,8 +81,8 @@ class EmailToken < ActiveRecord::Base
 
   def self.confirmable(token)
     EmailToken.where(token: token)
-              .where(expired: false)
-              .where("(NOT confirmed AND created_at >= ?) OR (confirmed AND created_at >= ?)", EmailToken.valid_after, EmailToken.confirm_valid_after)
+              .where(expired: false, confirmed: false)
+              .where("created_at >= ?", EmailToken.valid_after)
               .includes(:user)
               .first
   end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 3967ac041af..5510f1f157e 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -977,7 +977,6 @@ en:
     prioritize_username_in_ux: "Show username first on user page, user card and posts (when disabled name is shown first)"
 
     email_token_valid_hours: "Forgot password / activate account tokens are valid for (n) hours."
-    email_token_grace_period_hours: "Forgot password / activate account tokens are still valid for a grace period of (n) hours after being redeemed."
 
     enable_badges: "Enable the badge system"
     enable_whispers: "Allow staff private communication within topics."
diff --git a/config/site_settings.yml b/config/site_settings.yml
index ab87f039bb6..06dbc812979 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -389,7 +389,6 @@ users:
   email_token_valid_hours:
     default: 48
     min: 1
-  email_token_grace_period_hours: 0
   purge_unactivated_users_grace_period_days: 14
   public_user_custom_fields:
     type: list
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 6d606493193..694fd7bd4e7 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -266,6 +266,19 @@ describe UsersController do
         expect(session["password-#{token}"]).to be_blank
       end
 
+      it 'disallows double password reset' do
+
+        user = Fabricate(:user, auth_token: SecureRandom.hex(16))
+        token = user.email_tokens.create(email: user.email).token
+
+        get :password_reset, token: token
+        put :password_reset, token: token, password: 'hg9ow8yhg98o'
+        put :password_reset, token: token, password: 'test123123Asdfsdf'
+
+        user.reload
+        expect(user.confirm_password?('hg9ow8yhg98o')).to eq(true)
+      end
+
       it "redirects to the wizard if you're the first admin" do
         user = Fabricate(:admin, auth_token: SecureRandom.hex(16), auth_token_updated_at: Time.now)
         token = user.email_tokens.create(email: user.email).token
diff --git a/spec/models/email_token_spec.rb b/spec/models/email_token_spec.rb
index cf62b1c5cd3..edbfff853cc 100644
--- a/spec/models/email_token_spec.rb
+++ b/spec/models/email_token_spec.rb
@@ -90,16 +90,6 @@ describe EmailToken do
         expect(user.send_welcome_message).to eq true
       end
 
-      context "when using the code a second time" do
-
-        it "doesn't send the welcome message" do
-          SiteSetting.email_token_grace_period_hours = 1
-          EmailToken.confirm(email_token.token)
-          user = EmailToken.confirm(email_token.token)
-          expect(user.send_welcome_message).to eq false
-        end
-      end
-
     end
 
     context 'success' do
@@ -120,13 +110,7 @@ describe EmailToken do
         expect(email_token).to be_confirmed
       end
 
-      it "can be confirmed again" do
-        EmailToken.stubs(:confirm_valid_after).returns(1.hour.ago)
-
-        expect(EmailToken.confirm(email_token.token)).to eq user
-
-        # Unless `confirm_valid_after` has passed
-        EmailToken.stubs(:confirm_valid_after).returns(1.hour.from_now)
+      it "will not confirm again" do
         expect(EmailToken.confirm(email_token.token)).to be_blank
       end
     end