ForgotPasswordSecurityToken fpst = null;
if (! response.getHasErrors()) {
token = token.toLowerCase();
fpst = forgotPasswordSecurityTokenDao.readToken(passwordEncoder.encodePassword(token, null));
if (fpst == null) {
response.addErrorCode("invalidToken");
} else if (fpst.isTokenUsedFlag()) {
response.addErrorCode("tokenUsed");
} else if (isTokenExpired(fpst)) {
response.addErrorCode("tokenExpired");
}