Merge pull request doorkeeper-gem#142 from bdurand/master

Prevent double submission of password based authentication

app/controllers/doorkeeper/tokens_controller.rb

@@ -23,14 +23,17 @@ def credentials
   end
 
   def token
-    case params[:grant_type]
-    when 'password'
-      owner = resource_owner_from_credentials
-      @token ||= Doorkeeper::OAuth::PasswordAccessTokenRequest.new(client, owner, params)
-    when 'client_credentials'
-      @token ||= Doorkeeper::OAuth::ClientCredentialsRequest.new(Doorkeeper.configuration, client, params)
-    else
-      @token ||= Doorkeeper::OAuth::AccessTokenRequest.new(client, params)
+    unless defined?(@token) && @token
+      case params[:grant_type]
+      when 'password'
+        owner = resource_owner_from_credentials
+        @token = Doorkeeper::OAuth::PasswordAccessTokenRequest.new(client, owner, params)
+      when 'client_credentials'
+        @token = Doorkeeper::OAuth::ClientCredentialsRequest.new(Doorkeeper.configuration, client, params)
+      else
+        @token = Doorkeeper::OAuth::AccessTokenRequest.new(client, params)
+      end
     end
+    @token
   end
 end