No need to use user_id in recovery and settings controller

controllers/RecoveryController.php

@@ -140,15 +140,15 @@ public function actionRequest()
      * @return string
      * @throws \yii\web\NotFoundHttpException
      */
-    public function actionReset($id, $code)
+    public function actionReset($code)
     {
         if (!$this->module->enablePasswordRecovery) {
             throw new NotFoundHttpException();
         }
 
         /** @var Token $token */
-        $token = $this->finder->findToken(['user_id' => $id, 'code' => $code, 'type' => Token::TYPE_RECOVERY])->one();
-        if (empty($token) || ! $token instanceof Token) {
+        $token = $this->finder->findToken(['code' => $code, 'type' => Token::TYPE_RECOVERY])->one();
+	if (empty($token) || ! $token instanceof Token) {
             throw new NotFoundHttpException();
         }
         $event = $this->getResetPasswordEvent($token);

controllers/SettingsController.php

@@ -207,9 +207,13 @@ public function actionAccount()
      * @return string
      * @throws \yii\web\HttpException
      */
-    public function actionConfirm($id, $code)
+    public function actionConfirm($code)
     {
-        $user = $this->finder->findUserById($id);
+
+	$token_user = $this->finder->findToken(['code' => $code])->one();
+	$user_id = $token_user->user_id;
+
+        $user = $this->finder->findUserById($user_id);
 
         if ($user === null || $this->module->emailChangeStrategy == Module::STRATEGY_INSECURE) {
             throw new NotFoundHttpException();

models/Token.php

@@ -66,7 +66,7 @@ public function getUrl()
                 throw new \RuntimeException();
         }
 
-        return Url::to([$route, 'id' => $this->user_id, 'code' => $this->code], true);
+        return Url::to([$route, 'code' => $this->code], true);
     }
 
     /**