diff --git a/src/routes/cloudron.js b/src/routes/cloudron.js
index 3f125b783..929c2e6aa 100644
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -28,6 +28,7 @@ let assert = require('assert'),
     BoxError = require('../boxerror.js'),
     clients = require('../clients.js'),
     cloudron = require('../cloudron.js'),
+    constants = require('../constants.js'),
     custom = require('../custom.js'),
     externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
@@ -101,8 +102,6 @@ function passwordReset(req, res, next) {
     if (typeof req.body.resetToken !== 'string') return next(new HttpError(400, 'Missing resetToken'));
     if (typeof req.body.password !== 'string') return next(new HttpError(400, 'Missing password'));
 
-    debug(`passwordReset: with token ${req.body.resetToken}`);
-
     users.getByResetToken(req.body.resetToken, function (error, userObject) {
         if (error) return next(new HttpError(401, 'Invalid resetToken'));
 
diff --git a/src/users.js b/src/users.js
index e40e95ba8..e7d77f293 100644
--- a/src/users.js
+++ b/src/users.js
@@ -383,7 +383,7 @@ function getByResetToken(resetToken, callback) {
     assert.strictEqual(typeof resetToken, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    error = validateToken(resetToken);
+    var error = validateToken(resetToken);
     if (error) return callback(error);
 
     userdb.getByResetToken(resetToken, function (error, result) {