diff --git a/pkg/api/password.go b/pkg/api/password.go
index 2b628f39be9..33a6140c866 100644
--- a/pkg/api/password.go
+++ b/pkg/api/password.go
@@ -70,7 +70,8 @@ func (hs *HTTPServer) ResetPassword(c *contextmodel.ReqContext) response.Respons
 		return usr, err
 	}
 
-	if err := hs.NotificationService.ValidateResetPasswordCode(c.Req.Context(), &query, getUserByLogin); err != nil {
+	userResult, err := hs.NotificationService.ValidateResetPasswordCode(c.Req.Context(), &query, getUserByLogin)
+	if err != nil {
 		if errors.Is(err, notifications.ErrInvalidEmailCode) {
 			return response.Error(400, "Invalid or expired reset password code", nil)
 		}
@@ -87,9 +88,8 @@ func (hs *HTTPServer) ResetPassword(c *contextmodel.ReqContext) response.Respons
 	}
 
 	cmd := user.ChangeUserPasswordCommand{}
-	cmd.UserID = query.Result.ID
-	var err error
-	cmd.NewPassword, err = util.EncodePassword(form.NewPassword, query.Result.Salt)
+	cmd.UserID = userResult.ID
+	cmd.NewPassword, err = util.EncodePassword(form.NewPassword, userResult.Salt)
 	if err != nil {
 		return response.Error(500, "Failed to encode password", err)
 	}
diff --git a/pkg/services/notifications/models.go b/pkg/services/notifications/models.go
index 117f354ce82..2765bb7f34f 100644
--- a/pkg/services/notifications/models.go
+++ b/pkg/services/notifications/models.go
@@ -49,6 +49,5 @@ type SendResetPasswordEmailCommand struct {
 }
 
 type ValidateResetPasswordCodeQuery struct {
-	Code   string
-	Result *user.User
+	Code string
 }
diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go
index 11b43847035..55a9839b527 100644
--- a/pkg/services/notifications/notifications.go
+++ b/pkg/services/notifications/notifications.go
@@ -235,27 +235,26 @@ func (ns *NotificationService) SendResetPasswordEmail(ctx context.Context, cmd *
 
 type GetUserByLoginFunc = func(c context.Context, login string) (*user.User, error)
 
-func (ns *NotificationService) ValidateResetPasswordCode(ctx context.Context, query *ValidateResetPasswordCodeQuery, userByLogin GetUserByLoginFunc) error {
+func (ns *NotificationService) ValidateResetPasswordCode(ctx context.Context, query *ValidateResetPasswordCodeQuery, userByLogin GetUserByLoginFunc) (*user.User, error) {
 	login := getLoginForEmailCode(query.Code)
 	if login == "" {
-		return ErrInvalidEmailCode
+		return nil, ErrInvalidEmailCode
 	}
 
 	user, err := userByLogin(ctx, login)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	validEmailCode, err := validateUserEmailCode(ns.Cfg, user, query.Code)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if !validEmailCode {
-		return ErrInvalidEmailCode
+		return nil, ErrInvalidEmailCode
 	}
 
-	query.Result = user
-	return nil
+	return user, nil
 }
 
 func (ns *NotificationService) signUpStartedHandler(ctx context.Context, evt *events.SignUpStarted) error {
diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go
index 4254a8f93a5..47c1f56ccb8 100644
--- a/pkg/services/notifications/notifications_test.go
+++ b/pkg/services/notifications/notifications_test.go
@@ -216,7 +216,7 @@ func TestSendEmailAsync(t *testing.T) {
 		getUserByLogin := func(ctx context.Context, login string) (*user.User, error) {
 			return &testuser, nil
 		}
-		err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin)
+		_, err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin)
 		require.NoError(t, err)
 	})