diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php index d7f1eb5..92d7a46 100644 --- a/src/Controller/LoginController.php +++ b/src/Controller/LoginController.php @@ -468,6 +468,16 @@ class LoginController ]); } + $existingResetter = $this->userPasswordResetterRepository->getByUser($user); + + if ($existingResetter !== null && $existingResetter->getExpiresDate() > new DateTime()) { + return new JsonContent([ + 'error' => [ + 'errorText' => 'Password reset was recently requested for this account. Please check your email, or try again later!' + ] + ]); + } + $token = bin2hex(random_bytes(16)); $expires = new DateTime('+1 hour'); @@ -476,8 +486,16 @@ class LoginController $passwordResetter->setToken($token); $passwordResetter->setExpiresDate($expires); + \Container::$dbConnection->startTransaction(); + + if ($existingResetter !== null) { + $this->pdm->deleteFromDb($existingResetter); + } + $this->pdm->saveToDb($passwordResetter); + \Container::$dbConnection->commit(); + $this->sendPasswordResetEmail($user->getEmail(), $token, $expires); return new JsonContent(['success' => true]);