esoko/mapguesser
esoko/mapguesser
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

MAPG-142 limit password reset query if the existing is not expired

Browse Source
This commit is contained in:
Bence Pőcze 2020-07-05 13:23:53 +02:00
parent 37094e552b
commit dd6bb5ef9a
Signed by: bence
GPG Key ID: AA52B11A3269D1C1
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Controller/LoginController.php
View File

@ -468,6 +468,16 @@ class LoginController
]); ]);
} }
$existingResetter = $this->userPasswordResetterRepository->getByUser($user);
if ($existingResetter !== null && $existingResetter->getExpiresDate() > new DateTime()) {
return new JsonContent([
'error' => [
'errorText' => 'Password reset was recently requested for this account. Please check your email, or try again later!'
]
]);
}
$token = bin2hex(random_bytes(16)); $token = bin2hex(random_bytes(16));
$expires = new DateTime('+1 hour'); $expires = new DateTime('+1 hour');
@ -476,8 +486,16 @@ class LoginController
$passwordResetter->setToken($token); $passwordResetter->setToken($token);
$passwordResetter->setExpiresDate($expires); $passwordResetter->setExpiresDate($expires);
\Container::$dbConnection->startTransaction();
if ($existingResetter !== null) {
$this->pdm->deleteFromDb($existingResetter);
}
$this->pdm->saveToDb($passwordResetter); $this->pdm->saveToDb($passwordResetter);
\Container::$dbConnection->commit();
$this->sendPasswordResetEmail($user->getEmail(), $token, $expires); $this->sendPasswordResetEmail($user->getEmail(), $token, $expires);
return new JsonContent(['success' => true]); return new JsonContent(['success' => true]);