Store password reset token after email successfully sent (fixes #3757) (#4489)

This commit is contained in:
Nutomic 2024-03-01 17:32:59 +01:00 committed by GitHub
parent a7fa075e8c
commit c5e54a318a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -422,17 +422,19 @@ pub async fn send_password_reset_email(
// Generate a random token // Generate a random token
let token = uuid::Uuid::new_v4().to_string(); let token = uuid::Uuid::new_v4().to_string();
// Insert the row
let local_user_id = user.local_user.id;
PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?;
let email = &user.local_user.email.clone().expect("email"); let email = &user.local_user.email.clone().expect("email");
let lang = get_interface_language(user); let lang = get_interface_language(user);
let subject = &lang.password_reset_subject(&user.person.name); let subject = &lang.password_reset_subject(&user.person.name);
let protocol_and_hostname = settings.get_protocol_and_hostname(); let protocol_and_hostname = settings.get_protocol_and_hostname();
let reset_link = format!("{}/password_change/{}", protocol_and_hostname, &token); let reset_link = format!("{}/password_change/{}", protocol_and_hostname, &token);
let body = &lang.password_reset_body(reset_link, &user.person.name); let body = &lang.password_reset_body(reset_link, &user.person.name);
send_email(subject, email, &user.person.name, body, settings).await send_email(subject, email, &user.person.name, body, settings).await?;
// Insert the row after successful send, to avoid using daily reset limit while
// email sending is broken.
let local_user_id = user.local_user.id;
PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?;
Ok(())
} }
/// Send a verification email /// Send a verification email