From c5e54a318a92c39862192507cf6c8d8cbd9da424 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Fri, 1 Mar 2024 17:32:59 +0100 Subject: [PATCH] Store password reset token after email successfully sent (fixes #3757) (#4489) --- crates/api_common/src/utils.rs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index 25dc10344..d51751854 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -422,17 +422,19 @@ pub async fn send_password_reset_email( // Generate a random token let token = uuid::Uuid::new_v4().to_string(); - // Insert the row - let local_user_id = user.local_user.id; - PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?; - let email = &user.local_user.email.clone().expect("email"); let lang = get_interface_language(user); let subject = &lang.password_reset_subject(&user.person.name); let protocol_and_hostname = settings.get_protocol_and_hostname(); let reset_link = format!("{}/password_change/{}", protocol_and_hostname, &token); let body = &lang.password_reset_body(reset_link, &user.person.name); - send_email(subject, email, &user.person.name, body, settings).await + send_email(subject, email, &user.person.name, body, settings).await?; + + // Insert the row after successful send, to avoid using daily reset limit while + // email sending is broken. + let local_user_id = user.local_user.id; + PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?; + Ok(()) } /// Send a verification email