Merge pull request #340 from Speelwolf/main

kbond · web-flow · commit 419a3283beb6 · 2024-11-08T06:57:33.000-05:00
Replacing Static Fake Token with Randomized 32-Character Token
diff --git a/src/ResetPasswordHelper.php b/src/ResetPasswordHelper.php
@@ -168,7 +168,9 @@ public function generateFakeResetToken(?int $resetRequestLifetime = null): Reset
 
         $generatedAt = ($expiresAt->getTimestamp() - $resetRequestLifetime);
 
-        return new ResetPasswordToken('fake-token', $expiresAt, $generatedAt);
+        $fakeToken = bin2hex(random_bytes(16));
+
+        return new ResetPasswordToken($fakeToken, $expiresAt, $generatedAt);
     }
 
     private function findResetPasswordRequest(string $token): ?ResetPasswordRequestInterface

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,9 @@ public function generateFakeResetToken(?int $resetRequestLifetime = null): Reset`
`168`	`168`
`169`	`169`	`$generatedAt = ($expiresAt->getTimestamp() - $resetRequestLifetime);`
`170`	`170`
`171`		`- return new ResetPasswordToken('fake-token', $expiresAt, $generatedAt);`
	`171`	`+ $fakeToken = bin2hex(random_bytes(16));`
	`172`	`+`
	`173`	`+ return new ResetPasswordToken($fakeToken, $expiresAt, $generatedAt);`
`172`	`174`	`}`
`173`	`175`
`174`	`176`	`private function findResetPasswordRequest(string $token): ?ResetPasswordRequestInterface`