Skip to content

Commit

Permalink
Merge pull request #340 from Speelwolf/main
Browse files Browse the repository at this point in the history 
Replacing Static Fake Token with Randomized 32-Character Token
  • Loading branch information
@kbond
kbond authored Nov 8, 2024
2 parents 59d02ee + d96b3be commit 419a328
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/ResetPasswordHelper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,9 @@ public function generateFakeResetToken(?int $resetRequestLifetime = null): Reset

$generatedAt = ($expiresAt->getTimestamp() - $resetRequestLifetime);

return new ResetPasswordToken('fake-token', $expiresAt, $generatedAt);
$fakeToken = bin2hex(random_bytes(16));

return new ResetPasswordToken($fakeToken, $expiresAt, $generatedAt);
}

private function findResetPasswordRequest(string $token): ?ResetPasswordRequestInterface
Expand Down

0 comments on commit 419a328

Please sign in to comment.