Skip to content

Commit

Permalink
🐛 prevent unverified users to request mails after registration (#3207)
Browse files Browse the repository at this point in the history
  • Loading branch information
@MrKrisKrisu
MrKrisKrisu authored Feb 5, 2025
1 parent ec4090c commit e77c65e
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion app/Http/Controllers/Auth/ForgotPasswordController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,12 @@ public function __construct() {
}

public function sendResetLinkEmail(Request $request): JsonResponse|RedirectResponse {
// prevent new registered users from sending password reset email instantly (spam protection)
$user = User::where('email', $request->email)->first();
if ($user !== null && $user->created_at->diffInMinutes() < 60) {
// prevent new registered users from sending password reset email instantly
return $this->sendResetLinkFailedResponse($request, Password::RESET_THROTTLED);
} else if($user !== null && $user->email_verified_at === null && $user->created_at->diffInDays() < 7) {
// prevent unverified users from sending password reset email shortly after registration
return $this->sendResetLinkFailedResponse($request, Password::RESET_THROTTLED);
}

Expand Down

0 comments on commit e77c65e

Please sign in to comment.