Password reset link can be used multiple times
LinnaViljami opened this issue · comments
Prerequisites
- Is it a bug?
- Is it a new feature?
- Is it a a question?
- Can you reproduce the problem?
- Are you running the latest version?
- Did you check for similar issues?
- Did you perform a cursory search?
Description
Password reset link (reset token) should be revoked after resetting the password with it. Resetting password multiple times using same link should not be possible
Steps to Reproduce
- Register new user
- Request password reset link
- Reset password first time
- Reset password again with the link
Expected behavior
When trying to use same link multiple times password should not reset again
Actual behavior
Password reset multiple times using same token