From e129fecca730b66679e8868925206c06a605707d Mon Sep 17 00:00:00 2001 From: Arpit Mohan Date: Thu, 19 Dec 2019 13:07:01 +0530 Subject: [PATCH] Handling duplicate email in forgotPassword flow. Now if the user requests for the reset password token multiple times, we will override the previous token and save the new token against that user. --- .../server/services/UserServiceImpl.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java index df3b0879b0..249e1daa88 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java @@ -170,15 +170,22 @@ public class UserServiceImpl extends BaseService i */ @Override public Mono forgotPasswordTokenGenerate(String email) { - PasswordResetToken passwordResetToken = new PasswordResetToken(); - passwordResetToken.setEmail(email); // Create a random token to be sent out. String token = UUID.randomUUID().toString(); log.debug("Password reset Token: {} for email: {}", token, email); - passwordResetToken.setTokenHash(passwordEncoder.encode(token)); - return passwordResetTokenRepository - .save(passwordResetToken) + Mono passwordResetTokenMono = passwordResetTokenRepository.findByEmail(email) + .switchIfEmpty(Mono.defer(() -> { + PasswordResetToken passwordResetToken = new PasswordResetToken(); + passwordResetToken.setEmail(email); + return Mono.just(passwordResetToken); + })) + .map(resetToken -> { + resetToken.setTokenHash(passwordEncoder.encode(token)); + return resetToken; + }); + return passwordResetTokenMono + .map(resetToken -> passwordResetTokenRepository.save(resetToken)) .map(obj -> { emailSender.sendMail(email, "Appsmith Password Reset", "Token: " + token); return Mono.empty();