revert unintended default UTC tz on expiresAt

Author: jrushlow

src/ResetPasswordHelper.php

@@ -68,11 +68,9 @@ public function generateResetToken(object $user): ResetPasswordToken
             throw new TooManyPasswordRequestsException($availableAt);
         }
 
-        $generatedAt = \time();
-        $expiresAtTimestamp = $generatedAt + $this->resetRequestLifetime;
+        $expiresAt = new \DateTimeImmutable(\sprintf('+%d seconds', $this->resetRequestLifetime));
 
-        /** @var \DateTimeImmutable $expiresAt */
-        $expiresAt = \DateTimeImmutable::createFromFormat('U', (string) $expiresAtTimestamp);
+        $generatedAt = ($expiresAt->getTimestamp() - $this->resetRequestLifetime);
 
         $tokenComponents = $this->tokenGenerator->createToken($expiresAt, $this->repository->getUserIdentifier($user));
 

tests/UnitTests/ResetPasswordHelperTest.php

@@ -323,6 +323,15 @@ public function testGarbageCollectorCalledDuringValidation(): void
         $helper->validateTokenAndFetchUser($this->randomToken);
     }
 
+    public function testExpiresAtUsesCurrentTimeZone(): void
+    {
+        $helper = $this->getPasswordResetHelper();
+        $token = $helper->generateResetToken(new \stdClass());
+
+        $expiresAt = $token->getExpiresAt();
+        self::assertSame(\date_default_timezone_get(), $expiresAt->getTimezone()->getName());
+    }
+
     private function getPasswordResetHelper(): ResetPasswordHelper
     {
         return new ResetPasswordHelper(