add ability to generate a fake reset token

jrushlow · jrushlow · commit 0c981f1a8bd9 · 2021-02-18T15:32:12.000-05:00
diff --git a/src/Controller/ResetPasswordControllerTrait.php b/src/Controller/ResetPasswordControllerTrait.php
@@ -90,4 +90,13 @@ private function getSessionService(): SessionInterface
 
         return $request->getSession();
     }
+
+    /**
+     * Generate a fake token to be used in the session if needed to prevent
+     * revealing if a user exists.
+     */
+    private function getFakeToken(int $tokenLifetime): ResetPasswordToken
+    {
+        return new ResetPasswordToken('fake-token', new \DateTimeImmutable(\sprintf('+%d seconds', $tokenLifetime)), time());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -90,4 +90,13 @@ private function getSessionService(): SessionInterface`
`90`	`90`
`91`	`91`	`return $request->getSession();`
`92`	`92`	`}`
	`93`	`+`
	`94`	`+ /**`
	`95`	`+ * Generate a fake token to be used in the session if needed to prevent`
	`96`	`+ * revealing if a user exists.`
	`97`	`+ */`
	`98`	`+ private function getFakeToken(int $tokenLifetime): ResetPasswordToken`
	`99`	`+ {`
	`100`	`+ return new ResetPasswordToken('fake-token', new \DateTimeImmutable(\sprintf('+%d seconds', $tokenLifetime)), time());`
	`101`	`+ }`
`93`	`102`	`}`