revert fake token getter in controller trait

jrushlow · jrushlow · commit 493735520844 · 2021-03-29T13:00:38.000-04:00
diff --git a/src/Controller/ResetPasswordControllerTrait.php b/src/Controller/ResetPasswordControllerTrait.php
@@ -90,13 +90,4 @@ private function getSessionService(): SessionInterface
 
         return $request->getSession();
     }
-
-    /**
-     * Generate a fake token to be used in the session if needed to prevent
-     * revealing if a user exists.
-     */
-    private function getFakeToken(int $tokenLifetime): ResetPasswordToken
-    {
-        return new ResetPasswordToken('fake-token', new \DateTimeImmutable(\sprintf('+%d seconds', $tokenLifetime)), \time());
-    }
 }
diff --git a/src/ResetPasswordHelper.php b/src/ResetPasswordHelper.php
@@ -157,6 +157,11 @@ public function getTokenLifetime(): int
     /**
      * Generate a fake reset token.
      *
+     * Use this to generate a fake token so that you can, for example, show a
+     * "reset confirmation email sent" page that includes a valid "expiration date",
+     * even if the email was not actually found (and so, a true ResetPasswordToken
+     * was not actually created).
+     *
      * This method should not be used when timing attacks are a concern.
      */
     public function generateFakeResetToken(): ResetPasswordToken

Original file line number	Diff line number	Diff line change
`@@ -90,13 +90,4 @@ private function getSessionService(): SessionInterface`
`90`	`90`
`91`	`91`	`return $request->getSession();`
`92`	`92`	`}`
`93`		`-`
`94`		`- /**`
`95`		`- * Generate a fake token to be used in the session if needed to prevent`
`96`		`- * revealing if a user exists.`
`97`		`- */`
`98`		`- private function getFakeToken(int $tokenLifetime): ResetPasswordToken`
`99`		`- {`
`100`		`- return new ResetPasswordToken('fake-token', new \DateTimeImmutable(\sprintf('+%d seconds', $tokenLifetime)), \time());`
`101`		`- }`
`102`	`93`	`}`