Merge pull request #13 from trqt/main

fix: race condition in password reset
runcodes-icmc · Aug 19, 2024 · 480d2bc · 480d2bc
2 parents fed5b30 + a4d7b0e
commit 480d2bc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/app/Controller/UsersController.php b/src/app/Controller/UsersController.php
@@ -385,7 +385,7 @@ public function recoveryPassword()
         if ($user['User']['source'] == 1) {
           $this->Session->setFlash(__('This account is registered with LinkedIn'));
         } elseif ($user['User']['confirmed']) {
-          $hash = sha1(time() . Configure::read('Security.Salt'));
+          $hash = sha1(time() . Configure::read('Security.Salt') . $email);
           $newPass = substr($hash, 0, 10);
           $user['User']['password'] = $newPass;
           $this->User->id = $email;