From dec62de7e9bfa086ef898623e06dc8afa7422e31 Mon Sep 17 00:00:00 2001
From: Stephan Vock <stephan.vock@gmail.com>
Date: Fri, 5 Jan 2024 13:04:53 +0000
Subject: [PATCH] PasswordChange should reset any pending password reset
 requests

---
 src/Controller/ChangePasswordController.php | 1 +
 src/Controller/ResetPasswordController.php  | 3 +--
 src/Entity/User.php                         | 6 ++++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Controller/ChangePasswordController.php b/src/Controller/ChangePasswordController.php
index 845c7955e..d7b980f1a 100644
--- a/src/Controller/ChangePasswordController.php
+++ b/src/Controller/ChangePasswordController.php
@@ -31,6 +31,7 @@ public function changePasswordAction(Request $request, UserPasswordHasherInterfa
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
+            $user->resetPasswordRequest();
             $user->setPassword(
                 $passwordHasher->hashPassword(
                     $user,
diff --git a/src/Controller/ResetPasswordController.php b/src/Controller/ResetPasswordController.php
index 095adc843..682bb54fd 100644
--- a/src/Controller/ResetPasswordController.php
+++ b/src/Controller/ResetPasswordController.php
@@ -102,8 +102,7 @@ public function reset(Request $request, UserPasswordHasherInterface $passwordHas
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
-            $user->setPasswordRequestedAt(null);
-            $user->clearConfirmationToken();
+            $user->resetPasswordRequest();
             if (!$user->hasRole('ROLE_SPAMMER')) {
                 $user->setEnabled(true);
             }
diff --git a/src/Entity/User.php b/src/Entity/User.php
index 4a6fae224..91ff9d645 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -454,6 +454,12 @@ public function setPasswordRequestedAt(DateTimeInterface|null $date = null): voi
         $this->passwordRequestedAt = $date;
     }
 
+    public function resetPasswordRequest(): void
+    {
+        $this->setPasswordRequestedAt(null);
+        $this->clearConfirmationToken();
+    }
+
     /**
      * Gets the timestamp that the user requested a password reset.
      */