From c5e54a318a92c39862192507cf6c8d8cbd9da424 Mon Sep 17 00:00:00 2001
From: Nutomic <me@nutomic.com>
Date: Fri, 1 Mar 2024 17:32:59 +0100
Subject: [PATCH] Store password reset token after email successfully sent
 (fixes #3757) (#4489)

---
 crates/api_common/src/utils.rs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs
index 25dc10344..d51751854 100644
--- a/crates/api_common/src/utils.rs
+++ b/crates/api_common/src/utils.rs
@@ -422,17 +422,19 @@ pub async fn send_password_reset_email(
   // Generate a random token
   let token = uuid::Uuid::new_v4().to_string();
 
-  // Insert the row
-  let local_user_id = user.local_user.id;
-  PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?;
-
   let email = &user.local_user.email.clone().expect("email");
   let lang = get_interface_language(user);
   let subject = &lang.password_reset_subject(&user.person.name);
   let protocol_and_hostname = settings.get_protocol_and_hostname();
   let reset_link = format!("{}/password_change/{}", protocol_and_hostname, &token);
   let body = &lang.password_reset_body(reset_link, &user.person.name);
-  send_email(subject, email, &user.person.name, body, settings).await
+  send_email(subject, email, &user.person.name, body, settings).await?;
+
+  // Insert the row after successful send, to avoid using daily reset limit while
+  // email sending is broken.
+  let local_user_id = user.local_user.id;
+  PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?;
+  Ok(())
 }
 
 /// Send a verification email