How to protect Laravel reset password from multiple fast clicks

1. Problem

During implementing user registration and user activation process in Laravel, I encountered a problem!

If the user clicks fast multiple times on the reset password button or the resend activation code button, he gets lots of emails at the same time.

This can happen due to two scenarios:

1. User is so stupid and wants to do something silly with our app or misuse!
2. There is a real user but the server is slow at that time and after the first click the user thinks “he may not have submitted the form” and click the button again and again!

Even I checked it in spark and tried to reset my password with multiple fast clicks. It seems having the same problem!

2. Solution

2.1. Front-end

One solution is to disable the button at the front-end via javascript, just after the first click. Maybe it seems to be enough but I want to find a server-side solution!

2.2. Server-side

When a reset password link is requested, a record in the password_resets table will be generated. If the user uses the reset link (sent to his email), the record will be deleted. If the user does not use the link but continues to request the password reset, the record will be deleted and created again.

So I targeted the ForgotPasswordController and inserted in it the sendResetLinkEmail() getting from the SendsPasswordResetEmails trait.

I modified sendResetLinkEmail(Request $request) as follows to consider the time period between each two consecutive requests.

In sendResetLinkEmail(Request $request) just after :

$this->validateEmail($request);

I put these logics:

and did not change anything else. Meanwhile, I set 60 seconds as the interval time for two accepted requests. You can change it as you prefer.

To improve the solution, it is better to bring more generic, middleware based solution to prevent a single form from being submitted multiple times.

I intend to share my experience relating to Laravel framework. Any suggestions for a better solution is most welcome.

Thank you for reading! If you enjoyed this article clap it !

Also I’d like to hear your opinion on this article. If you have any doubt, question or suggestion please leave a comment below.

Have a very wonderful day!

Previous Stories You will Love:

Written by

Web geek, Self-taught full-stack web developer, Learning Python, Laravel, Vuejs, UX/UI design, Nuclear Physicist PhD

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store