How to protect Laravel reset password from multiple fast clicks

1. Problem

During implementing user registration and user activation process in Laravel, I encountered a problem!

If the user clicks fast multiple times on the reset password button or the resend activation code button, he gets lots of emails at the same time.

This can happen due to two scenarios:

1. User is so stupid and wants to do something silly with our app or misuse!
2. There is a real user but the server is slow at that time and after the first click the user thinks “he may not have submitted the form” and click the button again and again!

Even I checked it in spark and tried to reset my password with multiple fast clicks. It seems having the same problem!

2. Solution

One solution is to disable the button at the front-end via javascript, just after the first click. Maybe it seems to be enough but I want to find a server-side solution!

When a reset password link is requested, a record in the password_resets table will be generated. If the user uses the reset link (sent to his email), the record will be deleted. If the user does not use the link but continues to request the password reset, the record will be deleted and created again.

So I targeted the ForgotPasswordController and inserted in it the sendResetLinkEmail() getting from the SendsPasswordResetEmails trait.

I modified sendResetLinkEmail(Request $request) as follows to consider the time period between each two consecutive requests.

In sendResetLinkEmail(Request $request) just after :

$this->validateEmail($request);

I put these logics:

and did not change anything else. Meanwhile, I set 60 seconds as the interval time for two accepted requests. You can change it as you prefer.

To improve the solution, it is better to bring more generic, middleware based solution to prevent a single form from being submitted multiple times.

I intend to share my experience relating to Laravel framework. Any suggestions for a better solution is most welcome.

Thank you for reading! If you enjoyed this article clap it !

Also I’d like to hear your opinion on this article. If you have any doubt, question or suggestion please leave a comment below.

Have a very wonderful day!

Posting about Python and Laravel

Love podcasts or audiobooks? Learn on the go with our new app.

How To Run A Python Program At Startup On Your Raspberry Pi

Managing different server environment/configuration in preferences of iOS application

Managing different server environment/configuration in preferences of iOS application

What is Informatica Architecture?

Shaping Chick-fil-A One Traffic in a Multi-Region Active-Active Architecture

Dynamically populate a Snipcart button from a drop down selection using WordPress and Advanced…

Python For Technical Interview Preparation Guide

Git — the right way

1 Year as a Senior Developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Panjeh

Panjeh

Posting about Python and Laravel

More from Medium

Top 3 Open Source CRM based on PHP [ FREE ]

Laravel resizes all images in a folder

Could Not Open Input File: Artisan In Laravel

How to Publish PHP Website (Install CodeCanyon Scripts)