From d57d72387f890643181c17fff66262ad98fa946f Mon Sep 17 00:00:00 2001
From: Cam <otts.cameron@gmail.com>
Date: Wed, 14 Feb 2024 13:06:04 -0600
Subject: [PATCH] few small fixes

---
 CHANGELOG.md                               |  4 ++++
 controller/store/password_reset_request.go | 17 +++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ee11b0c3..47a5e472 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## v0.4.24
+
+FIX: Updated password reset to handle multiple reset requests.
+
 ## v0.4.23
 
 CHANGE: Improved OpenZiti resource cleanup resilience. Previous resource cleanup would stop when an error was encountered at any stage of the cleanup process (serps, sps, config, service). New cleanup implementation logs errors but continues to clean up anything that it can (https://github.com/openziti/zrok/issues/533)
diff --git a/controller/store/password_reset_request.go b/controller/store/password_reset_request.go
index 75a1f3e4..2b14ce5f 100644
--- a/controller/store/password_reset_request.go
+++ b/controller/store/password_reset_request.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/jmoiron/sqlx"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 type PasswordResetRequest struct {
@@ -17,6 +18,10 @@ type PasswordResetRequest struct {
 }
 
 func (str *Store) CreatePasswordResetRequest(prr *PasswordResetRequest, tx *sqlx.Tx) (int, error) {
+	if err := str.DeletePasswordResetRequestsByAccountId(prr.AccountId, tx); err != nil {
+		logrus.Errorf("unable to delete old password reset requests for account '%v', but continuing: %v", prr.AccountId, err)
+	}
+
 	stmt, err := tx.Prepare("insert into password_reset_requests (account_id, token) values ($1, $2) returning id")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing password_reset_requests insert statement")
@@ -98,3 +103,15 @@ func (str *Store) DeleteMultiplePasswordResetRequests(ids []int, tx *sqlx.Tx) er
 	}
 	return nil
 }
+
+func (str *Store) DeletePasswordResetRequestsByAccountId(accountId int, tx *sqlx.Tx) error {
+	stmt, err := tx.Prepare("update password_reset_requests set updated_at = current_timestamp, deleted = true where account_id = $1")
+	if err != nil {
+		return errors.Wrap(err, "error preparing password_reset_requests delete by account_id statement")
+	}
+	_, err = stmt.Exec(accountId)
+	if err != nil {
+		return errors.Wrap(err, "error executing password_reset_requests delete by account_id statement")
+	}
+	return nil
+}