From e1fd9fac620cab9511a3d76efac64c0318a7b194 Mon Sep 17 00:00:00 2001
From: Keith Irwin <mail@keithirwin.us>
Date: Sun, 4 Mar 2018 21:17:54 +0000
Subject: [PATCH] #121 Don't allow clock reset for reused reset tokens

---
 config/models.js | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/config/models.js b/config/models.js
index 094bc7a..57dfe74 100755
--- a/config/models.js
+++ b/config/models.js
@@ -79,14 +79,10 @@ userSchema.methods.createPassToken = function () {
 
   return new Promise( async (resolve, reject) => {
 
-    // Reuse old token, resetting clock
+    // Reuse old token
     if (user.auth.passTokenExpires >= Date.now()) {
       debug(`Reusing old password token...`)
-      user.auth.passTokenExpires = Date.now() + 3600000 // 1 hour
-      try {
-        await user.save()
-        resolve([user.auth.passToken, user.auth.passTokenExpires])
-      } catch (err) { reject(err) }
+      resolve([user.auth.passToken, user.auth.passTokenExpires])
 
     // Create new token
     } else {