PR #34 introduced a few endpoints, created regarding requesting for email verification code and verifying an email address.
However, one of the rules of the email service (responsible for sending out emails) was to avoid resending an email until two minutes after the cool-down period. This was to ensure its intent was not misused.
PR #34 introduced a few endpoints, created regarding requesting for email verification code and verifying an email address.
However, one of the rules of the email service (responsible for sending out emails) was to avoid resending an email until two minutes after the cool-down period. This was to ensure its intent was not misused.
https://github.com/coderoyalty/pseudonym-app/blob/7b0a233ddc6efd0aeffb472dda5b4805a595ab8c/backend/services/email.service.ts#L99-L109
The above LOC makes that intention futile. It bypassed the checks if the verification model lifetime exceeded 2mins.
Solution: