From 157a7095b0a4e12246923449e6083212438fc071 Mon Sep 17 00:00:00 2001
From: Marco <marco@delight.im>
Date: Wed, 6 May 2020 22:36:45 +0200
Subject: [PATCH] Use 'throttling' flag in 'Auth#forgotPassword' when limiting
 requests

---
 src/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Auth.php b/src/Auth.php
index e3e6397..2ac8321 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -1004,7 +1004,7 @@ final class Auth extends UserManager {
 			throw new ResetDisabledException();
 		}
 
-		$openRequests = (int) $this->getOpenPasswordResetRequests($userData['id']);
+		$openRequests = $this->throttling ? (int) $this->getOpenPasswordResetRequests($userData['id']) : 0;
 
 		if ($openRequests < $maxOpenRequests) {
 			$this->throttle([ 'requestPasswordReset', $this->getIpAddress() ], 4, (60 * 60 * 24 * 7), 2);