revoke one time token

src/server/models/password-reset-order.js

@@ -42,8 +42,10 @@ class PasswordResetOrder {
     return this.expiredAt.getTime() < Date.now();
   }
 
-  isRevokedOneTimeToken() {
+  revokeOneTimeToken() {
     this.isRevoked = true;
+    this.save();
+    return;
   }
 
 }

src/server/routes/apiv3/forgot-password.js

@@ -71,6 +71,7 @@ module.exports = (crowi) => {
 
     try {
       const userData = await user.updatePassword(newPassword);
+      passwordResetOrder.revokeOneTimeToken();
       return res.apiv3({ userData });
     }
     catch (err) {