Improve validation for password resets

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -52,6 +52,10 @@ class ForgotPasswordController extends Controller
      */
     public function sendResetLinkEmail(Request $request)
     {
+        $request->validate([
+            'email' => ['required', 'email:dns'],
+        ]);
+
         MultiDB::userFindAndSetDb($request->input('email'));
         $user = MultiDB::hasUser(['email' => $request->input('email')]);
 

lang/en/texts.php

@@ -5949,6 +5949,7 @@ $lang = array(
     'invalid_routing_id_format' => 'Invalid routing ID format',
     'sign_the_document' => 'Sign the document',
     'client_not_found_on_peppol_network' => 'Client could not be identified on the PEPPOL network.',
+    'too_many_requests' => 'Too many requests',
 );
 
 return $lang;

routes/api.php

@@ -143,7 +143,7 @@ Route::group(['middleware' => ['throttle:api', 'api_secret_check']], function ()
 
 Route::group(['middleware' => ['throttle:login', 'api_secret_check', 'email_db']], function () {
     Route::post('api/v1/login', [LoginController::class, 'apiLogin'])->name('login.submit');
-    Route::post('api/v1/reset_password', [ForgotPasswordController::class, 'sendResetLinkEmail']);
+    Route::post('api/v1/reset_password', [ForgotPasswordController::class, 'sendResetLinkEmail'])->middleware('throttle:2,1');
     Route::post('api/v1/passkeys/login/options', [PasskeyController::class, 'loginOptions'])->name('passkeys.login.options');
 });