fix password-reset-code vulnerability

src/components/UserMessages.jsx

@@ -24,8 +24,10 @@ const UserMessages = () => {
       {messages.includes('not_verified')
         && (
           <p className="usermessages">
-            {t`Please verify your mail address&nbsp;
-            or your account could get deleted after a few days.`}
+            {
+              // eslint-disable-next-line max-len
+              t`Please verify your mail address or your account could get deleted after a few days.`
+            }
             {(verifyAnswer)
               ? (
                 <span

src/core/mail.js

@@ -4,6 +4,7 @@
 
 /* eslint-disable max-len */
 
+import { randomUUID } from 'crypto';
 import nodemailer from 'nodemailer';
 
 import logger from './logger';
@@ -200,6 +201,10 @@ class MailProvider {
     return `${part1}-${part2}`;
   }
 
+  static createCode() {
+    return randomUUID();
+  }
+
   static cleanUsers() {
     // delete users that requier verification for more than 4 days
     /*