don't allow to use the same token twice

service/src/main/java/lcsb/mapviewer/services/impl/UserService.java

@@ -236,6 +236,7 @@ public class UserService implements IUserService {
     }
     resetToken.getUser().setCryptedPassword(cryptedPassword);
     userDao.update(resetToken.getUser());
+    resetPasswordTokenDao.delete(resetToken);
   }
 
 }

web/src/test/java/lcsb/mapviewer/web/UserControllerIntegrationTest.java

@@ -541,6 +541,44 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
     createSession(BUILT_IN_TEST_ADMIN_LOGIN, newPassword);
 
   }
+  
+  @Test
+  public void resetPasswordUsingTheSameTokenTwice() throws Exception {
+    configureServerForResetPasswordRequest();
+
+    RequestBuilder request = post("/users/" + BUILT_IN_TEST_ADMIN_LOGIN + ":requestResetPassword");
+
+    mockMvc.perform(request)
+        .andExpect(status().is2xxSuccessful());
+
+    String newPassword = "pass2";
+
+    ResetPasswordToken token = resetPasswordTokenDao.getAll().iterator().next();
+    String content = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
+        new BasicNameValuePair("token", token.getToken()),
+        new BasicNameValuePair("password", newPassword))));
+
+    RequestBuilder resetRequest = post("/users:resetPassword")
+        .content(content)
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+    mockMvc.perform(resetRequest)
+        .andExpect(status().is2xxSuccessful());
+
+    content = EntityUtils.toString(new UrlEncodedFormEntity(Arrays.asList(
+        new BasicNameValuePair("token", token.getToken()),
+        new BasicNameValuePair("password", newPassword+"xx"))));
+
+    resetRequest = post("/users:resetPassword")
+        .content(content)
+        .contentType(MediaType.APPLICATION_FORM_URLENCODED);
+
+    mockMvc.perform(resetRequest)
+        .andExpect(status().is4xxClientError());
+
+    createSession(BUILT_IN_TEST_ADMIN_LOGIN, newPassword);
+
+  }
 
   @Test
   public void resetPasswordWithExpredToken() throws Exception {