diff --git a/core/Controller/Account/AccountAdminController.php b/core/Controller/Account/AccountAdminController.php
index dea9d30..c64d5a6 100644
--- a/core/Controller/Account/AccountAdminController.php
+++ b/core/Controller/Account/AccountAdminController.php
@@ -123,10 +123,7 @@ class AccountAdminController extends AdminController
 
             if (4 === $strength['score'] && $password1 === $password2) {
                 $account
-                    ->setPassword($encoder->encodePassword(
-                        $account,
-                        $password1
-                    ))
+                    ->setPassword($encoder->encodePassword($account, $password1))
                     ->setConfirmationToken($tokenGenerator->generateToken())
                 ;
 
diff --git a/core/Controller/Auth/AuthController.php b/core/Controller/Auth/AuthController.php
index 94f1b86..39250ed 100644
--- a/core/Controller/Auth/AuthController.php
+++ b/core/Controller/Auth/AuthController.php
@@ -4,7 +4,7 @@ namespace App\Core\Controller\Auth;
 
 use App\Core\Event\Account\PasswordRequestEvent;
 use App\Core\Manager\EntityManager;
-use App\Core\Repository\UserRepository;
+use App\Repository\UserRepository;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -38,51 +38,38 @@ class AuthController extends AbstractController
     /**
      * @Route("/resetting/request", name="auth_resetting_request")
      */
-    public function requestResetting(
-        Request $request,
-        UserRepository $repository,
-        TokenGeneratorInterface $tokenGenerator,
-        EntityManager $entityManager,
-        EventDispatcherInterface $eventDispatcher
-    ): Response {
+    public function requestResetting(Request $request, UserRepository $repository, EventDispatcherInterface $eventDispatcher): Response
+    {
         if ($this->getUser()) {
             return $this->redirectToRoute('admin_dashboard_index');
         }
 
-        $emailSent = false;
-
         if ($request->isMethod('POST')) {
             $csrfToken = $request->request->get('_csrf_token');
 
-            if ($this->isCsrfTokenValid('resetting_request', $csrfToken)) {
-                $username = trim((string) $request->request->get('username'));
+            if (!$this->isCsrfTokenValid('resetting_request', $csrfToken)) {
+                throw $this->createAccessDeniedException();
+            }
 
-                if ($username) {
-                    $account = $repository->findOneByEmail($username);
+            $username = trim((string) $request->request->get('username'));
 
-                    if ($account) {
-                        $passwordRequestedAt = $account->getPasswordRequestedAt();
+            if (!$username) {
+                throw $this->createAccessDeniedException();
+            }
 
-                        if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() > (time() - 3600 / 2)) {
-                            $emailSent = true;
-                        }
+            $account = $repository->findOneByEmail($username);
 
-                        if (!$emailSent) {
-                            $account->setConfirmationToken($tokenGenerator->generateToken());
-                            $account->setPasswordRequestedAt(new \DateTime('now'));
+            if ($account) {
+                $requestedAt = $account->getPasswordRequestedAt();
 
-                            $entityManager->update($account);
-                            $eventDispatcher->dispatch(new PasswordRequestEvent($account), PasswordRequestEvent::EVENT);
-
-                            $emailSent = true;
-                        }
-                    }
+                if (null === $requestedAt || $requestedAt->getTimestamp() < (time() - 3600 / 2)) {
+                    $eventDispatcher->dispatch(new PasswordRequestEvent($account), PasswordRequestEvent::EVENT);
                 }
             }
         }
 
         return $this->render('@Core/auth/resetting_request.html.twig', [
-            'email_sent' => $emailSent,
+            'email_sent' => $request->isMethod('POST'),
         ]);
     }
 
@@ -103,16 +90,11 @@ class AuthController extends AbstractController
 
         $account = $repository->findOneByConfirmationToken($token);
         $passwordUpdated = false;
-        $expired = false;
+        $expired = true;
 
         if ($account) {
-            $passwordRequestedAt = $account->getPasswordRequestedAt();
-
-            if (null !== $passwordRequestedAt && $passwordRequestedAt->getTimestamp() < (time() - 3600 * 2)) {
-                $expired = true;
-            }
-        } else {
-            $expired = true;
+            $requestedAt = $account->getPasswordRequestedAt();
+            $expired = (null === $requestedAt || ($requestedAt->getTimestamp() < (time() - 3600 * 2)));
         }
 
         if ($request->isMethod('POST') && !$expired) {
diff --git a/core/Controller/User/UserAdminController.php b/core/Controller/User/UserAdminController.php
index 9f4f545..cf6b35e 100644
--- a/core/Controller/User/UserAdminController.php
+++ b/core/Controller/User/UserAdminController.php
@@ -3,18 +3,17 @@
 namespace App\Core\Controller\User;
 
 use App\Core\Controller\Admin\AdminController;
-use App\Entity\User as Entity;
 use App\Core\Event\Account\PasswordRequestEvent;
 use App\Core\Factory\UserFactory as EntityFactory;
 use App\Core\Form\UserType as EntityType;
 use App\Core\Manager\EntityManager;
+use App\Entity\User as Entity;
 use App\Repository\UserRepositoryQuery as RepositoryQuery;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
 
 /**
  * @Route("/admin/user")
@@ -105,18 +104,9 @@ class UserAdminController extends AdminController
     /**
      * @Route("/resetting_request/{entity}", name="admin_user_resetting_request", methods={"POST"})
      */
-    public function requestResetting(
-        Entity $entity,
-        EntityManager $entityManager,
-        TokenGeneratorInterface $tokenGenerator,
-        EventDispatcherInterface $eventDispatcher,
-        Request $request
-    ): Response {
+    public function requestResetting(Entity $entity, EventDispatcherInterface $eventDispatcher, Request $request): Response
+    {
         if ($this->isCsrfTokenValid('resetting_request'.$entity->getId(), $request->request->get('_token'))) {
-            $entity->setConfirmationToken($tokenGenerator->generateToken());
-            $entity->setPasswordRequestedAt(new \DateTime('now'));
-
-            $entityManager->update($entity);
             $eventDispatcher->dispatch(new PasswordRequestEvent($entity), PasswordRequestEvent::EVENT);
 
             $this->addFlash('success', 'Demande envoyée.');
diff --git a/core/EventSuscriber/Account/PasswordRequestEventSubscriber.php b/core/EventSuscriber/Account/PasswordRequestEventSubscriber.php
index fdd187e..7412104 100644
--- a/core/EventSuscriber/Account/PasswordRequestEventSubscriber.php
+++ b/core/EventSuscriber/Account/PasswordRequestEventSubscriber.php
@@ -3,9 +3,11 @@
 namespace App\Core\EventSuscriber\Account;
 
 use App\Core\Event\Account\PasswordRequestEvent;
+use App\Core\Manager\EntityManager;
 use App\Core\Notification\MailNotifier;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
 
 /**
  * class EventListener.
@@ -16,11 +18,19 @@ class PasswordRequestEventSubscriber implements EventSubscriberInterface
 {
     protected MailNotifier $notifier;
     protected UrlGeneratorInterface $urlGenerator;
+    protected EntityManager $entityManager;
+    protected TokenGeneratorInterface $tokenGenerator;
 
-    public function __construct(MailNotifier $notifier, UrlGeneratorInterface $urlGenerator)
-    {
+    public function __construct(
+        MailNotifier $notifier,
+        UrlGeneratorInterface $urlGenerator,
+        EntityManager $entityManager,
+        TokenGeneratorInterface $tokenGenerator
+    ) {
         $this->notifier = $notifier;
         $this->urlGenerator = $urlGenerator;
+        $this->entityManager = $entityManager;
+        $this->tokenGenerator = $tokenGenerator;
     }
 
     public static function getSubscribedEvents()
@@ -32,15 +42,21 @@ class PasswordRequestEventSubscriber implements EventSubscriberInterface
 
     public function onRequest(PasswordRequestEvent $event)
     {
+        $user = $event->getUser();
+        $user->setConfirmationToken($this->tokenGenerator->generateToken());
+        $user->setPasswordRequestedAt(new \DateTime('now'));
+
+        $this->entityManager->update($user);
+
         $this->notifier
             ->setFrom('system@tinternet.net')
             ->setSubject('[Tinternet & cie] Mot de passe perdu')
-            ->addRecipient($event->getUser()->getEmail())
-            ->notify('resetting_request', [
+            ->addRecipient($user->getEmail())
+            ->notify('@Core/mail/account/resetting_request.html.twig', [
                 'reseting_update_link' => $this->urlGenerator->generate(
                     'auth_resetting_update',
                     [
-                        'token' => $event->getUser()->getConfirmationToken(),
+                        'token' => $user->getConfirmationToken(),
                     ],
                     UrlGeneratorInterface::ABSOLUTE_URL
                 ),
diff --git a/core/Resources/views/mail/resetting_request.html.twig b/core/Resources/views/mail/account/resetting_request.html.twig
similarity index 100%
rename from core/Resources/views/mail/resetting_request.html.twig
rename to core/Resources/views/mail/account/resetting_request.html.twig