// Check expiry time
Date expiry = passwordRecoveryToken.getExpiry();
if( null != expiry ){
Date now = new Date();
if( now.getTime() > expiry.getTime() ){
throw new TokenExpiredException("Token is expired");
}
}
// Check if user already exists
String emailAddress = passwordRecoveryToken.getEmailAddress();