aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorNassim Bounouas <NassimBounouas@users.noreply.github.com>2019-12-18 09:59:00 +0100
committerChocobozzz <me@florianbigard.com>2019-12-18 09:59:00 +0100
commitf88ee4a9523bf3c4a61a45832963c558aed4d0b1 (patch)
tree02688f6dbb578376f870687a3119538b07b5996f
parentae05c9912555ef29e1fe14ba34ac9d8381547939 (diff)
downloadPeerTube-f88ee4a9523bf3c4a61a45832963c558aed4d0b1.tar.gz
PeerTube-f88ee4a9523bf3c4a61a45832963c558aed4d0b1.tar.zst
PeerTube-f88ee4a9523bf3c4a61a45832963c558aed4d0b1.zip
Feature/password reset link expiration (#2305)
* #1928 Add a sentence indicating the reset time limit on form and email * #1928 Customizable password reset lifetime * #1928 Add a route to verify reset link and call it on reset form init * Revert "#1928 Customizable password reset lifetime" This reverts commit 0ed97453f8e64e31a723cc6740b251a69a57d658. * #1928 Reset password lifetime hardcoded to one hour * Remove useless modifications for #1928
-rw-r--r--client/src/app/login/login.component.ts2
-rw-r--r--server/initializers/constants.ts2
-rw-r--r--server/lib/emailer.ts2
3 files changed, 3 insertions, 3 deletions
diff --git a/client/src/app/login/login.component.ts b/client/src/app/login/login.component.ts
index 12c631107..911b9982f 100644
--- a/client/src/app/login/login.component.ts
+++ b/client/src/app/login/login.component.ts
@@ -78,7 +78,7 @@ export class LoginComponent extends FormReactive implements OnInit {
78 .subscribe( 78 .subscribe(
79 () => { 79 () => {
80 const message = this.i18n( 80 const message = this.i18n(
81 'An email with the reset password instructions will be sent to {{email}}.', 81 'An email with the reset password instructions will be sent to {{email}}. The link will expire within 1 hour.',
82 { email: this.forgotPasswordEmail } 82 { email: this.forgotPasswordEmail }
83 ) 83 )
84 this.notifier.success(message) 84 this.notifier.success(message)
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 7e2617653..79fcd0edf 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -486,7 +486,7 @@ let PRIVATE_RSA_KEY_SIZE = 2048
486// Password encryption 486// Password encryption
487const BCRYPT_SALT_SIZE = 10 487const BCRYPT_SALT_SIZE = 10
488 488
489const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes 489const USER_PASSWORD_RESET_LIFETIME = 60000 * 60 // 60 minutes
490 490
491const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes 491const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes
492 492
diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts
index 523b11d0d..7484524a4 100644
--- a/server/lib/emailer.ts
+++ b/server/lib/emailer.ts
@@ -369,7 +369,7 @@ class Emailer {
369 addPasswordResetEmailJob (to: string, resetPasswordUrl: string) { 369 addPasswordResetEmailJob (to: string, resetPasswordUrl: string) {
370 const text = `Hi dear user,\n\n` + 370 const text = `Hi dear user,\n\n` +
371 `A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` + 371 `A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` +
372 `Please follow this link to reset it: ${resetPasswordUrl}\n\n` + 372 `Please follow this link to reset it: ${resetPasswordUrl} (the link will expire within 1 hour)\n\n` +
373 `If you are not the person who initiated this request, please ignore this email.\n\n` + 373 `If you are not the person who initiated this request, please ignore this email.\n\n` +
374 `Cheers,\n` + 374 `Cheers,\n` +
375 `${CONFIG.EMAIL.BODY.SIGNATURE}` 375 `${CONFIG.EMAIL.BODY.SIGNATURE}`