From f88ee4a9523bf3c4a61a45832963c558aed4d0b1 Mon Sep 17 00:00:00 2001 From: Nassim Bounouas Date: Wed, 18 Dec 2019 09:59:00 +0100 Subject: Feature/password reset link expiration (#2305) * #1928 Add a sentence indicating the reset time limit on form and email * #1928 Customizable password reset lifetime * #1928 Add a route to verify reset link and call it on reset form init * Revert "#1928 Customizable password reset lifetime" This reverts commit 0ed97453f8e64e31a723cc6740b251a69a57d658. * #1928 Reset password lifetime hardcoded to one hour * Remove useless modifications for #1928 --- server/initializers/constants.ts | 2 +- server/lib/emailer.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'server') diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts index 7e2617653..79fcd0edf 100644 --- a/server/initializers/constants.ts +++ b/server/initializers/constants.ts @@ -486,7 +486,7 @@ let PRIVATE_RSA_KEY_SIZE = 2048 // Password encryption const BCRYPT_SALT_SIZE = 10 -const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes +const USER_PASSWORD_RESET_LIFETIME = 60000 * 60 // 60 minutes const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts index 523b11d0d..7484524a4 100644 --- a/server/lib/emailer.ts +++ b/server/lib/emailer.ts @@ -369,7 +369,7 @@ class Emailer { addPasswordResetEmailJob (to: string, resetPasswordUrl: string) { const text = `Hi dear user,\n\n` + `A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` + - `Please follow this link to reset it: ${resetPasswordUrl}\n\n` + + `Please follow this link to reset it: ${resetPasswordUrl} (the link will expire within 1 hour)\n\n` + `If you are not the person who initiated this request, please ignore this email.\n\n` + `Cheers,\n` + `${CONFIG.EMAIL.BODY.SIGNATURE}` -- cgit v1.2.3