Browse Source
Change password expiration time from 12h to 7d
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Morris Jobke
7 years ago
GPG Key ID:
2 changed files with
2 additions and
2 deletions
core/Controller/LostController.php
tests/Core/Controller/LostControllerTest.php
@ -187,7 +187,7 @@ class LostController extends Controller {
throw new \Exception ( $this -> l10n -> t ( 'Couldn\'t reset password because the token is invalid' ));
}
if ( $splittedToken [ 0 ] < ( $this -> timeFactory -> getTime () - 60 * 60 * 1 2) ||
if ( $splittedToken [ 0 ] < ( $this -> timeFactory -> getTime () - 60 * 60 * 24 * 7 ) ||
$user -> getLastLogin () > $splittedToken [ 0 ]) {
throw new \Exception ( $this -> l10n -> t ( 'Couldn\'t reset password because the token is expired' ));
}
@ -584,7 +584,7 @@ class LostControllerTest extends \Test\TestCase {
-> with ( 'ValidTokenUser' )
-> willReturn ( $this -> existingUser );
$this -> timeFactory -> method ( 'getTime' )
-> willReturn ( 555 46);
-> willReturn ( 6171 46);
$this -> crypto -> method ( 'decrypt' )
-> with (
Morris Jobke
7 years ago