Feature/password reset link expiration (#2305)
* #1928 Add a sentence indicating the reset time limit on form and email
* #1928 Customizable password reset lifetime
* #1928 Add a route to verify reset link and call it on reset form init
* Revert "#1928 Customizable password reset lifetime"
This reverts commit 0ed97453f8
.
* #1928 Reset password lifetime hardcoded to one hour
* Remove useless modifications for #1928
This commit is contained in:
parent
ae05c99125
commit
f88ee4a952
|
@ -78,7 +78,7 @@ export class LoginComponent extends FormReactive implements OnInit {
|
|||
.subscribe(
|
||||
() => {
|
||||
const message = this.i18n(
|
||||
'An email with the reset password instructions will be sent to {{email}}.',
|
||||
'An email with the reset password instructions will be sent to {{email}}. The link will expire within 1 hour.',
|
||||
{ email: this.forgotPasswordEmail }
|
||||
)
|
||||
this.notifier.success(message)
|
||||
|
|
|
@ -486,7 +486,7 @@ let PRIVATE_RSA_KEY_SIZE = 2048
|
|||
// Password encryption
|
||||
const BCRYPT_SALT_SIZE = 10
|
||||
|
||||
const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes
|
||||
const USER_PASSWORD_RESET_LIFETIME = 60000 * 60 // 60 minutes
|
||||
|
||||
const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes
|
||||
|
||||
|
|
|
@ -369,7 +369,7 @@ class Emailer {
|
|||
addPasswordResetEmailJob (to: string, resetPasswordUrl: string) {
|
||||
const text = `Hi dear user,\n\n` +
|
||||
`A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` +
|
||||
`Please follow this link to reset it: ${resetPasswordUrl}\n\n` +
|
||||
`Please follow this link to reset it: ${resetPasswordUrl} (the link will expire within 1 hour)\n\n` +
|
||||
`If you are not the person who initiated this request, please ignore this email.\n\n` +
|
||||
`Cheers,\n` +
|
||||
`${CONFIG.EMAIL.BODY.SIGNATURE}`
|
||||
|
|
Loading…
Reference in New Issue