Change password expiration time from 12h to 7d
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke
parent
329c2108b5
commit
7613801a58
|
|
@ -187,7 +187,7 @@ class LostController extends Controller {
|
||||||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
|
if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*24*7) ||
|
||||||
$user->getLastLogin() > $splittedToken[0]) {
|
$user->getLastLogin() > $splittedToken[0]) {
|
||||||
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
|
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -584,7 +584,7 @@ class LostControllerTest extends \Test\TestCase {
|
||||||
->with('ValidTokenUser')
|
->with('ValidTokenUser')
|
||||||
->willReturn($this->existingUser);
|
->willReturn($this->existingUser);
|
||||||
$this->timeFactory->method('getTime')
|
$this->timeFactory->method('getTime')
|
||||||
->willReturn(55546);
|
->willReturn(617146);
|
||||||
|
|
||||||
$this->crypto->method('decrypt')
|
$this->crypto->method('decrypt')
|
||||||
->with(
|
->with(
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue