mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Change password expiration time from 12h to 7d 

We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-08-31 09:26:09 +02:00
parent 329c2108b5
commit 7613801a58
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/Controller/LostController.php
View File

@ -187,7 +187,7 @@ class LostController extends Controller {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
}
if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*24*7) ||
$user->getLastLogin() > $splittedToken[0]) {
throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
}

2
tests/Core/Controller/LostControllerTest.php
View File

@ -584,7 +584,7 @@ class LostControllerTest extends \Test\TestCase {
->with('ValidTokenUser')
->willReturn($this->existingUser);
$this->timeFactory->method('getTime')
->willReturn(55546);
->willReturn(617146);
$this->crypto->method('decrypt')
->with(