Add the 15 seconds to the window, instead of removing

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2016-11-11 09:44:20 +01:00 committed by Lukas Reschke
parent 02ea134152
commit bb7787a157
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
1 changed files with 1 additions and 1 deletions

View File

@ -159,7 +159,7 @@ class SecurityMiddleware extends Middleware {
if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) { if ($this->reflector->hasAnnotation('PasswordConfirmationRequired')) {
$lastConfirm = (int) $this->session->get('last-password-confirm'); $lastConfirm = (int) $this->session->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay if ($lastConfirm < (time() - (30 * 60 + 15))) { // allow 15 seconds delay
throw new NotConfirmedException(); throw new NotConfirmedException();
} }
} }