make reset tokens only valid for a day

fixes #563 mysql timestamps cannot be null. it will become current timestamp when set as null
2020-03-30 16:47:18 -07:00
parent 5d6a02f73c
commit 936f456cec
7 changed files with 35 additions and 11 deletions
@@ -495,10 +495,11 @@ function resetPasswordByIdentifier(identifier, callback) {
    getter(identifier.toLowerCase(), function (error, result) {
        if (error) return callback(error);

-        let resetToken = hat(256);
+        let resetToken = hat(256), resetTokenCreationTime = new Date();
        result.resetToken = resetToken;
+        result.resetTokenCreationTime = resetTokenCreationTime;

-        userdb.update(result.id, { resetToken }, function (error) {
+        userdb.update(result.id, { resetToken, resetTokenCreationTime }, function (error) {
            if (error) return callback(error);

            mailer.passwordReset(result);