Add note that links expire in 24 hours

2020-07-16 15:08:36 -07:00
parent 8aad71efd0
commit ddeee0c970
4 changed files with 15 additions and 1 deletions
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -102,6 +102,7 @@ function passwordReset(req, res, next) {
    users.getByResetToken(req.body.resetToken, function (error, userObject) {
        if (error) return next(new HttpError(401, 'Invalid resetToken'));

+        // if you fix the duration here, the emails and UI have to be fixed as well
        if (Date.now() - userObject.resetTokenCreationTime > 24 * 60 * 60 * 1000) return next(new HttpError(401, 'Token expired'));
        if (!userObject.username) return next(new HttpError(409, 'No username set'));

@@ -132,6 +133,7 @@ function setupAccount(req, res, next) {
    users.getByResetToken(req.body.resetToken, function (error, userObject) {
        if (error) return next(new HttpError(401, 'Invalid Reset Token'));

+        // if you fix the duration here, the emails and UI have to be fixed as well
        if (Date.now() - userObject.resetTokenCreationTime > 24 * 60 * 60 * 1000) return next(new HttpError(401, 'Token expired'));

        users.setupAccount(userObject, req.body, auditSource.fromRequest(req), function (error, accessToken) {