Browse Source

Add 12 hour expiry to email verification tokens

pull/343/head
rubenwardy 1 year ago
parent
commit
0486eb76c0
  1. 10
      app/blueprints/users/account.py
  2. 2
      app/flatpages/email_sent.md

10
app/blueprints/users/account.py

@ -311,11 +311,19 @@ def set_password(): @@ -311,11 +311,19 @@ def set_password():
@bp.route("/user/verify/")
def verify_email():
token = request.args.get("token")
ver : UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
ver: UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
if ver is None:
flash("Unknown verification token!", "danger")
return redirect(url_for("homepage.home"))
delta = (datetime.datetime.now() - ver.created_at)
delta: datetime.timedelta
if delta.total_seconds() > 12*60*60:
flash("Token has expired", "danger")
db.session.delete(ver)
db.session.commit()
return redirect(url_for("homepage.home"))
user = ver.user
addAuditLog(AuditSeverity.USER, user, "Confirmed their email",

2
app/flatpages/email_sent.md

@ -4,4 +4,6 @@ toc: False @@ -4,4 +4,6 @@ toc: False
We've sent an email to the address you specified.
You'll need to click the link in the email to confirm it
**The link will expire in 12 hours**
<a class="btn btn-secondary" href="/help/faq/#my-verification-email-never-arrived">My email never arrived</a>
Loading…
Cancel
Save