Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop

[akkoma] / lib / pleroma / web / twitter_api / controllers / password_controller.ex

diff --git a/lib/pleroma/web/twitter_api/controllers/password_controller.ex b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
index 1941e6143b7083529afb2c8f5bd47bd2a2297305..bc04a4d4910d4690d76a7af12fa49bed1c59dc01 100644 (file)
--- a/lib/pleroma/web/twitter_api/controllers/password_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/password_controller.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.TwitterAPI.PasswordController do
@@ -17,6 +17,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do
 
   def reset(conn, %{"token" => token}) do
     with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
+         false <- PasswordResetToken.expired?(token),
          %User{} = user <- User.get_cached_by_id(token.user_id) do
       render(conn, "reset.html", %{
         token: token,