X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;ds=inline;f=lib%2Fpleroma%2Fpassword_reset_token.ex;h=edc8ed6a09a3c7c58d41191c58d23cec73a6d744;hb=92ab72dbbb4f56a0e0c3d0882ce29d54739437c1;hp=4a833f6a5ba4909a58a264f20cfffb731bc4cb03;hpb=657277ffc0d3d25be4376ed629057a2d2cefb2e1;p=akkoma
diff --git a/lib/pleroma/password_reset_token.ex b/lib/pleroma/password_reset_token.ex
index 4a833f6a5..edc8ed6a0 100644
--- a/lib/pleroma/password_reset_token.ex
+++ b/lib/pleroma/password_reset_token.ex
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.PasswordResetToken do
@@ -12,7 +12,7 @@ defmodule Pleroma.PasswordResetToken do
alias Pleroma.User
schema "password_reset_tokens" do
- belongs_to(:user, User, type: Pleroma.FlakeId)
+ belongs_to(:user, User, type: FlakeId.Ecto.CompatType)
field(:token, :string)
field(:used, :boolean, default: false)
@@ -40,6 +40,7 @@ defmodule Pleroma.PasswordResetToken do
@spec reset_password(binary(), map()) :: {:ok, User.t()} | {:error, binary()}
def reset_password(token, data) do
with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}),
+ false <- expired?(token),
%User{} = user <- User.get_cached_by_id(token.user_id),
{:ok, _user} <- User.reset_password(user, data),
{:ok, token} <- Repo.update(used_changeset(token)) do
@@ -48,4 +49,14 @@ defmodule Pleroma.PasswordResetToken do
_e -> {:error, token}
end
end
+
+ def expired?(%__MODULE__{inserted_at: inserted_at}) do
+ validity = Pleroma.Config.get([:instance, :password_reset_token_validity], 0)
+
+ now = NaiveDateTime.utc_now()
+
+ difference = NaiveDateTime.diff(now, inserted_at)
+
+ difference > validity
+ end
end