mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 10:20:58 -06:00
FIX: tighten up email token durations
This commit is contained in:
parent
2a998fd787
commit
60d93a62f6
@ -19,11 +19,11 @@ class EmailToken < ActiveRecord::Base
|
||||
end
|
||||
|
||||
def self.valid_after
|
||||
1.week.ago
|
||||
SiteSetting.email_token_valid_hours.hours.ago
|
||||
end
|
||||
|
||||
def self.confirm_valid_after
|
||||
1.day.ago
|
||||
SiteSetting.email_token_grace_period_hours.ago
|
||||
end
|
||||
|
||||
def self.unconfirmed
|
||||
|
@ -702,6 +702,9 @@ en:
|
||||
topics_per_period_in_top_page: "How many topics loaded on the top topics page"
|
||||
redirect_users_to_top_page: "Automatically redirect new & long-time-no-see users to top page"
|
||||
|
||||
email_token_valid_hours: "How long are 'forgot password' / 'activate account' tokens valid for"
|
||||
email_token_grace_period_hours: "How long are 'forgot password' / 'activate account' tokens valid for, after being redeemed"
|
||||
|
||||
enable_badges: "Enable the badge system (experimental)"
|
||||
|
||||
allow_index_in_robots_txt: "Site should be indexed by search engines (update robots.txt)"
|
||||
|
@ -263,6 +263,9 @@ users:
|
||||
default: 15
|
||||
redirect_users_to_top_page: true
|
||||
|
||||
email_token_valid_hours: 24
|
||||
email_token_grace_period_hours: 0
|
||||
|
||||
posting:
|
||||
min_post_length:
|
||||
client: true
|
||||
|
@ -63,8 +63,8 @@ describe EmailToken do
|
||||
end
|
||||
|
||||
it 'returns nil when a token is older than a specific time' do
|
||||
EmailToken.expects(:valid_after).returns(1.week.ago)
|
||||
email_token.update_column(:created_at, 2.weeks.ago)
|
||||
SiteSetting.email_token_valid_hours = 10
|
||||
email_token.update_column(:created_at, 11.hours.ago)
|
||||
EmailToken.confirm(email_token.token).should be_blank
|
||||
end
|
||||
|
||||
@ -88,11 +88,10 @@ describe EmailToken do
|
||||
end
|
||||
|
||||
context "when using the code a second time" do
|
||||
before do
|
||||
EmailToken.confirm(email_token.token)
|
||||
end
|
||||
|
||||
it "doesn't send the welcome message" do
|
||||
SiteSetting.email_token_grace_period_hours = 1
|
||||
EmailToken.confirm(email_token.token)
|
||||
user = EmailToken.confirm(email_token.token)
|
||||
user.send_welcome_message.should be_false
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user