diff --git a/app/blueprints/users/account.py b/app/blueprints/users/account.py index 12e0130c..e175f8f5 100644 --- a/app/blueprints/users/account.py +++ b/app/blueprints/users/account.py @@ -311,11 +311,19 @@ def set_password(): @bp.route("/user/verify/") def verify_email(): token = request.args.get("token") - ver : UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first() + ver: UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first() if ver is None: flash("Unknown verification token!", "danger") return redirect(url_for("homepage.home")) + delta = (datetime.datetime.now() - ver.created_at) + delta: datetime.timedelta + if delta.total_seconds() > 12*60*60: + flash("Token has expired", "danger") + db.session.delete(ver) + db.session.commit() + return redirect(url_for("homepage.home")) + user = ver.user addAuditLog(AuditSeverity.USER, user, "Confirmed their email", diff --git a/app/flatpages/email_sent.md b/app/flatpages/email_sent.md index 43973e52..255699fd 100644 --- a/app/flatpages/email_sent.md +++ b/app/flatpages/email_sent.md @@ -4,4 +4,6 @@ toc: False We've sent an email to the address you specified. You'll need to click the link in the email to confirm it +**The link will expire in 12 hours** + My email never arrived \ No newline at end of file