mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-23 06:22:24 +01:00
Add 12 hour expiry to email verification tokens
This commit is contained in:
parent
3b5c9950de
commit
0486eb76c0
@ -311,11 +311,19 @@ def set_password():
|
||||
@bp.route("/user/verify/")
|
||||
def verify_email():
|
||||
token = request.args.get("token")
|
||||
ver : UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
|
||||
ver: UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
|
||||
if ver is None:
|
||||
flash("Unknown verification token!", "danger")
|
||||
return redirect(url_for("homepage.home"))
|
||||
|
||||
delta = (datetime.datetime.now() - ver.created_at)
|
||||
delta: datetime.timedelta
|
||||
if delta.total_seconds() > 12*60*60:
|
||||
flash("Token has expired", "danger")
|
||||
db.session.delete(ver)
|
||||
db.session.commit()
|
||||
return redirect(url_for("homepage.home"))
|
||||
|
||||
user = ver.user
|
||||
|
||||
addAuditLog(AuditSeverity.USER, user, "Confirmed their email",
|
||||
|
@ -4,4 +4,6 @@ toc: False
|
||||
We've sent an email to the address you specified.
|
||||
You'll need to click the link in the email to confirm it
|
||||
|
||||
**The link will expire in 12 hours**
|
||||
|
||||
<a class="btn btn-secondary" href="/help/faq/#my-verification-email-never-arrived">My email never arrived</a>
|
Loading…
Reference in New Issue
Block a user