Add 12 hour expiry to email verification tokens

This commit is contained in:
rubenwardy 2021-11-24 17:41:39 +00:00
parent 3b5c9950de
commit 0486eb76c0
2 changed files with 11 additions and 1 deletions

@ -311,11 +311,19 @@ def set_password():
@bp.route("/user/verify/")
def verify_email():
token = request.args.get("token")
ver : UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
ver: UserEmailVerification = UserEmailVerification.query.filter_by(token=token).first()
if ver is None:
flash("Unknown verification token!", "danger")
return redirect(url_for("homepage.home"))
delta = (datetime.datetime.now() - ver.created_at)
delta: datetime.timedelta
if delta.total_seconds() > 12*60*60:
flash("Token has expired", "danger")
db.session.delete(ver)
db.session.commit()
return redirect(url_for("homepage.home"))
user = ver.user
addAuditLog(AuditSeverity.USER, user, "Confirmed their email",

@ -4,4 +4,6 @@ toc: False
We've sent an email to the address you specified.
You'll need to click the link in the email to confirm it
**The link will expire in 12 hours**
<a class="btn btn-secondary" href="/help/faq/#my-verification-email-never-arrived">My email never arrived</a>