Customizable password reset lifetime

pull/2305/head
Nassim Bounouas 2019-06-22 21:19:16 +02:00
parent 232863422f
commit 0ed97453f8
10 changed files with 16 additions and 9 deletions

View File

@ -83,7 +83,8 @@ export class ServerService {
},
user: {
videoQuota: -1,
videoQuotaDaily: -1
videoQuotaDaily: -1,
resetPasswordLifetime: 5
},
import: {
videos: {

View File

@ -78,7 +78,7 @@ export class LoginComponent extends FormReactive implements OnInit {
.subscribe(
() => {
const message = this.i18n(
'An email with the reset password instructions will be sent to {{email}}. The link will expire within 5 minutes.',
`An email with the reset password instructions will be sent to {{email}}. The link will expire within ${this.getResetPasswordLifetime()} minutes.`,
{ email: this.forgotPasswordEmail }
)
this.notifier.success(message)
@ -96,4 +96,8 @@ export class LoginComponent extends FormReactive implements OnInit {
hideForgotPasswordModal () {
this.openedForgotPasswordModal.close()
}
getResetPasswordLifetime () {
return this.serverService.getConfig().user.resetPasswordLifetime
}
}

View File

@ -174,6 +174,7 @@ user:
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
password_reset_lifetime: 15 # Minutes before password reset link expiration
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.

View File

@ -188,6 +188,7 @@ user:
# -1 == unlimited
video_quota: -1
video_quota_daily: -1
password_reset_lifetime: 5 # Minutes before password reset link expiration
# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.

View File

@ -131,7 +131,8 @@ async function getConfig (req: express.Request, res: express.Response) {
},
user: {
videoQuota: CONFIG.USER.VIDEO_QUOTA,
videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY
videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY,
resetPasswordLifetime: CONFIG.USER.USER_PASSWORD_RESET_LIFETIME
},
trending: {
videos: {

View File

@ -144,7 +144,8 @@ const CONFIG = {
},
USER: {
get VIDEO_QUOTA () { return parseBytes(config.get<number>('user.video_quota')) },
get VIDEO_QUOTA_DAILY () { return parseBytes(config.get<number>('user.video_quota_daily')) }
get VIDEO_QUOTA_DAILY () { return parseBytes(config.get<number>('user.video_quota_daily')) },
get USER_PASSWORD_RESET_LIFETIME () { return parseBytes(config.get<number>('user.password_reset_lifetime')) }
},
TRANSCODING: {
get ENABLED () { return config.get<boolean>('transcoding.enabled') },

View File

@ -471,8 +471,6 @@ let PRIVATE_RSA_KEY_SIZE = 2048
// Password encryption
const BCRYPT_SALT_SIZE = 10
const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes
const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes
const NSFW_POLICY_TYPES: { [ id: string ]: NSFWPolicyType } = {
@ -689,7 +687,6 @@ export {
VIDEO_ABUSE_STATES,
CACHE,
JOB_REQUEST_TIMEOUT,
USER_PASSWORD_RESET_LIFETIME,
MEMOIZE_TTL,
USER_EMAIL_VERIFY_LIFETIME,
OVERVIEWS,

View File

@ -350,7 +350,7 @@ class Emailer {
addPasswordResetEmailJob (to: string, resetPasswordUrl: string) {
const text = `Hi dear user,\n\n` +
`A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` +
`Please follow this link to reset it: ${resetPasswordUrl} (the link will expire within 5 minutes)\n\n` +
`Please follow this link to reset it: ${resetPasswordUrl} (the link will expire within ${CONFIG.USER.USER_PASSWORD_RESET_LIFETIME} minutes)\n\n` +
`If you are not the person who initiated this request, please ignore this email.\n\n` +
`Cheers,\n` +
`${CONFIG.EMAIL.BODY.SIGNATURE}`

View File

@ -5,7 +5,6 @@ import { generateRandomString } from '../helpers/utils'
import {
CONTACT_FORM_LIFETIME,
USER_EMAIL_VERIFY_LIFETIME,
USER_PASSWORD_RESET_LIFETIME,
VIDEO_VIEW_LIFETIME,
WEBSERVER
} from '../initializers/constants'
@ -68,6 +67,7 @@ class Redis {
async setResetPasswordVerificationString (userId: number) {
const generatedString = await generateRandomString(32)
const USER_PASSWORD_RESET_LIFETIME = CONFIG.USER.USER_PASSWORD_RESET_LIFETIME * 60000
await this.setValue(this.generateResetPasswordKey(userId), generatedString, USER_PASSWORD_RESET_LIFETIME)
return generatedString

View File

@ -90,6 +90,7 @@ export interface ServerConfig {
user: {
videoQuota: number
videoQuotaDaily: number
resetPasswordLifetime: number
}
trending: {