Update password reset ttl, now expires after 24 hours

2024-11-22 06:21:27 +00:00 · 2020-01-28 23:37:08 -07:00 · 2020-01-28 23:37:08 -07:00 · 829c41e16f
commit 829c41e16f
parent c40cdb6d8a
4 changed files with 60 additions and 5 deletions
--- a/app/Console/Commands/PasswordResetGC.php
+++ b/app/Console/Commands/PasswordResetGC.php
@ -0,0 +1,48 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use App\EmailVerification;
+
+class PasswordResetGC extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'gc:passwordreset';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Delete password reset tokens over 24 hours old';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        EmailVerification::where('created_at', '<', now()->subMinutes(1441))
+            ->chunk(50, function($emails) {
+                foreach($emails as $em) {
+                    $em->delete();
+                }
+            });
+    }
+}
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@ -32,6 +32,7 @@ class Kernel extends ConsoleKernel
        $schedule->command('horizon:snapshot')->everyFiveMinutes();
        $schedule->command('story:gc')->everyFiveMinutes();
        $schedule->command('gc:failedjobs')->dailyAt(3);
+        $schedule->command('gc:passwordreset')->dailyAt('09:41');
    }

    /**
--- a/app/Http/Controllers/AccountController.php
+++ b/app/Http/Controllers/AccountController.php
@ -6,6 +6,7 @@ use Auth;
 use Cache; 
 use Mail; 
 use Illuminate\Support\Facades\Redis;
+use Illuminate\Support\Str;
 use Carbon\Carbon;
 use App\Mail\ConfirmEmail;
 use Illuminate\Http\Request;
@ -80,8 +81,8 @@ class AccountController extends Controller
 		EmailVerification::whereUserId(Auth::id())->delete();

 		$user = User::whereNull('email_verified_at')->find(Auth::id());
-		$utoken = str_random(64);
-		$rtoken = str_random(128);
+		$utoken = Str::uuid() . Str::random(mt_rand(5,9));
+		$rtoken = Str::random(mt_rand(64, 70));

 		$verify = new EmailVerification();
 		$verify->user_id = $user->id;
@ -98,7 +99,7 @@ class AccountController extends Controller
 	public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
 	{
 		$verify = EmailVerification::where('user_token', $userToken)
-		->where('created_at', '>', now()->subWeeks(2))
+		->where('created_at', '>', now()->subHours(24))
 		->where('random_token', $randomToken)
 		->firstOrFail();

--- a/resources/views/emails/confirm_email.blade.php
+++ b/resources/views/emails/confirm_email.blade.php
@ -1,12 +1,17 @@
@component('mail::message')
 # Email Confirmation

-Please confirm your email address.
+Hello <b>&commat;{{$verify->user->username}}</b>, please confirm your email address.
+
+If you did not create this account, please disregard this email.

@component('mail::button', ['url' => $verify->url()])
 Confirm Email
@endcomponent

+<p>This link expires after 24 hours.</p>
+<br>
+
 Thanks,<br>
-{{ config('pixelfed.domain.app') }}
+<a href="{{ config('app.url') }}">{{ config('pixelfed.domain.app') }}</a>
@endcomponent