Update password reset ttl, now expires after 24 hours

This commit is contained in:
Daniel Supernault 2020-01-28 23:37:08 -07:00
parent c40cdb6d8a
commit 829c41e16f
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
4 changed files with 60 additions and 5 deletions

View file

@ -0,0 +1,48 @@
<?php
namespace App\Console\Commands;
use Illuminate\Console\Command;
use App\EmailVerification;
class PasswordResetGC extends Command
{
/**
* The name and signature of the console command.
*
* @var string
*/
protected $signature = 'gc:passwordreset';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Delete password reset tokens over 24 hours old';
/**
* Create a new command instance.
*
* @return void
*/
public function __construct()
{
parent::__construct();
}
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
EmailVerification::where('created_at', '<', now()->subMinutes(1441))
->chunk(50, function($emails) {
foreach($emails as $em) {
$em->delete();
}
});
}
}

View file

@ -32,6 +32,7 @@ class Kernel extends ConsoleKernel
$schedule->command('horizon:snapshot')->everyFiveMinutes(); $schedule->command('horizon:snapshot')->everyFiveMinutes();
$schedule->command('story:gc')->everyFiveMinutes(); $schedule->command('story:gc')->everyFiveMinutes();
$schedule->command('gc:failedjobs')->dailyAt(3); $schedule->command('gc:failedjobs')->dailyAt(3);
$schedule->command('gc:passwordreset')->dailyAt('09:41');
} }
/** /**

View file

@ -6,6 +6,7 @@ use Auth;
use Cache; use Cache;
use Mail; use Mail;
use Illuminate\Support\Facades\Redis; use Illuminate\Support\Facades\Redis;
use Illuminate\Support\Str;
use Carbon\Carbon; use Carbon\Carbon;
use App\Mail\ConfirmEmail; use App\Mail\ConfirmEmail;
use Illuminate\Http\Request; use Illuminate\Http\Request;
@ -80,8 +81,8 @@ class AccountController extends Controller
EmailVerification::whereUserId(Auth::id())->delete(); EmailVerification::whereUserId(Auth::id())->delete();
$user = User::whereNull('email_verified_at')->find(Auth::id()); $user = User::whereNull('email_verified_at')->find(Auth::id());
$utoken = str_random(64); $utoken = Str::uuid() . Str::random(mt_rand(5,9));
$rtoken = str_random(128); $rtoken = Str::random(mt_rand(64, 70));
$verify = new EmailVerification(); $verify = new EmailVerification();
$verify->user_id = $user->id; $verify->user_id = $user->id;
@ -98,7 +99,7 @@ class AccountController extends Controller
public function confirmVerifyEmail(Request $request, $userToken, $randomToken) public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
{ {
$verify = EmailVerification::where('user_token', $userToken) $verify = EmailVerification::where('user_token', $userToken)
->where('created_at', '>', now()->subWeeks(2)) ->where('created_at', '>', now()->subHours(24))
->where('random_token', $randomToken) ->where('random_token', $randomToken)
->firstOrFail(); ->firstOrFail();

View file

@ -1,12 +1,17 @@
@component('mail::message') @component('mail::message')
# Email Confirmation # Email Confirmation
Please confirm your email address. Hello <b>&commat;{{$verify->user->username}}</b>, please confirm your email address.
If you did not create this account, please disregard this email.
@component('mail::button', ['url' => $verify->url()]) @component('mail::button', ['url' => $verify->url()])
Confirm Email Confirm Email
@endcomponent @endcomponent
<p>This link expires after 24 hours.</p>
<br>
Thanks,<br> Thanks,<br>
{{ config('pixelfed.domain.app') }} <a href="{{ config('app.url') }}">{{ config('pixelfed.domain.app') }}</a>
@endcomponent @endcomponent