Change password expiration time from 12h to 7d

MorrisJobke · MorrisJobke · commit cf3f4888ccd4 · 2018-08-31T13:31:03.000+02:00
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.

Signed-off-by: Morris Jobke &lt;hey@morrisjobke.de&gt;
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
@@ -187,7 +187,7 @@ protected function checkPasswordResetToken($token, $userId) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 
-		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
+		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*24*7) ||
 			$user->getLastLogin() > $splittedToken[0]) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
 		}
diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
@@ -584,7 +584,7 @@ public function testSetPasswordExpiredToken() {
 			->with('ValidTokenUser')
 			->willReturn($this->existingUser);
 		$this->timeFactory->method('getTime')
-			->willReturn(55546);
+			->willReturn(617146);
 
 		$this->crypto->method('decrypt')
 			->with(

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ protected function checkPasswordResetToken($token, $userId) {`
`187`	`187`	`throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));`
`188`	`188`	`}`
`189`	`189`
`190`		`- if ($splittedToken[0] < ($this->timeFactory->getTime() - 606012) \|\|`
	`190`	`+ if ($splittedToken[0] < ($this->timeFactory->getTime() - 606024*7) \|\|`
`191`	`191`	`$user->getLastLogin() > $splittedToken[0]) {`
`192`	`192`	`throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));`
`193`	`193`	`}`