diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ff807a5..bebaa979 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -79,6 +79,7 @@ - Update profile audience to filter blocked instances ([e0c3dae3](https://github.com/pixelfed/pixelfed/commit/e0c3dae3)) - Update SearchApiV2Service, improve query performance ([4d1f2811](https://github.com/pixelfed/pixelfed/commit/4d1f2811)) - Update InstanceService, improve unlisted/banned network post filtering ([a0da6ec3](https://github.com/pixelfed/pixelfed/commit/a0da6ec3)) +- Update ApiV1DotController, fix inAppRegistrationConfirm logic ([6cfbedd9](https://github.com/pixelfed/pixelfed/commit/6cfbedd9)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.4 (2022-10-04)](https://github.com/pixelfed/pixelfed/compare/v0.11.3...v0.11.4) diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php index 053f31fa..b46fd38c 100644 --- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php @@ -547,13 +547,16 @@ class ApiV1Dot1Controller extends Controller return response()->json(['error' => 'Invalid tokens'], 403); } + if($verify->created_at->lt(now()->subHours(24))) { + $verify->delete(); + return response()->json(['error' => 'Invalid tokens'], 403); + } + $user = User::findOrFail($verify->user_id); $user->email_verified_at = now(); $user->last_active_at = now(); $user->save(); - $verify->delete(); - $token = $user->createToken('Pixelfed'); return response()->json([