From 829c41e16f8d0075dcba719a7cca211392524962 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Tue, 28 Jan 2020 23:37:08 -0700 Subject: [PATCH] Update password reset ttl, now expires after 24 hours --- app/Console/Commands/PasswordResetGC.php | 48 +++++++++++++++++++ app/Console/Kernel.php | 1 + app/Http/Controllers/AccountController.php | 7 +-- .../views/emails/confirm_email.blade.php | 9 +++- 4 files changed, 60 insertions(+), 5 deletions(-) create mode 100644 app/Console/Commands/PasswordResetGC.php diff --git a/app/Console/Commands/PasswordResetGC.php b/app/Console/Commands/PasswordResetGC.php new file mode 100644 index 00000000..2dbcc35e --- /dev/null +++ b/app/Console/Commands/PasswordResetGC.php @@ -0,0 +1,48 @@ +subMinutes(1441)) + ->chunk(50, function($emails) { + foreach($emails as $em) { + $em->delete(); + } + }); + } +} diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php index 7044d8f6..a29ace35 100644 --- a/app/Console/Kernel.php +++ b/app/Console/Kernel.php @@ -32,6 +32,7 @@ class Kernel extends ConsoleKernel $schedule->command('horizon:snapshot')->everyFiveMinutes(); $schedule->command('story:gc')->everyFiveMinutes(); $schedule->command('gc:failedjobs')->dailyAt(3); + $schedule->command('gc:passwordreset')->dailyAt('09:41'); } /** diff --git a/app/Http/Controllers/AccountController.php b/app/Http/Controllers/AccountController.php index 57301a8b..37ccbba3 100644 --- a/app/Http/Controllers/AccountController.php +++ b/app/Http/Controllers/AccountController.php @@ -6,6 +6,7 @@ use Auth; use Cache; use Mail; use Illuminate\Support\Facades\Redis; +use Illuminate\Support\Str; use Carbon\Carbon; use App\Mail\ConfirmEmail; use Illuminate\Http\Request; @@ -80,8 +81,8 @@ class AccountController extends Controller EmailVerification::whereUserId(Auth::id())->delete(); $user = User::whereNull('email_verified_at')->find(Auth::id()); - $utoken = str_random(64); - $rtoken = str_random(128); + $utoken = Str::uuid() . Str::random(mt_rand(5,9)); + $rtoken = Str::random(mt_rand(64, 70)); $verify = new EmailVerification(); $verify->user_id = $user->id; @@ -98,7 +99,7 @@ class AccountController extends Controller public function confirmVerifyEmail(Request $request, $userToken, $randomToken) { $verify = EmailVerification::where('user_token', $userToken) - ->where('created_at', '>', now()->subWeeks(2)) + ->where('created_at', '>', now()->subHours(24)) ->where('random_token', $randomToken) ->firstOrFail(); diff --git a/resources/views/emails/confirm_email.blade.php b/resources/views/emails/confirm_email.blade.php index cb521c9b..2fc98a75 100644 --- a/resources/views/emails/confirm_email.blade.php +++ b/resources/views/emails/confirm_email.blade.php @@ -1,12 +1,17 @@ @component('mail::message') # Email Confirmation -Please confirm your email address. +Hello @{{$verify->user->username}}, please confirm your email address. + +If you did not create this account, please disregard this email. @component('mail::button', ['url' => $verify->url()]) Confirm Email @endcomponent +

This link expires after 24 hours.

+
+ Thanks,
-{{ config('pixelfed.domain.app') }} +{{ config('pixelfed.domain.app') }} @endcomponent