]> iEval git - gruntmaster-page.git/commitdiff
Reject expired reset tokens
authorMarius Gavrilescu <marius@ieval.ro>
Mon, 16 Feb 2015 15:53:18 +0000 (17:53 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Mon, 16 Feb 2015 15:53:18 +0000 (17:53 +0200)
lib/Plack/App/Gruntmaster.pm

index bfc2e27049b064f09bc4d7f6e1c4d4fb5b01c8bc..2b06c931ae56230e962a2a80df72ae5b086d4ec2 100644 (file)
@@ -301,6 +301,7 @@ EOF
                        my $user = db->user($_{username});
                        return reply 'No such user' unless $user;
                        my ($token, $exp) = split ':', $_{token};
+                       return reply 'Reset token is expired' if time >= $exp;
                        return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
                        $user->set_passphrase($_{password});
                        reply 'Password reset successfully';
This page took 0.025452 seconds and 4 git commands to generate.