projects / gruntmaster-page.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 490653c)
Reject expired reset tokens
authorMarius Gavrilescu <marius@ieval.ro>
Mon, 16 Feb 2015 15:53:18 +0000 (17:53 +0200)
committerMarius Gavrilescu <marius@ieval.ro>
Mon, 16 Feb 2015 15:53:18 +0000 (17:53 +0200)
lib/Plack/App/Gruntmaster.pm patch | blob | blame | history

diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm
index bfc2e27049b064f09bc4d7f6e1c4d4fb5b01c8bc..2b06c931ae56230e962a2a80df72ae5b086d4ec2 100644 (file)
--- a/lib/Plack/App/Gruntmaster.pm
+++ b/lib/Plack/App/Gruntmaster.pm
@@ -301,6 +301,7 @@ EOF
                        my $user = db->user($_{username});
                        return reply 'No such user' unless $user;
                        my ($token, $exp) = split ':', $_{token};
+                       return reply 'Reset token is expired' if time >= $exp;
                        return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
                        $user->set_passphrase($_{password});
                        reply 'Password reset successfully';
Gruntmaster page generators
This page took 0.02317 seconds and 4 git commands to generate.