From: Marius Gavrilescu Date: Mon, 16 Feb 2015 15:53:18 +0000 (+0200) Subject: Reject expired reset tokens X-Git-Url: http://git.ieval.ro/?a=commitdiff_plain;h=62f12c1f4fdbac52a49c5e50515282d02f38106e;p=gruntmaster-page.git Reject expired reset tokens --- diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm index bfc2e27..2b06c93 100644 --- a/lib/Plack/App/Gruntmaster.pm +++ b/lib/Plack/App/Gruntmaster.pm @@ -301,6 +301,7 @@ EOF my $user = db->user($_{username}); return reply 'No such user' unless $user; my ($token, $exp) = split ':', $_{token}; + return reply 'Reset token is expired' if time >= $exp; return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token; $user->set_passphrase($_{password}); reply 'Password reset successfully';