From 62f12c1f4fdbac52a49c5e50515282d02f38106e Mon Sep 17 00:00:00 2001 From: Marius Gavrilescu Date: Mon, 16 Feb 2015 17:53:18 +0200 Subject: [PATCH] Reject expired reset tokens --- lib/Plack/App/Gruntmaster.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm index bfc2e27..2b06c93 100644 --- a/lib/Plack/App/Gruntmaster.pm +++ b/lib/Plack/App/Gruntmaster.pm @@ -301,6 +301,7 @@ EOF my $user = db->user($_{username}); return reply 'No such user' unless $user; my ($token, $exp) = split ':', $_{token}; + return reply 'Reset token is expired' if time >= $exp; return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token; $user->set_passphrase($_{password}); reply 'Password reset successfully'; -- 2.39.2