From: Marius Gavrilescu <marius@ieval.ro>
Date: Mon, 16 Feb 2015 15:53:18 +0000 (+0200)
Subject: Reject expired reset tokens
X-Git-Url: http://git.ieval.ro/?p=plack-app-gruntmaster.git;a=commitdiff_plain;h=62f12c1f4fdbac52a49c5e50515282d02f38106e

Reject expired reset tokens
---

diff --git a/lib/Plack/App/Gruntmaster.pm b/lib/Plack/App/Gruntmaster.pm
index bfc2e27..2b06c93 100644
--- a/lib/Plack/App/Gruntmaster.pm
+++ b/lib/Plack/App/Gruntmaster.pm
@@ -301,6 +301,7 @@ EOF
 			my $user = db->user($_{username});
 			return reply 'No such user' unless $user;
 			my ($token, $exp) = split ':', $_{token};
+			return reply 'Reset token is expired' if time >= $exp;
 			return reply 'Bad reset token' unless $user->make_reset_hmac($exp) eq $token;
 			$user->set_passphrase($_{password});
 			reply 'Password reset successfully';