Mercurial > public > src > moin > 1.9

changeset 5985:0063e98b14aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cfg.recovery_token_lifetime to determine how long the recovery token will be valid
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Thu, 02 May 2013 22:57:54 +0200
parents e7136d5731df
children c293897aad01
files MoinMoin/config/multiconfig.py MoinMoin/user.py
diffstat 2 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/config/multiconfig.py	Sun Apr 07 01:58:43 2013 +0200
+++ b/MoinMoin/config/multiconfig.py	Thu May 02 22:57:54 2013 +0200
@@ -832,6 +832,8 @@
     ),
     "passlib CryptContext arguments, see passlib docs"),
 
+    ('recovery_token_lifetime', 12,
+     'how long the password recovery token is valid [h]'),
   )),
   # ==========================================================================
   'spam_leech_dos': ('Anti-Spam/Leech/DOS',
--- a/MoinMoin/user.py	Sun Apr 07 01:58:43 2013 +0200
+++ b/MoinMoin/user.py	Thu May 02 22:57:54 2013 +0200
@@ -1109,8 +1109,8 @@
             stamp = int(parts[0])
         except ValueError:
             return False
-        # only allow it to be valid for twelve hours
-        if stamp + 12*60*60 < time.time():
+        lifetime = self._request.cfg.recovery_token_lifetime * 3600
+        if time.time() > stamp + lifetime:
             return False
         # check hmac
         # key must be of type string