diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2015-07-09 20:33:51 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2015-07-10 13:49:25 +0100 |
| commit | 2ac123a2e0e4594099a11057647ffc190219993d (patch) | |
| tree | 4cfa460cb78461b6c5958f6d06dce497d11378a5 /perllib/FixMyStreet/App/Controller/Auth.pm | |
| parent | a978c0a1ad216f7004ef88b8a58b9731242155dc (diff) | |
Alter token logging in and timeout behaviour.
Restrict email_sign_in token to one day, unused confirmation tokens to
one month. Used tokens will redirect to the created thing but not log
in; don't log in with alert links (unsubscribe link never expires, reply
link will still show "reopen" tickbox).
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 66cf3979c..63bf91ff5 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -155,6 +155,11 @@ sub token : Path('/M') : Args(1) { return; } + if ( $token_obj->created < DateTime->now->subtract( days => 1 ) ) { + $c->stash->{token_not_found} = 1; + return; + } + # Sign out in case we are another user $c->logout(); |