X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FUser.java;h=567da97b20643b2f897e73ae4d6be815c95f3da8;hb=12c697be7c4e5da60d8af63f047f8c83eb95bb55;hp=b72af84fbc03eb840e82ae69f95e96bd5d503f58;hpb=a398544a86bdffe288ded209d9cc6b19df199964;p=gigi.git

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index b72af84f..567da97b 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -13,6 +13,7 @@ import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.DateSelector;
+import org.cacert.gigi.pages.PasswordResetPage;
 import org.cacert.gigi.util.CalendarUtil;
 import org.cacert.gigi.util.DayDate;
 import org.cacert.gigi.util.Notary;
@@ -160,7 +161,7 @@ public class User extends CertificateOwner {
     public boolean hasPassedCATS() {
         try (GigiPreparedStatement query = new GigiPreparedStatement("SELECT 1 FROM `cats_passed` where `user_id`=? AND `variant_id`=?")) {
             query.setInt(1, getId());
-            query.setInt(2, CATS.ASSURER_CHALLANGE_ID);
+            query.setInt(2, CATS.ASSURER_CHALLENGE_ID);
             try (GigiResultSet rs = query.executeQuery()) {
                 if (rs.next()) {
                     return true;
@@ -520,9 +521,10 @@ public class User extends CertificateOwner {
     }
 
     public static User getResetWithToken(int id, String token) {
-        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL")) {
+        try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '1 hours' * ?")) {
             ps.setInt(1, id);
             ps.setString(2, token);
+            ps.setInt(3, PasswordResetPage.HOUR_MAX);
             GigiResultSet res = ps.executeQuery();
             if ( !res.next()) {
                 return null;
@@ -537,7 +539,7 @@ public class User extends CertificateOwner {
             ps.setInt(2, getId());
             GigiResultSet rs = ps.executeQuery();
             if ( !rs.next()) {
-                throw new GigiApiException("Token not found... very bad.");
+                throw new GigiApiException("Token could not be found, has already been used, or is expired.");
             }
             if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) {
                 throw new GigiApiException("Private token does not match.");