import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.DateSelector;
+import org.cacert.gigi.pages.PasswordResetPage;
import org.cacert.gigi.util.CalendarUtil;
import org.cacert.gigi.util.DayDate;
import org.cacert.gigi.util.Notary;
}
public static User getResetWithToken(int id, String token) {
- try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL")) {
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid` FROM `passwordResetTickets` WHERE `id`=? AND `token`=? AND `used` IS NULL AND `created` > CURRENT_TIMESTAMP - interval '1 hours' * ?")) {
ps.setInt(1, id);
ps.setString(2, token);
+ ps.setInt(3, PasswordResetPage.HOUR_MAX);
GigiResultSet res = ps.executeQuery();
if ( !res.next()) {
return null;
ps.setInt(2, getId());
GigiResultSet rs = ps.executeQuery();
if ( !rs.next()) {
- throw new GigiApiException("Token not found... very bad.");
+ throw new GigiApiException("Token could not be found, has already been used, or is expired.");
}
if (PasswordHash.verifyHash(private_token, rs.getString(1)) == null) {
throw new GigiApiException("Private token does not match.");
projects / gigi.git / blobdiff