Opened 12 years ago
Closed 10 years ago
#107 closed defect (fixed)
Email verification and forgot password verification tokens should expire
|Reported by:||Christopher Allan Webber||Owned by:|
|Cc:||Stephen Compall||Parent Tickets:|
Description (last modified by )
Email verification should expire after 30 days and forgot password verification should expire after 7. Things that should be done: - These fields should be added but not required - Views should be modified to add these expiration fields when adding the tokens - Views should be modified to check the expiration fields before using - A migration should be added... - fields without verification keys should just have the email\_verification\_expires and/or fp\_verification\_expires set to None - fields with verification keys should set them to a timedelta from today You can set these fields via a timedelta: :: >>> import datetime >>> datetime.datetime.now() + datetime.timedelta(days=10) datetime.datetime(2011, 7, 4, 8, 41, 8, 502139)
Change History (8)
comment:1 by , 12 years ago
comment:2 by , 12 years ago
If email verification expires, the account should be deleted. Either automatically, or by some "gmg cleanup" command or so. But this is maybe a new ticket. I just wanted to note this down somewhere.
comment:3 by , 12 years ago
Hm, is that something we really want to do? I'm not sure that too many projects do that. I think that users should be able to re-request email authorization, maybe?
comment:4 by , 11 years ago
The original url for this bug was http://bugs.foocorp.net/issues/394 .
comment:5 by , 10 years ago
I think that auto-expiry should definitely happen via a plugin, if people want it. I'm wary of that happening on its own.
As for the rest of this, someone just needs to pick up the ticket.
comment:6 by , 10 years ago
comment:7 by , 10 years ago
Relatedly, #668 should help us solve this. itsdangerous would be perfect for this.
comment:8 by , 10 years ago
|Status:||accepted → closed|
And with rodney's branch on #624 done, this is accomplished!