Opened 13 years ago
Last modified 12 years ago
#107 closed defect
Email verification and forgot password verification tokens should expire — at Version 5
Reported by: | Christopher Allan Webber | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | programming | Keywords: | |
Cc: | Stephen Compall | Parent Tickets: |
Description (last modified by )
Email verification should expire after 30 days and forgot password verification should expire after 7. Things that should be done: - These fields should be added but not required - Views should be modified to add these expiration fields when adding the tokens - Views should be modified to check the expiration fields before using - A migration should be added... - fields without verification keys should just have the email\_verification\_expires and/or fp\_verification\_expires set to None - fields with verification keys should set them to a timedelta from today You can set these fields via a timedelta: :: >>> import datetime >>> datetime.datetime.now() + datetime.timedelta(days=10) datetime.datetime(2011, 7, 4, 8, 41, 8, 502139)
Change History (5)
comment:2 by , 13 years ago
If email verification expires, the account should be deleted. Either automatically, or by some "gmg cleanup" command or so. But this is maybe a new ticket. I just wanted to note this down somewhere.
comment:3 by , 13 years ago
Hm, is that something we really want to do? I'm not sure that too many projects do that. I think that users should be able to re-request email authorization, maybe?
comment:4 by , 13 years ago
The original url for this bug was http://bugs.foocorp.net/issues/394 .
Relations:
#72: blocked
comment:5 by , 12 years ago
Component: | → programming |
---|---|
Description: | modified (diff) |
I think that auto-expiry should definitely happen via a plugin, if people want it. I'm wary of that happening on its own.
As for the rest of this, someone just needs to pick up the ticket.