From cf3f4888ccd403f1d27026d9dbfa061e4bc379e6 Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Fri, 31 Aug 2018 09:26:09 +0200
Subject: Change password expiration time from 12h to 7d

We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 core/Controller/LostController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/Controller')

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index eacd5847c6c..ab5a10b8035 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -187,7 +187,7 @@ class LostController extends Controller {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is invalid'));
 		}
 
-		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*12) ||
+		if ($splittedToken[0] < ($this->timeFactory->getTime() - 60*60*24*7) ||
 			$user->getLastLogin() > $splittedToken[0]) {
 			throw new \Exception($this->l10n->t('Couldn\'t reset password because the token is expired'));
 		}
-- 
cgit v1.2.3