FEATURE: remove email_token_grace_period_hours

The site setting email_token_grace_period_hours just causes confusion and should not be used anyway. Out of the box, tokens stop working once confirmed, no need to add complexity here
2025-05-24 03:36:18 +08:00 · 2016-12-19 17:15:20 +11:00
parent 7918d99a2e
commit eb2db23b40
5 changed files with 17 additions and 26 deletions
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -266,6 +266,19 @@ describe UsersController do
        expect(session["password-#{token}"]).to be_blank
      end

+      it 'disallows double password reset' do
+
+        user = Fabricate(:user, auth_token: SecureRandom.hex(16))
+        token = user.email_tokens.create(email: user.email).token
+
+        get :password_reset, token: token
+        put :password_reset, token: token, password: 'hg9ow8yhg98o'
+        put :password_reset, token: token, password: 'test123123Asdfsdf'
+
+        user.reload
+        expect(user.confirm_password?('hg9ow8yhg98o')).to eq(true)
+      end
+
      it "redirects to the wizard if you're the first admin" do
        user = Fabricate(:admin, auth_token: SecureRandom.hex(16), auth_token_updated_at: Time.now)
        token = user.email_tokens.create(email: user.email).token