From 11e0d5f9acc85fe1a09e11da91f2abd35bc83f89 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 19 Nov 2020 12:27:06 +0100 Subject: Password Resets: Don't accept tokens above a certain age. By default, one day --- lib/pleroma/password_reset_token.ex | 11 +++++++++++ .../web/twitter_api/controllers/password_controller.ex | 1 + 2 files changed, 12 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/password_reset_token.ex b/lib/pleroma/password_reset_token.ex index 787bd4781..fea5b1c22 100644 --- a/lib/pleroma/password_reset_token.ex +++ b/lib/pleroma/password_reset_token.ex @@ -40,6 +40,7 @@ defmodule Pleroma.PasswordResetToken do @spec reset_password(binary(), map()) :: {:ok, User.t()} | {:error, binary()} def reset_password(token, data) do with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}), + false <- expired?(token), %User{} = user <- User.get_cached_by_id(token.user_id), {:ok, _user} <- User.reset_password(user, data), {:ok, token} <- Repo.update(used_changeset(token)) do @@ -48,4 +49,14 @@ defmodule Pleroma.PasswordResetToken do _e -> {:error, token} end end + + def expired?(%__MODULE__{inserted_at: inserted_at}) do + validity = Pleroma.Config.get([:instance, :password_reset_token_validity], 0) + + now = NaiveDateTime.utc_now() + + difference = NaiveDateTime.diff(now, inserted_at) + + difference > validity + end end diff --git a/lib/pleroma/web/twitter_api/controllers/password_controller.ex b/lib/pleroma/web/twitter_api/controllers/password_controller.ex index 800ab8954..b1a9d810e 100644 --- a/lib/pleroma/web/twitter_api/controllers/password_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/password_controller.ex @@ -17,6 +17,7 @@ defmodule Pleroma.Web.TwitterAPI.PasswordController do def reset(conn, %{"token" => token}) do with %{used: false} = token <- Repo.get_by(PasswordResetToken, %{token: token}), + false <- PasswordResetToken.expired?(token), %User{} = user <- User.get_cached_by_id(token.user_id) do render(conn, "reset.html", %{ token: token, -- cgit v1.2.3 From 5e2ba57327b88f7304ebbd9df73a15d892ee536c Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 19 Nov 2020 13:20:58 +0100 Subject: Activity search: Fix order of results Greatly speeds up the search for RUM. --- lib/pleroma/activity/search.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/activity/search.ex b/lib/pleroma/activity/search.ex index ceb365bb3..95ac90acb 100644 --- a/lib/pleroma/activity/search.ex +++ b/lib/pleroma/activity/search.ex @@ -27,7 +27,10 @@ defmodule Pleroma.Activity.Search do |> maybe_restrict_local(user) |> maybe_restrict_author(author) |> maybe_restrict_blocked(user) - |> Pagination.fetch_paginated(%{"offset" => offset, "limit" => limit}, :offset) + |> Pagination.fetch_paginated( + %{"offset" => offset, "limit" => limit, "skip_order" => true}, + :offset + ) |> maybe_fetch(user, search_query) end -- cgit v1.2.3 From 8b90d625060ddaa2f04fbc276ee39b532c7082b6 Mon Sep 17 00:00:00 2001 From: lain Date: Thu, 19 Nov 2020 16:29:31 +0100 Subject: Search: Only skip ordering the rum index. --- lib/pleroma/activity/search.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/pleroma/activity/search.ex b/lib/pleroma/activity/search.ex index 95ac90acb..382c81118 100644 --- a/lib/pleroma/activity/search.ex +++ b/lib/pleroma/activity/search.ex @@ -28,7 +28,7 @@ defmodule Pleroma.Activity.Search do |> maybe_restrict_author(author) |> maybe_restrict_blocked(user) |> Pagination.fetch_paginated( - %{"offset" => offset, "limit" => limit, "skip_order" => true}, + %{"offset" => offset, "limit" => limit, "skip_order" => index_type == :rum}, :offset ) |> maybe_fetch(user, search_query) -- cgit v1.2.3