From 0ed97453f8e64e31a723cc6740b251a69a57d658 Mon Sep 17 00:00:00 2001
From: Nassim Bounouas <nassim.bounouas@gmail.com>
Date: Sat, 22 Jun 2019 21:19:16 +0200
Subject: [PATCH] #1928 Customizable password reset lifetime

---
 client/src/app/core/server/server.service.ts | 3 ++-
 client/src/app/login/login.component.ts      | 6 +++++-
 config/default.yaml                          | 1 +
 config/production.yaml.example               | 1 +
 server/controllers/api/config.ts             | 3 ++-
 server/initializers/config.ts                | 3 ++-
 server/initializers/constants.ts             | 3 ---
 server/lib/emailer.ts                        | 2 +-
 server/lib/redis.ts                          | 2 +-
 shared/models/server/server-config.model.ts  | 1 +
 10 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/client/src/app/core/server/server.service.ts b/client/src/app/core/server/server.service.ts
index 689f25a40..fe0786f4a 100644
--- a/client/src/app/core/server/server.service.ts
+++ b/client/src/app/core/server/server.service.ts
@@ -83,7 +83,8 @@ export class ServerService {
     },
     user: {
       videoQuota: -1,
-      videoQuotaDaily: -1
+      videoQuotaDaily: -1,
+      resetPasswordLifetime: 5
     },
     import: {
       videos: {
diff --git a/client/src/app/login/login.component.ts b/client/src/app/login/login.component.ts
index dc10de325..2ba47dea0 100644
--- a/client/src/app/login/login.component.ts
+++ b/client/src/app/login/login.component.ts
@@ -78,7 +78,7 @@ export class LoginComponent extends FormReactive implements OnInit {
       .subscribe(
         () => {
           const message = this.i18n(
-            'An email with the reset password instructions will be sent to {{email}}. The link will expire within 5 minutes.',
+            `An email with the reset password instructions will be sent to {{email}}. The link will expire within ${this.getResetPasswordLifetime()} minutes.`,
             { email: this.forgotPasswordEmail }
           )
           this.notifier.success(message)
@@ -96,4 +96,8 @@ export class LoginComponent extends FormReactive implements OnInit {
   hideForgotPasswordModal () {
     this.openedForgotPasswordModal.close()
   }
+
+  getResetPasswordLifetime () {
+    return this.serverService.getConfig().user.resetPasswordLifetime
+  }
 }
diff --git a/config/default.yaml b/config/default.yaml
index a213d5b0a..7d5f75def 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -174,6 +174,7 @@ user:
   # -1 == unlimited
   video_quota: -1
   video_quota_daily: -1
+  password_reset_lifetime: 15 # Minutes before password reset link expiration
 
 # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
 # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
diff --git a/config/production.yaml.example b/config/production.yaml.example
index cdf6136d8..8ac8eaf70 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -188,6 +188,7 @@ user:
   # -1 == unlimited
   video_quota: -1
   video_quota_daily: -1
+  password_reset_lifetime: 5 # Minutes before password reset link expiration
 
 # If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag
 # In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions.
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts
index 1d12f701b..c83bd354e 100644
--- a/server/controllers/api/config.ts
+++ b/server/controllers/api/config.ts
@@ -131,7 +131,8 @@ async function getConfig (req: express.Request, res: express.Response) {
     },
     user: {
       videoQuota: CONFIG.USER.VIDEO_QUOTA,
-      videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY
+      videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY,
+      resetPasswordLifetime: CONFIG.USER.USER_PASSWORD_RESET_LIFETIME
     },
     trending: {
       videos: {
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index bb278ba43..b6bca1ee5 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -144,7 +144,8 @@ const CONFIG = {
   },
   USER: {
     get VIDEO_QUOTA () { return parseBytes(config.get<number>('user.video_quota')) },
-    get VIDEO_QUOTA_DAILY () { return parseBytes(config.get<number>('user.video_quota_daily')) }
+    get VIDEO_QUOTA_DAILY () { return parseBytes(config.get<number>('user.video_quota_daily')) },
+    get USER_PASSWORD_RESET_LIFETIME () { return parseBytes(config.get<number>('user.password_reset_lifetime')) }
   },
   TRANSCODING: {
     get ENABLED () { return config.get<boolean>('transcoding.enabled') },
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 500f8770a..bca637128 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -471,8 +471,6 @@ let PRIVATE_RSA_KEY_SIZE = 2048
 // Password encryption
 const BCRYPT_SALT_SIZE = 10
 
-const USER_PASSWORD_RESET_LIFETIME = 60000 * 5 // 5 minutes
-
 const USER_EMAIL_VERIFY_LIFETIME = 60000 * 60 // 60 minutes
 
 const NSFW_POLICY_TYPES: { [ id: string ]: NSFWPolicyType } = {
@@ -689,7 +687,6 @@ export {
   VIDEO_ABUSE_STATES,
   CACHE,
   JOB_REQUEST_TIMEOUT,
-  USER_PASSWORD_RESET_LIFETIME,
   MEMOIZE_TTL,
   USER_EMAIL_VERIFY_LIFETIME,
   OVERVIEWS,
diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts
index 540c36025..e3bbccaa3 100644
--- a/server/lib/emailer.ts
+++ b/server/lib/emailer.ts
@@ -350,7 +350,7 @@ class Emailer {
   addPasswordResetEmailJob (to: string, resetPasswordUrl: string) {
     const text = `Hi dear user,\n\n` +
       `A reset password procedure for your account ${to} has been requested on ${WEBSERVER.HOST} ` +
-      `Please follow this link to reset it: ${resetPasswordUrl}  (the link will expire within 5 minutes)\n\n` +
+      `Please follow this link to reset it: ${resetPasswordUrl}  (the link will expire within ${CONFIG.USER.USER_PASSWORD_RESET_LIFETIME} minutes)\n\n` +
       `If you are not the person who initiated this request, please ignore this email.\n\n` +
       `Cheers,\n` +
       `${CONFIG.EMAIL.BODY.SIGNATURE}`
diff --git a/server/lib/redis.ts b/server/lib/redis.ts
index f77d0b62c..200a48c30 100644
--- a/server/lib/redis.ts
+++ b/server/lib/redis.ts
@@ -5,7 +5,6 @@ import { generateRandomString } from '../helpers/utils'
 import {
   CONTACT_FORM_LIFETIME,
   USER_EMAIL_VERIFY_LIFETIME,
-  USER_PASSWORD_RESET_LIFETIME,
   VIDEO_VIEW_LIFETIME,
   WEBSERVER
 } from '../initializers/constants'
@@ -68,6 +67,7 @@ class Redis {
   async setResetPasswordVerificationString (userId: number) {
     const generatedString = await generateRandomString(32)
 
+    const USER_PASSWORD_RESET_LIFETIME = CONFIG.USER.USER_PASSWORD_RESET_LIFETIME * 60000
     await this.setValue(this.generateResetPasswordKey(userId), generatedString, USER_PASSWORD_RESET_LIFETIME)
 
     return generatedString
diff --git a/shared/models/server/server-config.model.ts b/shared/models/server/server-config.model.ts
index d937e9c05..3a7090eb1 100644
--- a/shared/models/server/server-config.model.ts
+++ b/shared/models/server/server-config.model.ts
@@ -90,6 +90,7 @@ export interface ServerConfig {
   user: {
     videoQuota: number
     videoQuotaDaily: number
+    resetPasswordLifetime: number
   }
 
   trending: {
-- 
2.25.1