don't expire email sign in codes on use

we're seeing issues with email clients sniffing links, and causing them to expire before the user gets a chance to click on them. Temporarily disable the expiry while we work on a more permanent solution. The link will still expire after half an hour, and sms codes aren't affected by this change
2026-02-01 07:35:34 -05:00 · 2020-05-04 11:48:03 +01:00
parent a828787514
commit 789112a31f
3 changed files with 33 additions and 21 deletions
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -190,7 +190,8 @@ def verify_user_code(user_id):
        # only relevant from sms
        increment_failed_login_count(user_to_verify)
        raise InvalidRequest("Code not found", status_code=404)
-    if datetime.utcnow() > code.expiry_datetime or code.code_used:
+    # TODO: Fix email flow so that clicking link doesn't expire emails
+    if datetime.utcnow() > code.expiry_datetime or (code.code_used and data['code_type'] != 'email'):
        # sms and email
        increment_failed_login_count(user_to_verify)
        raise InvalidRequest("Code has expired", status_code=400)