#1 2024-11-06 13:09:13

noiragneau
Member
Poland
2021-08-10
9

An activation link valid only for 1 hour

Hi.

With version 15, password policy has benn changed. It is assigned via the activation link now.
Unfortunatelly it is valid only for 1 hour. I have no idea why. In my opinion, it is safe when you lost your password, but necessary fot new users.
I add few users every week. I'm sure that many of them will not click the activation link within this 1 hour.
Is it possible to increase it?

Piwigo 15.0.0

Last edited by noiragneau (2024-11-06 13:42:12)

Offline

 

#2 2024-11-06 13:41:13

brookhouse
Member
2024-11-04
6

Re: An activation link valid only for 1 hour

Yes, I agree, that seems very short. I would have to liaise with my users by WhatsApp or iMessage to be ready before sending the email.

Incidentally I tried it with a new install to myself and the email hasn't come through which is even more of a problem if that is the only way to add new users?

Offline

 

#3 2024-11-06 13:44:01

noiragneau
Member
Poland
2021-08-10
9

Re: An activation link valid only for 1 hour

I was happy after hearing about this change but at the moment this solution is worse than the previous one.

Offline

 

#4 2024-11-06 13:44:28

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13887

Re: An activation link valid only for 1 hour

The validation duration is hard-coded in function generate_reset_password_link

Code:

list($expire) = pwg_db_fetch_row(pwg_query('SELECT ADDDATE(NOW(), INTERVAL 1 HOUR)'));

While I think 1 hour is a good value to "reset" a password, you're also right to say that to "initialize" a password, it should be valid longer. @Linty, what do you think?

Offline

 

#5 2024-11-06 14:44:04

Phil35
Member
France
2022-10-11
90

Re: An activation link valid only for 1 hour

Hi,
same remark than others
- one hour for reset password : Ok
- one hour for new user : too short .. 24 or 48h should be correct

Thanks
Phil


Piwigo 15.3 on production platform with raspberry pi 4 Model B Rev 1.4 (OS 11 (bullseye))

Offline

 

#6 2024-11-06 15:02:48

noiragneau
Member
Poland
2021-08-10
9

Re: An activation link valid only for 1 hour

Even 72h.
And this information should be placed in Welcome e-mail. Now, there is no such information. Just "To set your password, visit the following address:"

Offline

 

#7 2024-11-06 15:51:17

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13887

Re: An activation link valid only for 1 hour

noiragneau wrote:

And this information should be placed in Welcome e-mail.

Good point

Offline

 

#8 2024-11-09 13:00:02

brookhouse
Member
2024-11-04
6

Re: An activation link valid only for 1 hour

Currently for me the emails are not being sent out or delivered, although there is no error message when I send them.

I'll test further unless this is a known bug that will be fixed in the next release?

Offline

 

#9 2024-11-19 08:32:30

noiragneau
Member
Poland
2021-08-10
9

Re: An activation link valid only for 1 hour

That "1 hour validation link" you can go around just using password reminder procedure :) https://yourpiwigo.com/password.php

So the reason for implementing this functionality is even more useless.

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2025 · Contact