Merge branch 'password-reset-timeout' into 'master'

Password reset timeout /cc @jacobvosmaer See merge request !1428

Merge branch 'password-reset-timeout' into 'master'
Password reset timeout /cc @jacobvosmaer See merge request !1428
1708b6cd · Dmitriy Zaporozhets · 1d9e4274 · 31bf578d · 1708b6cd · 1708b6cd
Commit 1708b6cd authored Jan 23, 2015 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

CHANGELOG CHANGELOG +1 -1

config/initializers/devise.rb config/initializers/devise.rb +2 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -37,7 +37,7 @@ v 7.8.0
  - 
  - 
  - 
-  - 
+  - Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
  - 
  - 
  - 

--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -145,7 +145,8 @@ Devise.setup do |config|
  # Time interval you can reset your password with a reset password key.
  # Don't put a too small interval or your users won't have the time to
  # change their passwords.
-  config.reset_password_within = 2.hours
+  # When someone else invites you to GitLab this time is also used so it should be pretty long.
+  config.reset_password_within = 2.days

  # ==> Configuration for :encryptable
  # Allow you to use another encryption algorithm besides bcrypt (default). You can use