The change email verification link is supposed to expire after an hour24 hours; it never expires. This PR addresses the issue and allows the user to resend a verification email.
Note that anyone who has tried to reset their password within the 24-hour window before deploying this code will have their token forcibly expired. Because of our deployment schedule, I do not know of a good way around this. I don't think it should affect many (if any) users; the worst case scenario in this case is that the user will have to log in and click the new "Resend verification link" button.
Implementation notes:
When updating a user to have a pendingEmail and pendingEmailVerificationToken, we now also set a UTC pendingEmailVerificationTokenTimestamp. In verifyUserPendingEmailInteractor, we verify that the timestamp is within 24 hours of UTC now. When we reset pendingEmail and pendingEmailVerificationToken, we also reset pendingEmailVerificationTokenTimestamp.
The notification banner telling the user that a verification email has been sent has a button to allow them to resend a verification email.
The change email verification link is supposed to expire after
an hour24 hours; it never expires. This PR addresses the issue and allows the user to resend a verification email.Ticket: https://github.com/orgs/flexion/projects/11/views/1?pane=issue&itemId=76509729&issue=flexion%7Cef-cms%7C10313
Based on to-test PRs here: https://github.com/ustaxcourt/ef-cms/pull/5405, https://github.com/ustaxcourt/ef-cms/pull/5417, https://github.com/ustaxcourt/ef-cms/pull/5446
Note that anyone who has tried to reset their password within the 24-hour window before deploying this code will have their token forcibly expired. Because of our deployment schedule, I do not know of a good way around this. I don't think it should affect many (if any) users; the worst case scenario in this case is that the user will have to log in and click the new "Resend verification link" button.
Implementation notes:
pendingEmailandpendingEmailVerificationToken, we now also set a UTCpendingEmailVerificationTokenTimestamp. InverifyUserPendingEmailInteractor, we verify that the timestamp is within 24 hours of UTC now. When we resetpendingEmailandpendingEmailVerificationToken, we also resetpendingEmailVerificationTokenTimestamp.