Add maximum lifetime of 30m on password recovery tokens
Fixes https://jira.coreos.com/browse/QS-80
This commit is contained in:
Joseph Schorr
parent
d405f6f158
commit
5dd95038cf
3 changed files with 33 additions and 2 deletions
|
|
@ -494,3 +494,6 @@ class DefaultConfig(ImmutableConfig):
|
|||
|
||||
# Defines a secret for enabling the health-check endpoint's debug information.
|
||||
ENABLE_HEALTH_DEBUG_SECRET = None
|
||||
|
||||
# The lifetime for a user recovery token before it becomes invalid.
|
||||
USER_RECOVERY_TOKEN_LIFETIME = '30m'
|
||||
|
|
|
|||
Reference in a new issue