From 645ddede02500af71245d7e1a148b5c8df7ad203 Mon Sep 17 00:00:00 2001 From: forest Date: Sun, 31 Jan 2021 18:02:46 -0600 Subject: [PATCH] fix a bug where accumulating stale login tokens can lock out an account --- capsulflask/db_model.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capsulflask/db_model.py b/capsulflask/db_model.py index 82638f5..bd7ec57 100644 --- a/capsulflask/db_model.py +++ b/capsulflask/db_model.py @@ -21,7 +21,7 @@ class DBModel: if hasExactMatch == 0: self.cursor.execute("INSERT INTO accounts (email, lower_case_email) VALUES (%s, %s)", (email, email.lower())) - self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s", (email, )) + self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s and created > (NOW() - INTERVAL '20 min')", (email, )) if len(self.cursor.fetchall()) > 2: return (None, ignoreCaseMatches)