fix a bug where accumulating stale login tokens can lock out an account

capsulflask/db_model.py

@@ -21,7 +21,7 @@ class DBModel:
     if hasExactMatch == 0:
       self.cursor.execute("INSERT INTO accounts (email, lower_case_email) VALUES (%s, %s)", (email, email.lower()))
 
-    self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s", (email, ))
+    self.cursor.execute("SELECT token FROM login_tokens WHERE email = %s and created > (NOW() - INTERVAL '20 min')", (email, ))
     if len(self.cursor.fetchall()) > 2:
       return (None, ignoreCaseMatches)