fix(portal): onboarding/login links last 7 days, not 60 min
The rescue onboarding emails hardcoded a 60-minute expiry -- way too short for a paid customer who hasn't engaged yet (they may not check email for hours/days), so Paul's and Mitchell's links expired before they used them. Onboarding links now last 7 days (ONBOARDING_TTL_MINUTES); the standard security password-RESET window bumped 30min -> 2h. Re-issued fresh 7-day links to all 3 affected customers (none had set a password yet) via reissue-onboarding-links.mjs, cc'd.
This commit is contained in:
justin
parent
a6d2f10149
commit
e87715aee7
5 changed files with 75 additions and 10 deletions
|
|
@ -57,7 +57,7 @@ log(`customers row id=${customer.id} email=${customer.email} has_password=${cust
|
|||
|
||||
// 3a) password-set link (reuse the forgot-password token mechanism)
|
||||
const token = crypto.randomBytes(32).toString("hex");
|
||||
const expires = new Date(Date.now() + 60 * 60 * 1000); // 60 min
|
||||
const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
|
||||
await pool.query(
|
||||
`INSERT INTO password_reset_tokens (customer_id, token, expires_at) VALUES ($1,$2,$3)`,
|
||||
[customer.id, token, expires],
|
||||
|
|
@ -73,12 +73,12 @@ await mailer.sendMail({
|
|||
<p>Hi ${firstName},</p>
|
||||
<p>Thanks for your order. To finish setting up your account so you can log in to the
|
||||
Performance West portal and track your filings, click below to choose a password.
|
||||
This link expires in 60 minutes.</p>
|
||||
This link is valid for 7 days.</p>
|
||||
<p style="margin:24px 0"><a href="${resetLink}" style="background:#2d4e78;color:#fff;padding:12px 28px;border-radius:8px;text-decoration:none;font-weight:600">Set my password →</a></p>
|
||||
<p style="font-size:13px;color:#666">Or paste this link into your browser:<br>${resetLink}</p>
|
||||
<p style="font-size:13px;color:#666">Questions? Reply to this email or call 1-888-411-0383.</p>
|
||||
</div>`,
|
||||
text: `Hi ${firstName}, set your Performance West password to log in: ${resetLink} (expires in 60 minutes).`,
|
||||
text: `Hi ${firstName}, set your Performance West password to log in: ${resetLink} (valid for 7 days).`,
|
||||
});
|
||||
log(`password-set link sent to ${NEW_EMAIL} (cc ${CC})`);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue