User friendly error whenset pasword link is expired

Ref #42
HadleyLab · Nov 18, 2024 · 6a89e6e · 6a89e6e
1 parent e641e64
commit 6a89e6e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/resources/seeds/NotificationTemplate/reset-user-password.yaml b/resources/seeds/NotificationTemplate/reset-user-password.yaml
@@ -5,6 +5,7 @@ template: |-
   <br />
   Please click on the link below to reset your password: <a href="{{confirm-href}}">{{ confirm-href }}</a> <br />
   <br />
+  The link is valid for 24 hours.<br />
   If you did not request a password reset, please do not click the link to reset your password.
   If you have received this message in error, or if you have any questions or concerns,
   please contact us at Dexter.Hadley@ucf.edu <br />

diff --git a/ucf-app/app/auth/operations.py b/ucf-app/app/auth/operations.py
@@ -112,11 +112,11 @@ async def set_password_op(operation, request):
         await client.resources("SetPasswordToken").search(_id=set_password_token_id).first()
     )
     if not is_set_password_token_valid(set_password_token):
-        raise OperationOutcome(reason="Invalid request")
+        raise OperationOutcome(reason="The reset password link is expired, please request a new one")
     user = await set_password_token["user"].to_resource()
 
     await user.patch(**{"password": password})
     await set_password_token.patch(**{"status": "used"})
     await remove_user_sessions(db, user.id)
 
-    return web.json_response({"message": "The password was successfully changed"})
+    return web.json_response({"message": "The password was successfully changed"})