Code expired in registration email

[nwagenbrenner]

A user just reported that when they clicked on the code provided in the registration email, they get a message saying the code has expired. I had to manually approve their account to complete the registration.

iPhone 9
iOS 11.2.5

[fspataro-zz]

Natalie:
Is this really a "bug"? Did the user say how long they waited between registration start and confirmation? Currently the validation window is 10 minutes. Some more details:

• This message can be found at line 125 services.py.

• It occurs if the account is found but registration confirmation is invalid.

• The validation function is at the bottom of this file.

• The confirmation time frame window is set at the top of the file in minutes: _confirmation_delta_minutes

• Couple of things to do to enhance:

  • increase the time frame window if 10 minutes seems too low...
  • move the time frame setting to the config file for better management..
  • enhance the confirmation page to include a "resend" if time frame expired...

[nwagenbrenner]

It sounds like it happened within minutes of registration. 10 minutes doesn't seem like enough time though. There could be many cases where a user might start the registration process but not have access to email to complete the process right away. Do we need an expiration date at all? If so, we should increase it to days instead of minutes I think.

[jforthofer]

I agree that days would be better since it is possible someone might not have access to the registration email right away. For example someone using a FS email but they are on a fire and don't have their FS computer or mobile access to email. I've been in this boat myself.

[fspataro-zz]

Seems like time window requirement is overkill at this point. I've simply removed the validation check for time in the confirm function along with the note in the email. The code is still there if we want to use it later and change the window size or use some kind of configuration setting.