fix: TOKEN_EXPIRY_MINUTES (#9557)

api/.env.example

@@ -329,4 +329,7 @@ POSITION_TOOL_EXCLUDES=
 
 POSITION_PROVIDER_PINS=
 POSITION_PROVIDER_INCLUDES=
-POSITION_PROVIDER_EXCLUDES=
+POSITION_PROVIDER_EXCLUDES=
+
+# Reset password token expiry minutes
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5

api/configs/feature/__init__.py

@@ -27,9 +27,9 @@ class SecurityConfig(BaseSettings):
         default="",
     )
 
-    RESET_PASSWORD_TOKEN_EXPIRY_HOURS: PositiveInt = Field(
-        description="Duration in hours for which a password reset token remains valid",
-        default=24,
+    RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+        description="Duration in minutes for which a password reset token remains valid",
+        default=5,
     )
 
 
@@ -652,9 +652,9 @@ class LoginConfig(BaseSettings):
         description="whether to enable github/google oauth login",
         default=False,
     )
-    EMAIL_CODE_LOGIN_TOKEN_EXPIRY_HOURS: PositiveFloat = Field(
-        description="expiry time in hours for email code login token",
-        default=1 / 12,
+    EMAIL_CODE_LOGIN_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
+        description="expiry time in minutes for email code login token",
+        default=5,
     )
     ALLOW_REGISTER: bool = Field(
         description="whether to enable register",

api/libs/helper.py

@@ -214,13 +214,13 @@ class TokenManager:
         if additional_data:
             token_data.update(additional_data)
 
-        expiry_hours = current_app.config[f"{token_type.upper()}_TOKEN_EXPIRY_HOURS"]
+        expiry_minutes = current_app.config[f"{token_type.upper()}_TOKEN_EXPIRY_MINUTES"]
         token_key = cls._get_token_key(token, token_type)
-        expiry_time = int(expiry_hours * 60 * 60)
+        expiry_time = int(expiry_minutes * 60)
         redis_client.setex(token_key, expiry_time, json.dumps(token_data))
 
         if account_id:
-            cls._set_current_token_for_account(account.id, token, token_type, expiry_hours)
+            cls._set_current_token_for_account(account.id, token, token_type, expiry_minutes)
 
         return token
 

docker/.env.example

@@ -605,8 +605,8 @@ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=1000
 # Default: 72.
 INVITE_EXPIRY_HOURS=72
 
-# Reset password token valid time (hours),
-RESET_PASSWORD_TOKEN_EXPIRY_HOURS=0.0833
+# Reset password token valid time (minutes),
+RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
 
 # The sandbox service endpoint.
 CODE_EXECUTION_ENDPOINT=http://sandbox:8194

docker/docker-compose.yaml

@@ -207,7 +207,7 @@ x-shared-env: &shared-api-worker-env
   RESEND_API_URL: https://api.resend.com
   INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
   INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
-  RESET_PASSWORD_TOKEN_EXPIRY_HOURS: ${RESET_PASSWORD_TOKEN_EXPIRY_HOURS:-24}
+  RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: ${RESET_PASSWORD_TOKEN_EXPIRY_MINUTES:-5}
   CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
   CODE_EXECUTION_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
   CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}