From 9bffa098b9c538e3fba042e1521e2b84d068b716 Mon Sep 17 00:00:00 2001
From: Patrik <patrik@payloadcms.com>
Date: Wed, 4 Dec 2024 09:43:14 -0500
Subject: [PATCH] feat: adds configurable `expiration` prop for password reset
 tokens (#9710)

### What?

Unable to configure expiration time for the password reset tokens.

### Why?

Prior to this change, the expiration time for password reset tokens were
defaulted.

### How?

Adds new `expiration` prop to `auth.forgotPassword` object which allows
for the option to configure the expiration time of password reset
tokens.
---
 docs/authentication/email.mdx                          | 1 +
 packages/payload/src/auth/operations/forgotPassword.ts | 4 +++-
 packages/payload/src/auth/types.ts                     | 2 ++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/authentication/email.mdx b/docs/authentication/email.mdx
index 2af6c9354..79e042248 100644
--- a/docs/authentication/email.mdx
+++ b/docs/authentication/email.mdx
@@ -111,6 +111,7 @@ The following options are available:
 
 | Option               | Description                                                                                                                                                                                                                         |
 |----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **`expiration`** | Configure how long password reset tokens remain valid, specified in milliseconds. |
 | **`generateEmailHTML`** | Allows for overriding the HTML within emails that are sent to users attempting to reset their password. [More details](#generateEmailHTML). |
 | **`generateEmailSubject`** | Allows for overriding the subject of the email that is sent to users attempting to reset their password. [More details](#generateEmailSubject). |
 
diff --git a/packages/payload/src/auth/operations/forgotPassword.ts b/packages/payload/src/auth/operations/forgotPassword.ts
index f49c771fa..36df49791 100644
--- a/packages/payload/src/auth/operations/forgotPassword.ts
+++ b/packages/payload/src/auth/operations/forgotPassword.ts
@@ -136,7 +136,9 @@ export const forgotPasswordOperation = async <TSlug extends CollectionSlug>(
     }
 
     user.resetPasswordToken = token
-    user.resetPasswordExpiration = new Date(expiration || Date.now() + 3600000).toISOString() // 1 hour
+    user.resetPasswordExpiration = new Date(
+      collectionConfig.auth?.forgotPassword?.expiration || expiration || Date.now() + 3600000,
+    ).toISOString() // 1 hour
 
     user = await payload.update({
       id: user.id,
diff --git a/packages/payload/src/auth/types.ts b/packages/payload/src/auth/types.ts
index f087fa2e1..98ec382c6 100644
--- a/packages/payload/src/auth/types.ts
+++ b/packages/payload/src/auth/types.ts
@@ -221,6 +221,7 @@ export interface IncomingAuthType {
    * @link https://payloadcms.com/docs/authentication/email#forgot-password
    */
   forgotPassword?: {
+    expiration?: number
     generateEmailHTML?: GenerateForgotPasswordEmailHTML
     generateEmailSubject?: GenerateForgotPasswordEmailSubject
   }
@@ -279,6 +280,7 @@ export type VerifyConfig = {
 export interface Auth
   extends Omit<DeepRequired<IncomingAuthType>, 'forgotPassword' | 'loginWithUsername' | 'verify'> {
   forgotPassword?: {
+    expiration?: number
     generateEmailHTML?: GenerateForgotPasswordEmailHTML
     generateEmailSubject?: GenerateForgotPasswordEmailSubject
   }