feat: adds configurable expiration prop for password reset tokens (#9710)

### What? Unable to configure expiration time for the password reset tokens. ### Why? Prior to this change, the expiration time for password reset tokens were defaulted. ### How? Adds new `expiration` prop to `auth.forgotPassword` object which allows for the option to configure the expiration time of password reset tokens.
2024-12-04 09:43:14 -05:00
parent d118544b44
commit 9bffa098b9
3 changed files with 6 additions and 1 deletions
--- a/docs/authentication/email.mdx
+++ b/docs/authentication/email.mdx
@@ -111,6 +111,7 @@ The following options are available:

 | Option               | Description                                                                                                                                                                                                                         |
 |----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **`expiration`** | Configure how long password reset tokens remain valid, specified in milliseconds. |
 | **`generateEmailHTML`** | Allows for overriding the HTML within emails that are sent to users attempting to reset their password. [More details](#generateEmailHTML). |
 | **`generateEmailSubject`** | Allows for overriding the subject of the email that is sent to users attempting to reset their password. [More details](#generateEmailSubject). |

--- a/packages/payload/src/auth/operations/forgotPassword.ts
+++ b/packages/payload/src/auth/operations/forgotPassword.ts
@@ -136,7 +136,9 @@ export const forgotPasswordOperation = async <TSlug extends CollectionSlug>(
    }

    user.resetPasswordToken = token
-    user.resetPasswordExpiration = new Date(expiration || Date.now() + 3600000).toISOString() // 1 hour
+    user.resetPasswordExpiration = new Date(
+      collectionConfig.auth?.forgotPassword?.expiration || expiration || Date.now() + 3600000,
+    ).toISOString() // 1 hour

    user = await payload.update({
      id: user.id,
--- a/packages/payload/src/auth/types.ts
+++ b/packages/payload/src/auth/types.ts
@@ -221,6 +221,7 @@ export interface IncomingAuthType {
   * @link https://payloadcms.com/docs/authentication/email#forgot-password
   */
  forgotPassword?: {
+    expiration?: number
    generateEmailHTML?: GenerateForgotPasswordEmailHTML
    generateEmailSubject?: GenerateForgotPasswordEmailSubject
  }
@@ -279,6 +280,7 @@ export type VerifyConfig = {
 export interface Auth
  extends Omit<DeepRequired<IncomingAuthType>, 'forgotPassword' | 'loginWithUsername' | 'verify'> {
  forgotPassword?: {
+    expiration?: number
    generateEmailHTML?: GenerateForgotPasswordEmailHTML
    generateEmailSubject?: GenerateForgotPasswordEmailSubject
  }