Thanks for the update @amarinelli
Are invitation tokens only valid 24 hours?
-
How to I raise or remove the time limit?
My users are complaining that they cannot register. Then I have to resend the invitation. The time limit just doesn't make sense for us.Thanks
-
I don't have an install up and running at the moment, but this setting does appear to be configurable:
User.sendInvitationEmail = function (uid, email, callback) { callback = callback || function () {}; var token = utils.generateUUID(); var registerLink = nconf.get('url') + '/register?token=' + token + '&email=' + encodeURIComponent(email); var expireIn = (parseInt(meta.config.inviteExpiration, 10) || 1) * 86400000;src/views/admin/settings/user.tpl: <input type="number" class="form-control" data-field="inviteExpiration" placeholder="1">So I'd look for it somewhere in admin user settings.
-
@chrisb just FYI, there's a search box in the ACP. You can use it to search for settings. That's what it's for.
-
@pitaj Thanks, will have a play later. I haven't actually installed it yet, was just having a dig around the code.
-
@PitaJ OK I finally found it. It's nice to have a search but it's a pity that this recurring theme (found more questions on google for this issue, but not the solution) is not documented as far as I could find.
The setting is under User > User registration near the bottom of the page: "Invite expiration"
The default of 24 hours, mentioned nowhere explicitly, eg. not in the email itself, is confusing to say the least. We were already in production and had send out a batch to our real users, only after days we came to realize that the reason the users could not register and the invitations had to be resend multiple times is because the token was time expired.Here someone posted a very similar issue but your co-moderator deceidec to fix it behind closed doors..
-
@jw-sbat what do you suggest we do? We have an FAQ page but adding every question we get would void the purpose. We have documentation, but the ACP has the purpose of settings built in, and a search right there.
-
Perhaps increasing the default timeout for invitation tokens to a week would be good. We typically use 24 hours for password reset tokens, but invitation tokens are not as protected I think.
-
@julian that was going to be my suggestion, I think that'd make sense (especially since this issue has cropped up before).
-
-
@pitaj I think just explicitly mentioning in the invitation that there is a timeout could avoid major confusion.