From c0dca7ec66a476850d3ff05d0ed26713f7117cf8 Mon Sep 17 00:00:00 2001
From: natdeanlewissoftwire
 <94526761+natdeanlewissoftwire@users.noreply.github.com>
Date: Thu, 21 Sep 2023 16:34:51 +0100
Subject: [PATCH] Increase reset password expiry to 24 hours (#1935)

* feat: increase reset password expiry to 24 hours

* feat: increase csv expiration and copy
---
 app/jobs/email_csv_job.rb               | 2 +-
 app/views/devise/passwords/new.html.erb | 2 +-
 config/initializers/devise.rb           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/jobs/email_csv_job.rb b/app/jobs/email_csv_job.rb
index 55fdcc824..89b358e28 100644
--- a/app/jobs/email_csv_job.rb
+++ b/app/jobs/email_csv_job.rb
@@ -3,7 +3,7 @@ class EmailCsvJob < ApplicationJob
 
   BYTE_ORDER_MARK = "\uFEFF".freeze # Required to ensure Excel always reads CSV as UTF-8
 
-  EXPIRATION_TIME = 3.hours.to_i
+  EXPIRATION_TIME = 24.hours.to_i
 
   def perform(user, search_term = nil, filters = {}, all_orgs = false, organisation = nil, codes_only_export = false, log_type = "lettings") # rubocop:disable Style/OptionalBooleanParameter - sidekiq can't serialise named params
     export_type = codes_only_export ? "codes" : "labels"
diff --git a/app/views/devise/passwords/new.html.erb b/app/views/devise/passwords/new.html.erb
index b59d77cd0..0ceddc404 100644
--- a/app/views/devise/passwords/new.html.erb
+++ b/app/views/devise/passwords/new.html.erb
@@ -14,7 +14,7 @@
       </h1>
 
       <p class="govuk-body">Enter the email address you used to create your account.</p>
-      <p class="govuk-body">We’ll email you a link to reset your password. This link will expire in 3 hours.</p>
+      <p class="govuk-body">We’ll email you a link to reset your password. This link will expire in 24 hours.</p>
 
       <%= f.govuk_email_field :email,
         label: { text: "Email address" },
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 4759c94bd..df5f61df2 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -225,7 +225,7 @@ Devise.setup do |config|
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
-  config.reset_password_within = 3.hours
+  config.reset_password_within = 24.hours
 
   # When set to false, does not sign a user in automatically after their password is
   # reset. Defaults to true, so a user is signed in automatically after a reset.