Increase password reset timeout since other people trigger it when they create an account for you.

2 files changed, 3 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index bd519002531..63b70f8bc74 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -37,7 +37,7 @@ v 7.8.0
   - 
   - 
   - 
-  - 
+  - Password reset token validity increased from 2 hours to 2 days since it is also send on account creation.
   - 
   - 
   - 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index c6eb3e51036..79abe3c695d 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -145,7 +145,8 @@ Devise.setup do |config|
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
-  config.reset_password_within = 2.hours
+  # When someone else invites you to GitLab this time is also used so it should be pretty long.
+  config.reset_password_within = 2.days
 
   # ==> Configuration for :encryptable
   # Allow you to use another encryption algorithm besides bcrypt (default). You can use