From f053a730f0c01f7825d2853b8d02f86ff85940f2 Mon Sep 17 00:00:00 2001
From: ja <ja@verag.ag>
Date: Thu, 7 Oct 2021 12:01:06 +0200
Subject: [PATCH] Verbesserte Sicherheit durch Verringerung der Zeitbegrenzung
 der Tokenlebenszeit

---
 css/login/ForgotPW.css | 3 ---
 login/ForgotPW.aspx    | 4 ++++
 login/ForgotPW.aspx.vb | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/css/login/ForgotPW.css b/css/login/ForgotPW.css
index 824aa03..8d2702a 100644
--- a/css/login/ForgotPW.css
+++ b/css/login/ForgotPW.css
@@ -41,17 +41,14 @@
     font-size: 2.55em;
     color: #fff;
 }
-
 .txt_design {
     color: #003680;
     font-size: 1.65em;
 }
-
 #CustomerID {
     color: #003680;
     font-size: 1.320901320901321em;
 }
-
 #lbl_Hinweis {
     font-size: 1.188em;
     color: dimgrey;
diff --git a/login/ForgotPW.aspx b/login/ForgotPW.aspx
index ddd4277..6daf033 100644
--- a/login/ForgotPW.aspx
+++ b/login/ForgotPW.aspx
@@ -110,6 +110,10 @@
                      <td align="left" colspan="2"> 
                     <asp:TextBox ID="txt_Username" runat="server" Width = "250" />
                         </td></tr>
+                <tr style="color:#003680; height:30px;">
+                     <td align="left" colspan="2">  
+                          <asp:RegularExpressionValidator ID="val_usrnametxt" ControlToValidate="txt_Username" runat="server" ValidationExpression="[A-Z1-9].{4,12}" Display="Dynamic"></asp:RegularExpressionValidator>
+                         </td></tr>
                 <tr style="color:#003680; height:30px;">
                 <td align="right" colspan="2">                    
                 <asp:Label ID="lblMessage" runat="server" />
diff --git a/login/ForgotPW.aspx.vb b/login/ForgotPW.aspx.vb
index 6242eb3..a9e42f7 100644
--- a/login/ForgotPW.aspx.vb
+++ b/login/ForgotPW.aspx.vb
@@ -168,9 +168,10 @@ Partial Class login_ForgotPW
     Function getDateoftoken(tokenname As String) As Boolean
         Dim data() As Byte = Convert.FromBase64String(tokenname)
         Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        If wenn < DateTime.UtcNow.AddHours(-24) Then
+        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
             Return False
             MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
+            tokenname = ""
         Else
             Return True
         End If