* fix: convert loginDays and loginSeconds to number inputs
* feat: configurable session timeout for when "Remember Me" is not checked
closes#11124
* test: addition tests to check loginDays and sessionDuration settings
* test: also test loginSeconds override
* chore: incrementing version number - v2.8.1
* chore: update changelog for v2.8.1
* fix: accidental clearing of reset rate limiting on reset send
* test: move user reset tests to its own file, add failing test for user reset locks
* fix: #11119, counter attempted flooding of user reset route
* test: fix password reset socket test to check for error now
* test: same user sending multiple reset emails
should work after waiting the correct amount of time
* lint: fixes
* chore: rename outdated `cleanTokensAndUids` method
* test: no need to create user for new test
Co-authored-by: Misty Release Bot <deploy@nodebb.org>
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* breaking: remove `SocketUser.emailConfirm`, re: #10954
* chore: move email confirmation related configs to own section in Settings > Email
* feat: new user email method `getValidationExpiry`, returns expiration in ms.. probably.
* fix: bug where `user.email.isValidationPending` returned an u nexpected non-boolean value if there was no confirmation pending (only when checking email as well)
* fix: update getValidationExpiry to return ms
* test: use emailConfirmInterval for tests, for now
* fix: throw friendly error when attempting an email change within email confirmation window
* feat: new config option `emailConfirmExpiry` in days, governs how long the confirm link is good for
* test: additional tests for user email methods
* fix: add back missing handling of option
* test: fix tests
