Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in).
This commit is contained in:
parent
c308224aaf
commit
7fff9c1bee
|
@ -648,7 +648,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
config :pleroma, :oauth2,
|
config :pleroma, :oauth2,
|
||||||
token_expires_in: 600,
|
token_expires_in: 3600 * 24 * 30,
|
||||||
issue_new_refresh_token: true,
|
issue_new_refresh_token: true,
|
||||||
clean_expired_tokens: false
|
clean_expired_tokens: false
|
||||||
|
|
||||||
|
|
|
@ -2540,7 +2540,7 @@
|
||||||
key: :token_expires_in,
|
key: :token_expires_in,
|
||||||
type: :integer,
|
type: :integer,
|
||||||
description: "The lifetime in seconds of the access token",
|
description: "The lifetime in seconds of the access token",
|
||||||
suggestions: [600]
|
suggestions: [2_592_000]
|
||||||
},
|
},
|
||||||
%{
|
%{
|
||||||
key: :issue_new_refresh_token,
|
key: :issue_new_refresh_token,
|
||||||
|
|
|
@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.OAuth.Authorization
|
alias Pleroma.Web.OAuth.Authorization
|
||||||
|
|
||||||
@expires 3600 * 24 * 30
|
@expires 300
|
||||||
|
|
||||||
@type t() :: %__MODULE__{}
|
@type t() :: %__MODULE__{}
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
|
||||||
alias Pleroma.User
|
alias Pleroma.User
|
||||||
alias Pleroma.Web.OAuth.App
|
alias Pleroma.Web.OAuth.App
|
||||||
alias Pleroma.Web.OAuth.Authorization
|
alias Pleroma.Web.OAuth.Authorization
|
||||||
|
alias Pleroma.Web.OAuth.Token
|
||||||
|
|
||||||
import Ecto.Changeset
|
import Ecto.Changeset
|
||||||
import Ecto.Query
|
import Ecto.Query
|
||||||
|
@ -53,7 +54,8 @@ defp add_token(changeset) do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp add_lifetime(changeset) do
|
defp add_lifetime(changeset) do
|
||||||
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
|
lifespan = Token.lifespan()
|
||||||
|
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
|
||||||
end
|
end
|
||||||
|
|
||||||
@spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
|
@spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
|
||||||
|
|
|
@ -13,7 +13,7 @@ def render("token.json", %{token: token} = opts) do
|
||||||
token_type: "Bearer",
|
token_type: "Bearer",
|
||||||
access_token: token.token,
|
access_token: token.token,
|
||||||
refresh_token: token.refresh_token,
|
refresh_token: token.refresh_token,
|
||||||
expires_in: expires_in(),
|
expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
|
||||||
scope: Enum.join(token.scopes, " "),
|
scope: Enum.join(token.scopes, " "),
|
||||||
created_at: Utils.format_created_at(token)
|
created_at: Utils.format_created_at(token)
|
||||||
}
|
}
|
||||||
|
@ -25,6 +25,4 @@ def render("token.json", %{token: token} = opts) do
|
||||||
response
|
response
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
|
||||||
timestamps()
|
timestamps()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def lifespan do
|
||||||
|
Pleroma.Config.get!([:oauth2, :token_expires_in])
|
||||||
|
end
|
||||||
|
|
||||||
@doc "Gets token by unique access token"
|
@doc "Gets token by unique access token"
|
||||||
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
|
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
|
||||||
def get_by_token(token) do
|
def get_by_token(token) do
|
||||||
|
@ -83,11 +87,11 @@ defp put_refresh_token(changeset, attrs) do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp put_valid_until(changeset, attrs) do
|
defp put_valid_until(changeset, attrs) do
|
||||||
expires_in =
|
valid_until =
|
||||||
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
|
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
|
||||||
|
|
||||||
changeset
|
changeset
|
||||||
|> change(%{valid_until: expires_in})
|
|> change(%{valid_until: valid_until})
|
||||||
|> validate_required([:valid_until])
|
|> validate_required([:valid_until])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -138,6 +142,4 @@ def is_expired?(%__MODULE__{valid_until: valid_until}) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_expired?(_), do: false
|
def is_expired?(_), do: false
|
||||||
|
|
||||||
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -171,7 +171,6 @@ test "returns access token with valid code", %{conn: conn, user: user, app: app}
|
||||||
assert match?(
|
assert match?(
|
||||||
%{
|
%{
|
||||||
"access_token" => _,
|
"access_token" => _,
|
||||||
"expires_in" => 600,
|
|
||||||
"me" => ^ap_id,
|
"me" => ^ap_id,
|
||||||
"refresh_token" => _,
|
"refresh_token" => _,
|
||||||
"scope" => "write",
|
"scope" => "write",
|
||||||
|
@ -280,7 +279,6 @@ test "returns access token with valid code", %{conn: conn, app: app} do
|
||||||
assert match?(
|
assert match?(
|
||||||
%{
|
%{
|
||||||
"access_token" => _,
|
"access_token" => _,
|
||||||
"expires_in" => 600,
|
|
||||||
"me" => ^ap_id,
|
"me" => ^ap_id,
|
||||||
"refresh_token" => _,
|
"refresh_token" => _,
|
||||||
"scope" => "write",
|
"scope" => "write",
|
||||||
|
|
|
@ -1105,7 +1105,6 @@ test "issues a new access token with keep fresh token" do
|
||||||
%{
|
%{
|
||||||
"scope" => "write",
|
"scope" => "write",
|
||||||
"token_type" => "Bearer",
|
"token_type" => "Bearer",
|
||||||
"expires_in" => 600,
|
|
||||||
"access_token" => _,
|
"access_token" => _,
|
||||||
"refresh_token" => _,
|
"refresh_token" => _,
|
||||||
"me" => ^ap_id
|
"me" => ^ap_id
|
||||||
|
@ -1145,7 +1144,6 @@ test "issues a new access token with new fresh token" do
|
||||||
%{
|
%{
|
||||||
"scope" => "write",
|
"scope" => "write",
|
||||||
"token_type" => "Bearer",
|
"token_type" => "Bearer",
|
||||||
"expires_in" => 600,
|
|
||||||
"access_token" => _,
|
"access_token" => _,
|
||||||
"refresh_token" => _,
|
"refresh_token" => _,
|
||||||
"me" => ^ap_id
|
"me" => ^ap_id
|
||||||
|
@ -1228,7 +1226,6 @@ test "issues a new token if token expired" do
|
||||||
%{
|
%{
|
||||||
"scope" => "write",
|
"scope" => "write",
|
||||||
"token_type" => "Bearer",
|
"token_type" => "Bearer",
|
||||||
"expires_in" => 600,
|
|
||||||
"access_token" => _,
|
"access_token" => _,
|
||||||
"refresh_token" => _,
|
"refresh_token" => _,
|
||||||
"me" => ^ap_id
|
"me" => ^ap_id
|
||||||
|
|
Loading…
Reference in a new issue