Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in).
This commit is contained in:
parent
c308224aaf
commit
7fff9c1bee
|
@ -648,7 +648,7 @@
|
|||
}
|
||||
|
||||
config :pleroma, :oauth2,
|
||||
token_expires_in: 600,
|
||||
token_expires_in: 3600 * 24 * 30,
|
||||
issue_new_refresh_token: true,
|
||||
clean_expired_tokens: false
|
||||
|
||||
|
|
|
@ -2540,7 +2540,7 @@
|
|||
key: :token_expires_in,
|
||||
type: :integer,
|
||||
description: "The lifetime in seconds of the access token",
|
||||
suggestions: [600]
|
||||
suggestions: [2_592_000]
|
||||
},
|
||||
%{
|
||||
key: :issue_new_refresh_token,
|
||||
|
|
|
@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
|
|||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.Authorization
|
||||
|
||||
@expires 3600 * 24 * 30
|
||||
@expires 300
|
||||
|
||||
@type t() :: %__MODULE__{}
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
|
|||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.App
|
||||
alias Pleroma.Web.OAuth.Authorization
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
import Ecto.Changeset
|
||||
import Ecto.Query
|
||||
|
@ -53,7 +54,8 @@ defp add_token(changeset) do
|
|||
end
|
||||
|
||||
defp add_lifetime(changeset) do
|
||||
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
|
||||
lifespan = Token.lifespan()
|
||||
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
|
||||
end
|
||||
|
||||
@spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
|
||||
|
|
|
@ -13,7 +13,7 @@ def render("token.json", %{token: token} = opts) do
|
|||
token_type: "Bearer",
|
||||
access_token: token.token,
|
||||
refresh_token: token.refresh_token,
|
||||
expires_in: expires_in(),
|
||||
expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
|
||||
scope: Enum.join(token.scopes, " "),
|
||||
created_at: Utils.format_created_at(token)
|
||||
}
|
||||
|
@ -25,6 +25,4 @@ def render("token.json", %{token: token} = opts) do
|
|||
response
|
||||
end
|
||||
end
|
||||
|
||||
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
|
||||
end
|
||||
|
|
|
@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
|
|||
timestamps()
|
||||
end
|
||||
|
||||
def lifespan do
|
||||
Pleroma.Config.get!([:oauth2, :token_expires_in])
|
||||
end
|
||||
|
||||
@doc "Gets token by unique access token"
|
||||
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
|
||||
def get_by_token(token) do
|
||||
|
@ -83,11 +87,11 @@ defp put_refresh_token(changeset, attrs) do
|
|||
end
|
||||
|
||||
defp put_valid_until(changeset, attrs) do
|
||||
expires_in =
|
||||
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
|
||||
valid_until =
|
||||
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
|
||||
|
||||
changeset
|
||||
|> change(%{valid_until: expires_in})
|
||||
|> change(%{valid_until: valid_until})
|
||||
|> validate_required([:valid_until])
|
||||
end
|
||||
|
||||
|
@ -138,6 +142,4 @@ def is_expired?(%__MODULE__{valid_until: valid_until}) do
|
|||
end
|
||||
|
||||
def is_expired?(_), do: false
|
||||
|
||||
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
|
||||
end
|
||||
|
|
|
@ -171,7 +171,6 @@ test "returns access token with valid code", %{conn: conn, user: user, app: app}
|
|||
assert match?(
|
||||
%{
|
||||
"access_token" => _,
|
||||
"expires_in" => 600,
|
||||
"me" => ^ap_id,
|
||||
"refresh_token" => _,
|
||||
"scope" => "write",
|
||||
|
@ -280,7 +279,6 @@ test "returns access token with valid code", %{conn: conn, app: app} do
|
|||
assert match?(
|
||||
%{
|
||||
"access_token" => _,
|
||||
"expires_in" => 600,
|
||||
"me" => ^ap_id,
|
||||
"refresh_token" => _,
|
||||
"scope" => "write",
|
||||
|
|
|
@ -1105,7 +1105,6 @@ test "issues a new access token with keep fresh token" do
|
|||
%{
|
||||
"scope" => "write",
|
||||
"token_type" => "Bearer",
|
||||
"expires_in" => 600,
|
||||
"access_token" => _,
|
||||
"refresh_token" => _,
|
||||
"me" => ^ap_id
|
||||
|
@ -1145,7 +1144,6 @@ test "issues a new access token with new fresh token" do
|
|||
%{
|
||||
"scope" => "write",
|
||||
"token_type" => "Bearer",
|
||||
"expires_in" => 600,
|
||||
"access_token" => _,
|
||||
"refresh_token" => _,
|
||||
"me" => ^ap_id
|
||||
|
@ -1228,7 +1226,6 @@ test "issues a new token if token expired" do
|
|||
%{
|
||||
"scope" => "write",
|
||||
"token_type" => "Bearer",
|
||||
"expires_in" => 600,
|
||||
"access_token" => _,
|
||||
"refresh_token" => _,
|
||||
"me" => ^ap_id
|
||||
|
|
Loading…
Reference in a new issue