Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in).

2020-12-09 21:14:39 +03:00 · 2020-12-09 21:14:39 +03:00 · 7fff9c1bee
commit 7fff9c1bee
parent c308224aaf
8 changed files with 14 additions and 17 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -648,7 +648,7 @@
  }

 config :pleroma, :oauth2,
-  token_expires_in: 600,
+  token_expires_in: 3600 * 24 * 30,
  issue_new_refresh_token: true,
  clean_expired_tokens: false

--- a/config/description.exs
+++ b/config/description.exs
@ -2540,7 +2540,7 @@
        key: :token_expires_in,
        type: :integer,
        description: "The lifetime in seconds of the access token",
-        suggestions: [600]
+        suggestions: [2_592_000]
      },
      %{
        key: :issue_new_refresh_token,
--- a/lib/pleroma/mfa/token.ex
+++ b/lib/pleroma/mfa/token.ex
@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
  alias Pleroma.User
  alias Pleroma.Web.OAuth.Authorization

-  @expires 3600 * 24 * 30
+  @expires 300

  @type t() :: %__MODULE__{}

--- a/lib/pleroma/web/o_auth/authorization.ex
+++ b/lib/pleroma/web/o_auth/authorization.ex
@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
  alias Pleroma.User
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.Token

  import Ecto.Changeset
  import Ecto.Query
@ -53,7 +54,8 @@ defp add_token(changeset) do
  end

  defp add_lifetime(changeset) do
-    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
+    lifespan = Token.lifespan()
+    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
  end

  @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
--- a/lib/pleroma/web/o_auth/o_auth_view.ex
+++ b/lib/pleroma/web/o_auth/o_auth_view.ex
@ -13,7 +13,7 @@ def render("token.json", %{token: token} = opts) do
      token_type: "Bearer",
      access_token: token.token,
      refresh_token: token.refresh_token,
-      expires_in: expires_in(),
+      expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
      scope: Enum.join(token.scopes, " "),
      created_at: Utils.format_created_at(token)
    }
@ -25,6 +25,4 @@ def render("token.json", %{token: token} = opts) do
      response
    end
  end
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
--- a/lib/pleroma/web/o_auth/token.ex
+++ b/lib/pleroma/web/o_auth/token.ex
@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
    timestamps()
  end

+  def lifespan do
+    Pleroma.Config.get!([:oauth2, :token_expires_in])
+  end
+
  @doc "Gets token by unique access token"
  @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
  def get_by_token(token) do
@ -83,11 +87,11 @@ defp put_refresh_token(changeset, attrs) do
  end

  defp put_valid_until(changeset, attrs) do
-    expires_in =
-      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
+    valid_until =
+      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))

    changeset
-    |> change(%{valid_until: expires_in})
+    |> change(%{valid_until: valid_until})
    |> validate_required([:valid_until])
  end

@ -138,6 +142,4 @@ def is_expired?(%__MODULE__{valid_until: valid_until}) do
  end

  def is_expired?(_), do: false
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
--- a/test/pleroma/web/o_auth/mfa_controller_test.exs
+++ b/test/pleroma/web/o_auth/mfa_controller_test.exs
@ -171,7 +171,6 @@ test "returns access token with valid code", %{conn: conn, user: user, app: app}
      assert match?(
               %{
                 "access_token" => _,
-                 "expires_in" => 600,
                 "me" => ^ap_id,
                 "refresh_token" => _,
                 "scope" => "write",
@ -280,7 +279,6 @@ test "returns access token with valid code", %{conn: conn, app: app} do
      assert match?(
               %{
                 "access_token" => _,
-                 "expires_in" => 600,
                 "me" => ^ap_id,
                 "refresh_token" => _,
                 "scope" => "write",
--- a/test/pleroma/web/o_auth/o_auth_controller_test.exs
+++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@ -1105,7 +1105,6 @@ test "issues a new access token with keep fresh token" do
               %{
                 "scope" => "write",
                 "token_type" => "Bearer",
-                 "expires_in" => 600,
                 "access_token" => _,
                 "refresh_token" => _,
                 "me" => ^ap_id
@ -1145,7 +1144,6 @@ test "issues a new access token with new fresh token" do
               %{
                 "scope" => "write",
                 "token_type" => "Bearer",
-                 "expires_in" => 600,
                 "access_token" => _,
                 "refresh_token" => _,
                 "me" => ^ap_id
@ -1228,7 +1226,6 @@ test "issues a new token if token expired" do
               %{
                 "scope" => "write",
                 "token_type" => "Bearer",
-                 "expires_in" => 600,
                 "access_token" => _,
                 "refresh_token" => _,
                 "me" => ^ap_id