Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in).

This commit is contained in:
Ivan Tashkinov 2020-12-09 21:14:39 +03:00
parent c308224aaf
commit 7fff9c1bee
8 changed files with 14 additions and 17 deletions

View file

@ -648,7 +648,7 @@
} }
config :pleroma, :oauth2, config :pleroma, :oauth2,
token_expires_in: 600, token_expires_in: 3600 * 24 * 30,
issue_new_refresh_token: true, issue_new_refresh_token: true,
clean_expired_tokens: false clean_expired_tokens: false

View file

@ -2540,7 +2540,7 @@
key: :token_expires_in, key: :token_expires_in,
type: :integer, type: :integer,
description: "The lifetime in seconds of the access token", description: "The lifetime in seconds of the access token",
suggestions: [600] suggestions: [2_592_000]
}, },
%{ %{
key: :issue_new_refresh_token, key: :issue_new_refresh_token,

View file

@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Authorization
@expires 3600 * 24 * 30 @expires 300
@type t() :: %__MODULE__{} @type t() :: %__MODULE__{}

View file

@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.App
alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Authorization
alias Pleroma.Web.OAuth.Token
import Ecto.Changeset import Ecto.Changeset
import Ecto.Query import Ecto.Query
@ -53,7 +54,8 @@ defp add_token(changeset) do
end end
defp add_lifetime(changeset) do defp add_lifetime(changeset) do
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)) lifespan = Token.lifespan()
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
end end
@spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t() @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()

View file

@ -13,7 +13,7 @@ def render("token.json", %{token: token} = opts) do
token_type: "Bearer", token_type: "Bearer",
access_token: token.token, access_token: token.token,
refresh_token: token.refresh_token, refresh_token: token.refresh_token,
expires_in: expires_in(), expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
scope: Enum.join(token.scopes, " "), scope: Enum.join(token.scopes, " "),
created_at: Utils.format_created_at(token) created_at: Utils.format_created_at(token)
} }
@ -25,6 +25,4 @@ def render("token.json", %{token: token} = opts) do
response response
end end
end end
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
end end

View file

@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
timestamps() timestamps()
end end
def lifespan do
Pleroma.Config.get!([:oauth2, :token_expires_in])
end
@doc "Gets token by unique access token" @doc "Gets token by unique access token"
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found} @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
def get_by_token(token) do def get_by_token(token) do
@ -83,11 +87,11 @@ defp put_refresh_token(changeset, attrs) do
end end
defp put_valid_until(changeset, attrs) do defp put_valid_until(changeset, attrs) do
expires_in = valid_until =
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in())) Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
changeset changeset
|> change(%{valid_until: expires_in}) |> change(%{valid_until: valid_until})
|> validate_required([:valid_until]) |> validate_required([:valid_until])
end end
@ -138,6 +142,4 @@ def is_expired?(%__MODULE__{valid_until: valid_until}) do
end end
def is_expired?(_), do: false def is_expired?(_), do: false
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
end end

View file

@ -171,7 +171,6 @@ test "returns access token with valid code", %{conn: conn, user: user, app: app}
assert match?( assert match?(
%{ %{
"access_token" => _, "access_token" => _,
"expires_in" => 600,
"me" => ^ap_id, "me" => ^ap_id,
"refresh_token" => _, "refresh_token" => _,
"scope" => "write", "scope" => "write",
@ -280,7 +279,6 @@ test "returns access token with valid code", %{conn: conn, app: app} do
assert match?( assert match?(
%{ %{
"access_token" => _, "access_token" => _,
"expires_in" => 600,
"me" => ^ap_id, "me" => ^ap_id,
"refresh_token" => _, "refresh_token" => _,
"scope" => "write", "scope" => "write",

View file

@ -1105,7 +1105,6 @@ test "issues a new access token with keep fresh token" do
%{ %{
"scope" => "write", "scope" => "write",
"token_type" => "Bearer", "token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _, "access_token" => _,
"refresh_token" => _, "refresh_token" => _,
"me" => ^ap_id "me" => ^ap_id
@ -1145,7 +1144,6 @@ test "issues a new access token with new fresh token" do
%{ %{
"scope" => "write", "scope" => "write",
"token_type" => "Bearer", "token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _, "access_token" => _,
"refresh_token" => _, "refresh_token" => _,
"me" => ^ap_id "me" => ^ap_id
@ -1228,7 +1226,6 @@ test "issues a new token if token expired" do
%{ %{
"scope" => "write", "scope" => "write",
"token_type" => "Bearer", "token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _, "access_token" => _,
"refresh_token" => _, "refresh_token" => _,
"me" => ^ap_id "me" => ^ap_id