Merge branch 'oauth-entities-expiration-tweaks' into 'develop'

Tweaks to OAuth entities expiration

See merge request pleroma/pleroma!3193
This commit is contained in:
feld 2020-12-09 18:30:13 +00:00
commit 45e1cf902a
8 changed files with 14 additions and 17 deletions

View File

@ -648,7 +648,7 @@
}
config :pleroma, :oauth2,
token_expires_in: 600,
token_expires_in: 3600 * 24 * 30,
issue_new_refresh_token: true,
clean_expired_tokens: false

View File

@ -2540,7 +2540,7 @@
key: :token_expires_in,
type: :integer,
description: "The lifetime in seconds of the access token",
suggestions: [600]
suggestions: [2_592_000]
},
%{
key: :issue_new_refresh_token,

View File

@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
alias Pleroma.User
alias Pleroma.Web.OAuth.Authorization
@expires 3600 * 24 * 30
@expires 300
@type t() :: %__MODULE__{}

View File

@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
alias Pleroma.User
alias Pleroma.Web.OAuth.App
alias Pleroma.Web.OAuth.Authorization
alias Pleroma.Web.OAuth.Token
import Ecto.Changeset
import Ecto.Query
@ -53,7 +54,8 @@ defp add_token(changeset) do
end
defp add_lifetime(changeset) do
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
lifespan = Token.lifespan()
put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
end
@spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()

View File

@ -13,7 +13,7 @@ def render("token.json", %{token: token} = opts) do
token_type: "Bearer",
access_token: token.token,
refresh_token: token.refresh_token,
expires_in: expires_in(),
expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
scope: Enum.join(token.scopes, " "),
created_at: Utils.format_created_at(token)
}
@ -25,6 +25,4 @@ def render("token.json", %{token: token} = opts) do
response
end
end
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
end

View File

@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
timestamps()
end
def lifespan do
Pleroma.Config.get!([:oauth2, :token_expires_in])
end
@doc "Gets token by unique access token"
@spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
def get_by_token(token) do
@ -83,11 +87,11 @@ defp put_refresh_token(changeset, attrs) do
end
defp put_valid_until(changeset, attrs) do
expires_in =
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
valid_until =
Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
changeset
|> change(%{valid_until: expires_in})
|> change(%{valid_until: valid_until})
|> validate_required([:valid_until])
end
@ -138,6 +142,4 @@ def is_expired?(%__MODULE__{valid_until: valid_until}) do
end
def is_expired?(_), do: false
defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
end

View File

@ -171,7 +171,6 @@ test "returns access token with valid code", %{conn: conn, user: user, app: app}
assert match?(
%{
"access_token" => _,
"expires_in" => 600,
"me" => ^ap_id,
"refresh_token" => _,
"scope" => "write",
@ -280,7 +279,6 @@ test "returns access token with valid code", %{conn: conn, app: app} do
assert match?(
%{
"access_token" => _,
"expires_in" => 600,
"me" => ^ap_id,
"refresh_token" => _,
"scope" => "write",

View File

@ -1105,7 +1105,6 @@ test "issues a new access token with keep fresh token" do
%{
"scope" => "write",
"token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _,
"refresh_token" => _,
"me" => ^ap_id
@ -1145,7 +1144,6 @@ test "issues a new access token with new fresh token" do
%{
"scope" => "write",
"token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _,
"refresh_token" => _,
"me" => ^ap_id
@ -1228,7 +1226,6 @@ test "issues a new token if token expired" do
%{
"scope" => "write",
"token_type" => "Bearer",
"expires_in" => 600,
"access_token" => _,
"refresh_token" => _,
"me" => ^ap_id