From: Ivan Tashkinov Date: Wed, 9 Dec 2020 18:14:39 +0000 (+0300) Subject: Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded... X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=7fff9c1bee009c7b05679ad8bd57de8bcf58e610;p=akkoma Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in). --- diff --git a/config/config.exs b/config/config.exs index f7455cf97..c7ac0d22c 100644 --- a/config/config.exs +++ b/config/config.exs @@ -648,7 +648,7 @@ config :pleroma, :email_notifications, } config :pleroma, :oauth2, - token_expires_in: 600, + token_expires_in: 3600 * 24 * 30, issue_new_refresh_token: true, clean_expired_tokens: false diff --git a/config/description.exs b/config/description.exs index a663d8127..f4b8768da 100644 --- a/config/description.exs +++ b/config/description.exs @@ -2540,7 +2540,7 @@ config :pleroma, :config_description, [ key: :token_expires_in, type: :integer, description: "The lifetime in seconds of the access token", - suggestions: [600] + suggestions: [2_592_000] }, %{ key: :issue_new_refresh_token, diff --git a/lib/pleroma/mfa/token.ex b/lib/pleroma/mfa/token.ex index 82d3817cc..69b64c0e8 100644 --- a/lib/pleroma/mfa/token.ex +++ b/lib/pleroma/mfa/token.ex @@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do alias Pleroma.User alias Pleroma.Web.OAuth.Authorization - @expires 3600 * 24 * 30 + @expires 300 @type t() :: %__MODULE__{} diff --git a/lib/pleroma/web/o_auth/authorization.ex b/lib/pleroma/web/o_auth/authorization.ex index 268ee5b63..e766dcada 100644 --- a/lib/pleroma/web/o_auth/authorization.ex +++ b/lib/pleroma/web/o_auth/authorization.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do alias Pleroma.User alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization + alias Pleroma.Web.OAuth.Token import Ecto.Changeset import Ecto.Query @@ -53,7 +54,8 @@ defmodule Pleroma.Web.OAuth.Authorization do end defp add_lifetime(changeset) do - put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)) + lifespan = Token.lifespan() + put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan)) end @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t() diff --git a/lib/pleroma/web/o_auth/o_auth_view.ex b/lib/pleroma/web/o_auth/o_auth_view.ex index f55247ebd..d22b2f7fe 100644 --- a/lib/pleroma/web/o_auth/o_auth_view.ex +++ b/lib/pleroma/web/o_auth/o_auth_view.ex @@ -13,7 +13,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do token_type: "Bearer", access_token: token.token, refresh_token: token.refresh_token, - expires_in: expires_in(), + expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()), scope: Enum.join(token.scopes, " "), created_at: Utils.format_created_at(token) } @@ -25,6 +25,4 @@ defmodule Pleroma.Web.OAuth.OAuthView do response end end - - defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600) end diff --git a/lib/pleroma/web/o_auth/token.ex b/lib/pleroma/web/o_auth/token.ex index 9170a7ec7..886117d15 100644 --- a/lib/pleroma/web/o_auth/token.ex +++ b/lib/pleroma/web/o_auth/token.ex @@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do timestamps() end + def lifespan do + Pleroma.Config.get!([:oauth2, :token_expires_in]) + end + @doc "Gets token by unique access token" @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found} def get_by_token(token) do @@ -83,11 +87,11 @@ defmodule Pleroma.Web.OAuth.Token do end defp put_valid_until(changeset, attrs) do - expires_in = - Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in())) + valid_until = + Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan())) changeset - |> change(%{valid_until: expires_in}) + |> change(%{valid_until: valid_until}) |> validate_required([:valid_until]) end @@ -138,6 +142,4 @@ defmodule Pleroma.Web.OAuth.Token do end def is_expired?(_), do: false - - defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600) end diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs index 3c341facd..6ecd0f6c9 100644 --- a/test/pleroma/web/o_auth/mfa_controller_test.exs +++ b/test/pleroma/web/o_auth/mfa_controller_test.exs @@ -171,7 +171,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do assert match?( %{ "access_token" => _, - "expires_in" => 600, "me" => ^ap_id, "refresh_token" => _, "scope" => "write", @@ -280,7 +279,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do assert match?( %{ "access_token" => _, - "expires_in" => 600, "me" => ^ap_id, "refresh_token" => _, "scope" => "write", diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs index 3221af223..ac22856ea 100644 --- a/test/pleroma/web/o_auth/o_auth_controller_test.exs +++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs @@ -1105,7 +1105,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do %{ "scope" => "write", "token_type" => "Bearer", - "expires_in" => 600, "access_token" => _, "refresh_token" => _, "me" => ^ap_id @@ -1145,7 +1144,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do %{ "scope" => "write", "token_type" => "Bearer", - "expires_in" => 600, "access_token" => _, "refresh_token" => _, "me" => ^ap_id @@ -1228,7 +1226,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do %{ "scope" => "write", "token_type" => "Bearer", - "expires_in" => 600, "access_token" => _, "refresh_token" => _, "me" => ^ap_id