pleroma

commit: 45e1cf902a70e5ab1f2af8d6484002c3d7e93df6
parent c308224aafff4ca5bcbb481930f1eb557ab6ea6d
Author: feld <feld@feld.me>
Date:   Wed,  9 Dec 2020 18:30:13 +0000

Merge branch 'oauth-entities-expiration-tweaks' into 'develop'

Tweaks to OAuth entities expiration

See merge request pleroma/pleroma!3193
Diffstat:
M
config/config.exs
2
+-
M
config/description.exs
2
+-
M
lib/pleroma/mfa/token.ex
2
+-
M
lib/pleroma/web/o_auth/authorization.ex
4
+++-
M
lib/pleroma/web/o_auth/o_auth_view.ex
4
+---
M
lib/pleroma/web/o_auth/token.ex
12
+++++++-----
M
test/pleroma/web/o_auth/mfa_controller_test.exs
2
--
M
test/pleroma/web/o_auth/o_auth_controller_test.exs
3
---

8 files changed, 14 insertions(+), 17 deletions(-)
diff --git a/config/config.exs b/config/config.exs
@@ -648,7 +648,7 @@ config :pleroma, :email_notifications,
   }
 
 config :pleroma, :oauth2,
-  token_expires_in: 600,
+  token_expires_in: 3600 * 24 * 30,
   issue_new_refresh_token: true,
   clean_expired_tokens: false
 
diff --git a/config/description.exs b/config/description.exs
@@ -2540,7 +2540,7 @@ config :pleroma, :config_description, [
         key: :token_expires_in,
         type: :integer,
         description: "The lifetime in seconds of the access token",
-        suggestions: [600]
+        suggestions: [2_592_000]
       },
       %{
         key: :issue_new_refresh_token,
diff --git a/lib/pleroma/mfa/token.ex b/lib/pleroma/mfa/token.ex
@@ -11,7 +11,7 @@ defmodule Pleroma.MFA.Token do
   alias Pleroma.User
   alias Pleroma.Web.OAuth.Authorization
 
-  @expires 3600 * 24 * 30
+  @expires 300
 
   @type t() :: %__MODULE__{}
 
diff --git a/lib/pleroma/web/o_auth/authorization.ex b/lib/pleroma/web/o_auth/authorization.ex
@@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
   alias Pleroma.User
   alias Pleroma.Web.OAuth.App
   alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.Token
 
   import Ecto.Changeset
   import Ecto.Query
@@ -53,7 +54,8 @@ defmodule Pleroma.Web.OAuth.Authorization do
   end
 
   defp add_lifetime(changeset) do
-    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
+    lifespan = Token.lifespan()
+    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
   end
 
   @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
diff --git a/lib/pleroma/web/o_auth/o_auth_view.ex b/lib/pleroma/web/o_auth/o_auth_view.ex
@@ -13,7 +13,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do
       token_type: "Bearer",
       access_token: token.token,
       refresh_token: token.refresh_token,
-      expires_in: expires_in(),
+      expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
       scope: Enum.join(token.scopes, " "),
       created_at: Utils.format_created_at(token)
     }
@@ -25,6 +25,4 @@ defmodule Pleroma.Web.OAuth.OAuthView do
       response
     end
   end
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/lib/pleroma/web/o_auth/token.ex b/lib/pleroma/web/o_auth/token.ex
@@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
     timestamps()
   end
 
+  def lifespan do
+    Pleroma.Config.get!([:oauth2, :token_expires_in])
+  end
+
   @doc "Gets token by unique access token"
   @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
   def get_by_token(token) do
@@ -83,11 +87,11 @@ defmodule Pleroma.Web.OAuth.Token do
   end
 
   defp put_valid_until(changeset, attrs) do
-    expires_in =
-      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
+    valid_until =
+      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))
 
     changeset
-    |> change(%{valid_until: expires_in})
+    |> change(%{valid_until: valid_until})
     |> validate_required([:valid_until])
   end
 
@@ -138,6 +142,4 @@ defmodule Pleroma.Web.OAuth.Token do
   end
 
   def is_expired?(_), do: false
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
diff --git a/test/pleroma/web/o_auth/mfa_controller_test.exs b/test/pleroma/web/o_auth/mfa_controller_test.exs
@@ -171,7 +171,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       assert match?(
                %{
                  "access_token" => _,
-                 "expires_in" => 600,
                  "me" => ^ap_id,
                  "refresh_token" => _,
                  "scope" => "write",
@@ -280,7 +279,6 @@ defmodule Pleroma.Web.OAuth.MFAControllerTest do
       assert match?(
                %{
                  "access_token" => _,
-                 "expires_in" => 600,
                  "me" => ^ap_id,
                  "refresh_token" => _,
                  "scope" => "write",
diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs
@@ -1105,7 +1105,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id
@@ -1145,7 +1144,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id
@@ -1228,7 +1226,6 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
                %{
                  "scope" => "write",
                  "token_type" => "Bearer",
-                 "expires_in" => 600,
                  "access_token" => _,
                  "refresh_token" => _,
                  "me" => ^ap_id