Tweaks to OAuth entities expiration: changed default to 30 days, removed hardcoded values usage, fixed OAuthView (expires_in).

2020-12-09 21:14:39 +03:00 · 2020-12-09 21:14:39 +03:00 · 7fff9c1bee
commit 7fff9c1bee
parent c308224aaf
8 changed files with 14 additions and 17 deletions
--- a/lib/pleroma/web/o_auth/authorization.ex
+++ b/lib/pleroma/web/o_auth/authorization.ex
@ -9,6 +9,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
  alias Pleroma.User
  alias Pleroma.Web.OAuth.App
  alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.Token

  import Ecto.Changeset
  import Ecto.Query
@ -53,7 +54,8 @@ defmodule Pleroma.Web.OAuth.Authorization do
  end

  defp add_lifetime(changeset) do
-    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10))
+    lifespan = Token.lifespan()
+    put_change(changeset, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan))
  end

  @spec use_changeset(Authtorizatiton.t(), map()) :: Changeset.t()
--- a/lib/pleroma/web/o_auth/o_auth_view.ex
+++ b/lib/pleroma/web/o_auth/o_auth_view.ex
@ -13,7 +13,7 @@ defmodule Pleroma.Web.OAuth.OAuthView do
      token_type: "Bearer",
      access_token: token.token,
      refresh_token: token.refresh_token,
-      expires_in: expires_in(),
+      expires_in: NaiveDateTime.diff(token.valid_until, NaiveDateTime.utc_now()),
      scope: Enum.join(token.scopes, " "),
      created_at: Utils.format_created_at(token)
    }
@ -25,6 +25,4 @@ defmodule Pleroma.Web.OAuth.OAuthView do
      response
    end
  end
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end
--- a/lib/pleroma/web/o_auth/token.ex
+++ b/lib/pleroma/web/o_auth/token.ex
@ -27,6 +27,10 @@ defmodule Pleroma.Web.OAuth.Token do
    timestamps()
  end

+  def lifespan do
+    Pleroma.Config.get!([:oauth2, :token_expires_in])
+  end
+
  @doc "Gets token by unique access token"
  @spec get_by_token(String.t()) :: {:ok, t()} | {:error, :not_found}
  def get_by_token(token) do
@ -83,11 +87,11 @@ defmodule Pleroma.Web.OAuth.Token do
  end

  defp put_valid_until(changeset, attrs) do
-    expires_in =
-      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), expires_in()))
+    valid_until =
+      Map.get(attrs, :valid_until, NaiveDateTime.add(NaiveDateTime.utc_now(), lifespan()))

    changeset
-    |> change(%{valid_until: expires_in})
+    |> change(%{valid_until: valid_until})
    |> validate_required([:valid_until])
  end

@ -138,6 +142,4 @@ defmodule Pleroma.Web.OAuth.Token do
  end

  def is_expired?(_), do: false
-
-  defp expires_in, do: Pleroma.Config.get([:oauth2, :token_expires_in], 600)
 end