mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-21 18:55:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

auth: Add maximum token lifetime of 2 years.

Browse source 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2021-01-25 12:14:26 +01:00
parent 99d6b39e00
commit 67a5f3c7ec
5 changed files with 24 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/auth/auth.service.ts
View file

@ -93,8 +93,17 @@ export class AuthService {
const accessTokenString = await this.hashPassword(secret.toString());
const accessToken = this.BufferToBase64Url(Buffer.from(accessTokenString));
let token;
if (validUntil === 0) {
token = AuthToken.create(user, identifier, keyId, accessToken);
// Tokens can only be valid for a maximum of 2 years
const maximumTokenValidity =
new Date().getTime() + 2 * 365 * 24 * 60 * 60 * 1000;
if (validUntil === 0 || validUntil > maximumTokenValidity) {
token = AuthToken.create(
user,
identifier,
keyId,
accessToken,
new Date(maximumTokenValidity),
);
} else {
token = AuthToken.create(
user,