mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
makes auth token rotation time configurable
This commit is contained in:
parent
4626f083bb
commit
56a521b264
@ -122,6 +122,9 @@ cookie_username = grafana_user
|
||||
# How many days an session can be unused before we inactivate it
|
||||
login_remember_days = 7
|
||||
|
||||
# How often should the login token be rotated. default to '30m'
|
||||
rotate_cookie_every = 30m
|
||||
|
||||
# How long should Grafana keep expired tokens before deleting them
|
||||
delete_expired_token_after_days = 30
|
||||
|
||||
|
@ -102,6 +102,28 @@ log_queries =
|
||||
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
|
||||
;cache_mode = private
|
||||
|
||||
#################################### Login ###############################
|
||||
|
||||
[login]
|
||||
|
||||
# Login cookie name
|
||||
;cookie_name = grafana_session
|
||||
|
||||
# If you want login cookies to be https only. default is false
|
||||
;cookie_secure = false
|
||||
|
||||
# Logged in user name
|
||||
;cookie_username = grafana_user
|
||||
|
||||
# How many days an session can be unused before we inactivate it
|
||||
;login_remember_days = 7
|
||||
|
||||
# How often should the login token be rotated. default to '30m'
|
||||
;rotate_cookie_every = 30m
|
||||
|
||||
# How long should Grafana keep expired tokens before deleting them
|
||||
;delete_expired_token_after_days = 30
|
||||
|
||||
#################################### Session ####################################
|
||||
[session]
|
||||
# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
|
||||
|
@ -23,7 +23,6 @@ func init() {
|
||||
|
||||
var (
|
||||
getTime = time.Now
|
||||
RotateTime = 2 * time.Minute
|
||||
UrgentRotateTime = 20 * time.Second
|
||||
oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often.
|
||||
)
|
||||
@ -219,7 +218,7 @@ func (s *UserAuthTokenServiceImpl) RefreshToken(token *userAuthToken, clientIP,
|
||||
needsRotation := false
|
||||
rotatedAt := time.Unix(token.RotatedAt, 0)
|
||||
if token.AuthTokenSeen {
|
||||
needsRotation = rotatedAt.Before(now.Add(-RotateTime))
|
||||
needsRotation = rotatedAt.Before(now.Add(-s.Cfg.LoginCookieRotation))
|
||||
} else {
|
||||
needsRotation = rotatedAt.Before(now.Add(-UrgentRotateTime))
|
||||
}
|
||||
|
@ -297,11 +297,11 @@ func createTestContext(t *testing.T) *testContext {
|
||||
LoginCookieSecure: false,
|
||||
LoginCookieMaxDays: 7,
|
||||
LoginDeleteExpiredTokensAfterDays: 30,
|
||||
LoginCookieRotation: 10 * time.Minute,
|
||||
},
|
||||
log: log.New("test-logger"),
|
||||
}
|
||||
|
||||
RotateTime = 10 * time.Minute
|
||||
UrgentRotateTime = time.Minute
|
||||
setting.LogInRememberDays = 7
|
||||
|
||||
|
@ -229,6 +229,7 @@ type Cfg struct {
|
||||
LoginCookieUsername string
|
||||
LoginCookieSecure bool
|
||||
LoginCookieMaxDays int
|
||||
LoginCookieRotation time.Duration
|
||||
LoginDeleteExpiredTokensAfterDays int
|
||||
}
|
||||
|
||||
@ -560,6 +561,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
|
||||
cfg.LoginCookieSecure = login.Key("cookie_secure").MustBool(false)
|
||||
cfg.LoginCookieUsername = login.Key("cookie_username").MustString("grafana_username")
|
||||
cfg.LoginDeleteExpiredTokensAfterDays = login.Key("delete_expired_token_after_days").MustInt(30)
|
||||
cfg.LoginCookieRotation = login.Key("rotate_cookie_every").MustDuration(time.Minute * 30)
|
||||
|
||||
Env = iniFile.Section("").Key("app_mode").MustString("development")
|
||||
InstanceName = iniFile.Section("").Key("instance_name").MustString("unknown_instance_name")
|
||||
|
Loading…
Reference in New Issue
Block a user