makes sure rotation is always higher than urgent rotation

516037fb · bergquist · 9ae306e4 · 516037fb · 516037fb · 516037fb
Commit 516037fb authored Jan 24, 2019 by bergquist
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 6 deletions

conf/defaults.ini
+1 -1

pkg/services/auth/auth_token.go
+2 -2

pkg/services/auth/auth_token_test.go
+1 -1

pkg/setting/setting.go
+5 -2

No files found.
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -120,7 +120,7 @@ cookie_secure = false
 login_remember_days = 7

 # How often should the login token be rotated. default to '30m'
-rotate_cookie_every = 30m
+rotate_token_minutes = 30

 # How long should Grafana keep expired tokens before deleting them
 delete_expired_token_after_days = 30

--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@@ -23,7 +23,7 @@ func init() {

 var (
 	getTime          = time.Now
-	UrgentRotateTime = 20 * time.Second
+	UrgentRotateTime = 1 * time.Minute
 	oneYearInSeconds = 31557600 //used as default maxage for session cookies. We validate/rotate them more often.
 )

@@ -218,7 +218,7 @@ func (s *UserAuthTokenServiceImpl) RefreshToken(token *userAuthToken, clientIP, 
 	needsRotation := false
 	rotatedAt := time.Unix(token.RotatedAt, 0)
 	if token.AuthTokenSeen {
-		needsRotation = rotatedAt.Before(now.Add(-s.Cfg.LoginCookieRotation))
+		needsRotation = rotatedAt.Before(now.Add(-time.Duration(s.Cfg.LoginCookieRotation) * time.Minute))
 	} else {
 		needsRotation = rotatedAt.Before(now.Add(-UrgentRotateTime))
 	}

--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@@ -296,7 +296,7 @@ func createTestContext(t *testing.T) *testContext {
 			LoginCookieSecure:                 false,
 			LoginCookieMaxDays:                7,
 			LoginDeleteExpiredTokensAfterDays: 30,
-			LoginCookieRotation:               10 * time.Minute,
+			LoginCookieRotation:               10,
 		},
 		log: log.New("test-logger"),
 	}

--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -225,7 +225,7 @@ type Cfg struct {
 	LoginCookieName                   string
 	LoginCookieSecure                 bool
 	LoginCookieMaxDays                int
-	LoginCookieRotation               time.Duration
+	LoginCookieRotation               int
 	LoginDeleteExpiredTokensAfterDays int
 }

@@ -556,7 +556,10 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 	cfg.LoginCookieMaxDays = login.Key("login_remember_days").MustInt(7)
 	cfg.LoginCookieSecure = login.Key("cookie_secure").MustBool(false)
 	cfg.LoginDeleteExpiredTokensAfterDays = login.Key("delete_expired_token_after_days").MustInt(30)
-	cfg.LoginCookieRotation = login.Key("rotate_cookie_every").MustDuration(time.Minute * 30)
+	cfg.LoginCookieRotation = login.Key("rotate_token_minutes").MustInt(30)
+	if cfg.LoginCookieRotation < 2 {
+		cfg.LoginCookieRotation = 2
+	}

 	Env = iniFile.Section("").Key("app_mode").MustString("development")
 	InstanceName = iniFile.Section("").Key("instance_name").MustString("unknown_instance_name")