External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-01 01:28:09 -03:30
Code Issues Packages Projects Releases Wiki Activity

migrate session length setting

Browse Source
This commit is contained in:
adamscmRH
2018-06-27 15:16:07 -04:00
parent b5dc3e6b94
commit 4c84d400a8
7 changed files with 73 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/CHANGELOG.md
View File

@@ -49,7 +49,7 @@
* Impose stricter criteria to admin users - organization admin role now
necessary for all organizations target user is member of.
* Remove unused `admin_role` associated with users.
* Enforce max value for `AUTH_TIMEOUT_EXPIRATION`
* Enforce max value for `SESSION_COOKIE_AGE`
[[#1651](https://github.com/ansible/awx/issues/1651)].
* Add stricter validation to `order_by` query params
[[#776](https://github.com/ansible/awx/issues/776)].
@@ -71,6 +71,8 @@
* Implemented OAuth2 support for token based authentication [[#21](https://github.com/ansible/awx/issues/21)].
* Added the ability to forcibly expire sessions through `awx-manage expire_sessions`.
* Disallowed using HTTP PUT/PATCH methods to modify existing jobs in Job Details API endpoint.
* Changed the name of the session length setting from `AUTH_TOKEN_EXPIRATION` to `SESSION_COOKIE_AGE`.
* Changed the name of the session length setting from `AUTH_TOKEN_PER_USER` to `SESSIONS_PER_USER`.
3.2.0
=====

4
docs/auth/session.md
View File

@@ -45,7 +45,7 @@ Any client should follow the standard rules of [cookie protocol](https://tools.i
parse that header to obtain information about the session, such as session cookie name (`session_id`),
session cookie value, expiration date, duration, etc.
The duration of the cookie is configurable by Tower Configuration setting `AUTH_TOKEN_EXPIRATION` under
The duration of the cookie is configurable by Tower Configuration setting `SESSION_COOKIE_AGE` under
category `authentication`. It is an integer denoting the number of seconds the session cookie should
live. The default session cookie age is 2 weeks.
@@ -76,7 +76,7 @@ is updated, all sessions she owned will be invalidated and deleted.
* User should be able to log in via `/api/login/` endpoint by correctly providing all necessary fields.
* Logged in users should be able to authenticate themselves by providing correct session auth info.
* Logged in users should be able to log out via `/api/logout/`.
* The duration of a session cookie should be configurable by `AUTH_TOKEN_EXPIRATION`.
* The duration of a session cookie should be configurable by `SESSION_COOKIE_AGE`.
* The maximum number of concurrent login for one user should be configurable by `SESSIONS_PER_USER`,
and over-limit user sessions should be warned by websocket.
* When a user's password is changed, all her sessions should be invalidated and deleted.