mirror of
https://github.com/ansible/awx.git
synced 2026-05-19 23:07:42 -02:30
Merge pull request #4886 from fosterseth/fix-4710-clearexpiredtokens
Set oauth2 refresh token expiration setting Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
This commit is contained in:
softwarefactory-project-zuul[bot]
GitHub
@@ -38,12 +38,15 @@ register(
|
|||||||
'OAUTH2_PROVIDER',
|
'OAUTH2_PROVIDER',
|
||||||
field_class=OAuth2ProviderField,
|
field_class=OAuth2ProviderField,
|
||||||
default={'ACCESS_TOKEN_EXPIRE_SECONDS': oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
|
default={'ACCESS_TOKEN_EXPIRE_SECONDS': oauth2_settings.ACCESS_TOKEN_EXPIRE_SECONDS,
|
||||||
'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600},
|
'AUTHORIZATION_CODE_EXPIRE_SECONDS': oauth2_settings.AUTHORIZATION_CODE_EXPIRE_SECONDS,
|
||||||
|
'REFRESH_TOKEN_EXPIRE_SECONDS': oauth2_settings.REFRESH_TOKEN_EXPIRE_SECONDS},
|
||||||
label=_('OAuth 2 Timeout Settings'),
|
label=_('OAuth 2 Timeout Settings'),
|
||||||
help_text=_('Dictionary for customizing OAuth 2 timeouts, available items are '
|
help_text=_('Dictionary for customizing OAuth 2 timeouts, available items are '
|
||||||
'`ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number '
|
'`ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number '
|
||||||
'of seconds, and `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of '
|
'of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of '
|
||||||
'authorization codes in the number of seconds.'),
|
'authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, '
|
||||||
|
'the duration of refresh tokens, after expired access tokens, '
|
||||||
|
'in the number of seconds.'),
|
||||||
category=_('Authentication'),
|
category=_('Authentication'),
|
||||||
category_slug='authentication',
|
category_slug='authentication',
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ class OAuth2ProviderField(fields.DictField):
|
|||||||
default_error_messages = {
|
default_error_messages = {
|
||||||
'invalid_key_names': _('Invalid key names: {invalid_key_names}'),
|
'invalid_key_names': _('Invalid key names: {invalid_key_names}'),
|
||||||
}
|
}
|
||||||
valid_key_names = {'ACCESS_TOKEN_EXPIRE_SECONDS', 'AUTHORIZATION_CODE_EXPIRE_SECONDS'}
|
valid_key_names = {'ACCESS_TOKEN_EXPIRE_SECONDS', 'AUTHORIZATION_CODE_EXPIRE_SECONDS', 'REFRESH_TOKEN_EXPIRE_SECONDS'}
|
||||||
child = fields.IntegerField(min_value=1)
|
child = fields.IntegerField(min_value=1)
|
||||||
|
|
||||||
def to_internal_value(self, data):
|
def to_internal_value(self, data):
|
||||||
|
|||||||
@@ -338,7 +338,8 @@ OAUTH2_PROVIDER_ACCESS_TOKEN_MODEL = 'main.OAuth2AccessToken'
|
|||||||
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
|
OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
|
||||||
|
|
||||||
OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000,
|
OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000,
|
||||||
'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600}
|
'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600,
|
||||||
|
'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
|
||||||
ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
|
ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
|
||||||
|
|
||||||
# LDAP server (default to None to skip using LDAP authentication).
|
# LDAP server (default to None to skip using LDAP authentication).
|
||||||
|
|||||||
Reference in New Issue
Block a user