patch session length settings

2026-01-20 06:01:25 -03:30 · 2018-06-25 14:39:04 -04:00 · 2018-06-25 14:39:04 -04:00 · b5dc3e6b94
commit b5dc3e6b94
parent 380df1b327
6 changed files with 20 additions and 9 deletions
--- a/awx/api/conf.py
+++ b/awx/api/conf.py
@ -5,18 +5,20 @@ from django.utils.translation import ugettext_lazy as _
 from awx.conf import fields, register
 from awx.api.fields import OAuth2ProviderField
 from oauth2_provider.settings import oauth2_settings
-
+from django.conf import settings

 register(
-    'SESSION_COOKIE_AGE',
-    field_class=fields.IntegerField,
+    'AUTH_TOKEN_EXPIRATION',
+    field_class=fields.AuthTokenField,
    min_value=60,
    max_value=30000000000,  # approx 1,000 years, higher values give OverflowError
+    default={'AUTH_TOKEN_EXPIRATION': settings.AUTH_TOKEN_EXPIRATION},
    label=_('Idle Time Force Log Out'),
    help_text=_('Number of seconds that a user is inactive before they will need to login again.'),
    category=_('Authentication'),
    category_slug='authentication',
 )
+
 register(
    'SESSIONS_PER_USER',
    field_class=fields.IntegerField,
--- a/awx/conf/fields.py
+++ b/awx/conf/fields.py
@ -6,6 +6,7 @@ from collections import OrderedDict
 # Django
 from django.core.validators import URLValidator
 from django.utils.translation import ugettext_lazy as _
+from django.conf import settings

 # Django REST Framework
 from rest_framework.fields import *  # noqa
@ -42,6 +43,13 @@ class IntegerField(IntegerField):
        if ret == '' and self.allow_null and not getattr(self, 'allow_blank', False):
            return None
        return ret
+        
+        
+class AuthTokenField(IntegerField):
+    
+    def to_internal_value(self, data):
+        settings.SESSION_COOKIE_AGE = data
+        return super(AuthTokenField, self).to_internal_value(data)


 class StringListField(ListField):
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@ -200,7 +200,8 @@ SESSION_COOKIE_SECURE = True

 # Seconds before sessions expire.
 # Note: This setting may be overridden by database settings.
-SESSION_COOKIE_AGE = 1209600
+AUTH_TOKEN_EXPIRATION = 1800
+SESSION_COOKIE_AGE = AUTH_TOKEN_EXPIRATION

 # Maximum number of per-user valid, concurrent sessions.
 # -1 is unlimited
--- a/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js
+++ b/awx/ui/client/src/configuration/system-form/sub-forms/system-misc.form.js
@ -24,11 +24,11 @@ export default ['i18n', function(i18n) {
            MANAGE_ORGANIZATION_AUTH: {
                type: 'toggleSwitch',
            },
-            SESSION_COOKIE_AGE: {
+            AUTH_TOKEN_EXPIRATION: {
                type: 'number',
                integer: true,
                min: 60,
-                reset: 'SESSION_COOKIE_AGE',
+                reset: 'AUTH_TOKEN_EXPIRATION',
            },
            SESSIONS_PER_USER: {
                type: 'number',
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@ -49,7 +49,7 @@
 * Impose stricter criteria to admin users - organization admin role now
  necessary for all organizations target user is member of.
 * Remove unused `admin_role` associated with users.
-* Enforce max value for `SESSION_COOKIE_AGE`
+* Enforce max value for `AUTH_TIMEOUT_EXPIRATION`
  [[#1651](https://github.com/ansible/awx/issues/1651)].
 * Add stricter validation to `order_by` query params
  [[#776](https://github.com/ansible/awx/issues/776)].
--- a/docs/auth/session.md
+++ b/docs/auth/session.md
@ -45,7 +45,7 @@ Any client should follow the standard rules of [cookie protocol](https://tools.i
 parse that header to obtain information about the session, such as session cookie name (`session_id`),
 session cookie value, expiration date, duration, etc.

-The duration of the cookie is configurable by Tower Configuration setting `SESSION_COOKIE_AGE` under
+The duration of the cookie is configurable by Tower Configuration setting `AUTH_TOKEN_EXPIRATION` under
 category `authentication`. It is an integer denoting the number of seconds the session cookie should
 live. The default session cookie age is 2 weeks.  

@ -76,7 +76,7 @@ is updated, all sessions she owned will be invalidated and deleted.
 * User should be able to log in via `/api/login/` endpoint by correctly providing all necessary fields.
 * Logged in users should be able to authenticate themselves by providing correct session auth info.
 * Logged in users should be able to log out via `/api/logout/`.
-* The duration of a session cookie should be configurable by `SESSION_COOKIE_AGE`.
+* The duration of a session cookie should be configurable by `AUTH_TOKEN_EXPIRATION`.
 * The maximum number of concurrent login for one user should be configurable by `SESSIONS_PER_USER`,
  and over-limit user sessions should be warned by websocket.
 * When a user's password is changed, all her sessions should be invalidated and deleted.