Add max session duration

This commit is contained in:
Pierre HUBERT 2022-04-02 15:30:08 +02:00
parent 777b8814f5
commit ce220c52f7
2 changed files with 18 additions and 7 deletions

View File

@ -9,10 +9,13 @@ pub const DEFAULT_ADMIN_PASSWORD: &str = "admin";
pub const APP_NAME: &str = "Basic OIDC"; pub const APP_NAME: &str = "Basic OIDC";
/// Maximum session duration after inactivity, in seconds /// Maximum session duration after inactivity, in seconds
pub const MAX_SESSION_DURATION: u64 = 60 * 30; pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;
/// Minimum interval between each last activity record in session /// Minimum interval between each last activity record in session
pub const MIN_ACTIVITY_RECORD_TIME: u64 = 10; pub const MIN_ACTIVITY_RECORD_TIME: u64 = 10;
/// Minimum password length /// Minimum password length
pub const MIN_PASS_LEN: usize = 4; pub const MIN_PASS_LEN: usize = 4;
/// Maximum session duration (6 hours)
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;

View File

@ -1,8 +1,8 @@
use actix_identity::Identity; use actix_identity::Identity;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::constants::{MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME}; use crate::constants::{MAX_INACTIVITY_DURATION, MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME};
use crate::data::user::User; use crate::data::user::{User, UserID};
use crate::utils::time::time; use crate::utils::time::time;
#[derive(Debug, Serialize, Deserialize, Eq, PartialEq)] #[derive(Debug, Serialize, Deserialize, Eq, PartialEq)]
@ -22,8 +22,9 @@ impl Default for SessionStatus {
#[derive(Debug, Serialize, Deserialize, Default)] #[derive(Debug, Serialize, Deserialize, Default)]
struct SessionIdentityData { struct SessionIdentityData {
pub id: String, pub id: UserID,
pub is_admin: bool, pub is_admin: bool,
login_time: u64,
last_access: u64, last_access: u64,
pub status: SessionStatus, pub status: SessionStatus,
@ -37,6 +38,7 @@ impl<'a> SessionIdentity<'a> {
self.set_session_data(&SessionIdentityData { self.set_session_data(&SessionIdentityData {
id: user.uid.clone(), id: user.uid.clone(),
is_admin: user.admin, is_admin: user.admin,
login_time: time(),
last_access: time(), last_access: time(),
status: SessionStatus::SignedIn, status: SessionStatus::SignedIn,
}); });
@ -56,7 +58,13 @@ impl<'a> SessionIdentity<'a> {
} }
if let Some(session) = res.as_mut() { if let Some(session) = res.as_mut() {
if session.last_access + MAX_SESSION_DURATION < time() { if session.login_time + MAX_SESSION_DURATION < time() {
log::info!("Session for {} reached max duration timeout", session.id);
self.0.forget();
return None;
}
if session.last_access + MAX_INACTIVITY_DURATION < time() {
log::info!("Session is expired for {}", session.id); log::info!("Session is expired for {}", session.id);
self.0.forget(); self.0.forget();
return None; return None;
@ -97,7 +105,7 @@ impl<'a> SessionIdentity<'a> {
.unwrap_or(false) .unwrap_or(false)
} }
pub fn user_id(&self) -> String { pub fn user_id(&self) -> UserID {
self.get_session_data() self.get_session_data()
.unwrap_or_default() .unwrap_or_default()
.id .id