pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: pierre:3482c53acff93ecb0ebcfa81e991c8797bc67fd7
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028
...
compare: pierre:20260223
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028

1 Commits
3482c53acf ... 20260223

Author SHA1 Message Date
Pierre HUBERT
cc72ff64d2 Make OpenID sessions expire after one week
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2026-02-23 18:44:34 +01:00
3 changed files with 12 additions and 6 deletions
Expand all files Collapse all files

12
src/actors/openid_sessions_actor.rs
View File

@@ -17,17 +17,20 @@ pub struct SessionID(pub String);
#[derive(Clone, Debug)]
pub struct Session {
pub session_id: SessionID,
pub client: ClientID,
pub user: UserID,
pub auth_time: u64,
pub redirect_uri: String,
pub session_id: SessionID,
pub session_expire_at: u64,
pub authorization_code: String,
pub authorization_code_expire_at: u64,
pub access_token: Option<String>,
pub access_token_expire_at: u64,
pub refresh_token: String,
pub refresh_token_expire_at: u64,
@@ -37,9 +40,10 @@ pub struct Session {
impl Session {
pub fn is_expired(&self) -> bool {
self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time()
self.session_expire_at < time()
|| (self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time())
}
pub fn regenerate_access_and_refresh_tokens(

3
src/constants.rs
View File

@@ -64,7 +64,8 @@ pub const USERINFO_URI: &str = "/openid/userinfo";
/// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_LEN: usize = 40;
pub const OPEN_ID_SESSION_ID_LEN: usize = 40;
pub const OPEN_ID_SESSION_MAX_DURATION: Duration = Duration::from_secs(3600 * 24 * 7);
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;

3
src/controllers/openid_controller.rs
View File

@@ -219,11 +219,12 @@ pub async fn authorize(
(_, "code") => {
// Save all authentication information in memory
let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
client: client.id.clone(),
user: user.uid.clone(),
auth_time: SessionIdentity(Some(&id)).auth_time(),
redirect_uri,
session_id: SessionID(rand_str(OPEN_ID_SESSION_ID_LEN)),
session_expire_at: time() + OPEN_ID_SESSION_MAX_DURATION.as_secs(),
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
access_token: None,