pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Compare commits

base: pierre:3482c53acff93ecb0ebcfa81e991c8797bc67fd7
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028
..
compare: pierre:20260223
Branches Tags
pierre:master
pierre:20260223 pierre:20251204 pierre:20251028

1 Commits
3482c53acf ... 20260223

Author SHA1 Message Date
Pierre HUBERT
cc72ff64d2 Make OpenID sessions expire after one week
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2026-02-23 18:44:34 +01:00
3 changed files with 12 additions and 6 deletions
Expand all files Collapse all files

10
src/actors/openid_sessions_actor.rs
View File

@@ -17,17 +17,20 @@ pub struct SessionID(pub String);
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub struct Session { pub struct Session {
pub session_id: SessionID,
pub client: ClientID, pub client: ClientID,
pub user: UserID, pub user: UserID,
pub auth_time: u64, pub auth_time: u64,
pub redirect_uri: String, pub redirect_uri: String,
pub session_id: SessionID,
pub session_expire_at: u64,
pub authorization_code: String, pub authorization_code: String,
pub authorization_code_expire_at: u64, pub authorization_code_expire_at: u64,
pub access_token: Option<String>, pub access_token: Option<String>,
pub access_token_expire_at: u64, pub access_token_expire_at: u64,
pub refresh_token: String, pub refresh_token: String,
pub refresh_token_expire_at: u64, pub refresh_token_expire_at: u64,
@@ -37,9 +40,10 @@ pub struct Session {
impl Session { impl Session {
pub fn is_expired(&self) -> bool { pub fn is_expired(&self) -> bool {
self.authorization_code_expire_at < time() self.session_expire_at < time()
|| (self.authorization_code_expire_at < time()
&& self.access_token_expire_at < time() && self.access_token_expire_at < time()
&& self.refresh_token_expire_at < time() && self.refresh_token_expire_at < time())
} }
pub fn regenerate_access_and_refresh_tokens( pub fn regenerate_access_and_refresh_tokens(

3
src/constants.rs
View File

@@ -64,7 +64,8 @@ pub const USERINFO_URI: &str = "/openid/userinfo";
/// Open ID constants /// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60); pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_LEN: usize = 40; pub const OPEN_ID_SESSION_ID_LEN: usize = 40;
pub const OPEN_ID_SESSION_MAX_DURATION: Duration = Duration::from_secs(3600 * 24 * 7);
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120; pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300; pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50; pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;

3
src/controllers/openid_controller.rs
View File

@@ -219,11 +219,12 @@ pub async fn authorize(
(_, "code") => { (_, "code") => {
// Save all authentication information in memory // Save all authentication information in memory
let session = Session { let session = Session {
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
client: client.id.clone(), client: client.id.clone(),
user: user.uid.clone(), user: user.uid.clone(),
auth_time: SessionIdentity(Some(&id)).auth_time(), auth_time: SessionIdentity(Some(&id)).auth_time(),
redirect_uri, redirect_uri,
session_id: SessionID(rand_str(OPEN_ID_SESSION_ID_LEN)),
session_expire_at: time() + OPEN_ID_SESSION_MAX_DURATION.as_secs(),
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN), authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT, authorization_code_expire_at: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
access_token: None, access_token: None,