From 219d3819c5a180de826996835e87fe51188c9fa6 Mon Sep 17 00:00:00 2001
From: Mart Aarma <mart.aarma@nortal.com>
Date: Tue, 9 Nov 2021 18:55:38 +0200
Subject: [PATCH] feat: option to update session cookie expiry time on session
 refresh

---
 consent/strategy_default.go                                    | 2 +-
 consent/types.go                                               | 3 +++
 ...20000000000_support_refresh_remember_for.cockroach.down.sql | 1 +
 ...9120000000000_support_refresh_remember_for.cockroach.up.sql | 1 +
 ...109120000000000_support_refresh_remember_for.mysql.down.sql | 1 +
 ...11109120000000000_support_refresh_remember_for.mysql.up.sql | 1 +
 ...120000000000_support_refresh_remember_for.postgres.down.sql | 1 +
 ...09120000000000_support_refresh_remember_for.postgres.up.sql | 1 +
 ...09120000000000_support_refresh_remember_for.sqlite.down.sql | 1 +
 ...1109120000000000_support_refresh_remember_for.sqlite.up.sql | 1 +
 10 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.down.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.up.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.down.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.up.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.down.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.up.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.down.sql
 create mode 100644 persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.up.sql

diff --git a/consent/strategy_default.go b/consent/strategy_default.go
index 6f67951fc05..1143e7c4508 100644
--- a/consent/strategy_default.go
+++ b/consent/strategy_default.go
@@ -446,7 +446,7 @@ func (s *DefaultStrategy) verifyAuthentication(w http.ResponseWriter, r *http.Re
 		}
 	}
 
-	if !session.Remember || session.LoginRequest.Skip {
+	if !session.Remember || session.LoginRequest.Skip && !session.RefreshRememberFor {
 		// If the user doesn't want to remember the session, we do not store a cookie.
 		// If login was skipped, it means an authentication cookie was present and
 		// we don't want to touch it (in order to preserve its original expiry date)
diff --git a/consent/types.go b/consent/types.go
index 5052c33aa4d..288bb872d57 100644
--- a/consent/types.go
+++ b/consent/types.go
@@ -296,6 +296,9 @@ type HandledLoginRequest struct {
 	// authorization will be remembered for the duration of the browser session (using a session cookie).
 	RememberFor int `json:"remember_for" db:"remember_for"`
 
+	// RefreshRememberFor, if set to true, session cookie expiry time will be reset when session is refreshed.
+	RefreshRememberFor bool `json:"refresh_remember_for" db:"refresh_remember_for"`
+
 	// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
 	// to express that, for example, a user authenticated using two factor authentication.
 	ACR string `json:"acr" db:"acr"`
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.down.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.down.sql
new file mode 100644
index 00000000000..f6912017855
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled DROP COLUMN refresh_remember_for;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.up.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.up.sql
new file mode 100644
index 00000000000..69711e40a4c
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.cockroach.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled ADD refresh_remember_for BOOLEAN NOT NULL DEFAULT FALSE;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.down.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.down.sql
new file mode 100644
index 00000000000..f6912017855
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled DROP COLUMN refresh_remember_for;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.up.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.up.sql
new file mode 100644
index 00000000000..1f76c6bab22
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.mysql.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled ADD COLUMN refresh_remember_for BOOLEAN NOT NULL DEFAULT FALSE;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.down.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.down.sql
new file mode 100644
index 00000000000..f6912017855
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled DROP COLUMN refresh_remember_for;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.up.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.up.sql
new file mode 100644
index 00000000000..69711e40a4c
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.postgres.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled ADD refresh_remember_for BOOLEAN NOT NULL DEFAULT FALSE;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.down.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.down.sql
new file mode 100644
index 00000000000..f6912017855
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled DROP COLUMN refresh_remember_for;
diff --git a/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.up.sql b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.up.sql
new file mode 100644
index 00000000000..69711e40a4c
--- /dev/null
+++ b/persistence/sql/migrations/20211109120000000000_support_refresh_remember_for.sqlite.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_authentication_request_handled ADD refresh_remember_for BOOLEAN NOT NULL DEFAULT FALSE;