Merge pull request #1155 from sesamyab/ma/expires

fix: update expires
sesamyab · Dec 12, 2024 · 58ca6ed · 58ca6ed
2 parents cc42604 + e3ee2f3
commit 58ca6ed
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 23 deletions.
diff --git a/src/authentication-flows/password.ts b/src/authentication-flows/password.ts
@@ -6,7 +6,10 @@ import {
   getUserByEmailAndProvider,
   getUsersByEmail,
 } from "../utils/users";
-import { CODE_EXPIRATION_TIME } from "../constants";
+import {
+  CODE_EXPIRATION_TIME,
+  LOGIN_SESSION_EXPIRATION_TIME,
+} from "../constants";
 import generateOTP from "../utils/otp";
 import { sendResetPassword } from "../controllers/email";
 import { createLogMessage } from "../utils/create-log-message";
@@ -59,7 +62,9 @@ export async function requestPasswordReset(
   }
 
   const loginSession = await ctx.env.data.logins.create(client.tenant.id, {
-    expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(),
+    expires_at: new Date(
+      Date.now() + LOGIN_SESSION_EXPIRATION_TIME,
+    ).toISOString(),
     authParams: {
       client_id: client.id,
       username: email,

diff --git a/src/authentication-flows/passwordless.ts b/src/authentication-flows/passwordless.ts
@@ -9,6 +9,7 @@ import {
 import generateOTP from "../utils/otp";
 import {
   CODE_EXPIRATION_TIME,
+  EMAIL_VERIFICATION_EXPIRATION_TIME,
   UNIVERSAL_AUTH_SESSION_EXPIRES_IN_SECONDS,
 } from "../constants";
 import {
@@ -77,7 +78,7 @@ export async function validateCode(
     };
   }
 
-  await env.data.codes.remove(client.tenant.id, code.code_id);
+  await env.data.codes.used(client.tenant.id, code.code_id);
 
   const emailUser = await getPrimaryUserByEmailAndProvider({
     userAdapter: env.data.users,
@@ -167,7 +168,9 @@ export async function sendEmailVerificationEmail({
     code_id,
     code_type: "email_verification",
     login_id: loginSession.login_id,
-    expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(),
+    expires_at: new Date(
+      Date.now() + EMAIL_VERIFICATION_EXPIRATION_TIME,
+    ).toISOString(),
   });
 
   await sendValidateEmailAddress(env, client, user.email, code_id, state);

diff --git a/src/authentication-flows/ticket.ts b/src/authentication-flows/ticket.ts
@@ -32,7 +32,7 @@ export async function ticketAuth(
   ctx.set("connection", realm);
 
   const code = await env.data.codes.get(tenant_id, ticketId, "ticket");
-  if (!code) {
+  if (!code || code.used_at) {
     throw new HTTPException(403, { message: "Ticket not found" });
   }
 
@@ -45,7 +45,7 @@ export async function ticketAuth(
   const client = await getClient(ctx.env, login.authParams.client_id);
   ctx.set("client_id", login.authParams.client_id);
 
-  await env.data.codes.remove(tenant_id, ticketId);
+  await env.data.codes.used(tenant_id, ticketId);
 
   const provider = getProviderFromRealm(realm);
 

diff --git a/src/constants.ts b/src/constants.ts
@@ -1,23 +1,11 @@
 export const ACCESS_TOKEN_EXPIRE_IN_SECONDS = 60 * 60 * 24; // 24 hours
 export const MONTH_IN_SECONDS = 30 * 24 * 60 * 60;
 
-// export const headers = {
-//   accessControlAllowHeaders: "Access-Control-Allow-Headers",
-//   accessControlAllowOrigin: "Access-Control-Allow-Origin",
-//   accessControlAllowMethod: "Access-Control-Allow-Methods",
-//   accessControlAllowCredentials: "Access-Control-Allow-Credentials",
-//   accessControlExposeHeaders: "Access-Control-Expose-Headers",
-//   cacheControl: "cache-control",
-//   contentType: "content-type",
-//   contentRange: "content-range",
-//   location: "location",
-//   setCookie: "set-cookie",
-//   tenantId: "tenant-id",
-// };
-
 export const UNIVERSAL_AUTH_SESSION_EXPIRES_IN_SECONDS = 60 * 60 * 24; // 1 day
 export const OAUTH2_CODE_EXPIRES_IN_SECONDS = 5 * 60; // 5 minutes
 
-export const CODE_EXPIRATION_TIME = 24 * 60 * 60 * 1000;
+export const CODE_EXPIRATION_TIME = 30 * 60 * 1000; // 30 minutes
+export const EMAIL_VERIFICATION_EXPIRATION_TIME = 7 * 24 * 60 * 60 * 1000; // One week
+export const LOGIN_SESSION_EXPIRATION_TIME = 24 * 60 * 60 * 1000; // 24 hours
 
 export const CLIENT_ID = process.env.CLIENT_ID || "default";
diff --git a/src/routes/universal-login/routes.tsx b/src/routes/universal-login/routes.tsx
@@ -39,7 +39,10 @@ import {
   requestPasswordReset,
 } from "../../authentication-flows/password";
 import { CustomException } from "../../models/CustomError";
-import { CODE_EXPIRATION_TIME } from "../../constants";
+import {
+  CODE_EXPIRATION_TIME,
+  EMAIL_VERIFICATION_EXPIRATION_TIME,
+} from "../../constants";
 import {
   Client,
   Login,
@@ -1493,7 +1496,9 @@ export const loginRoutes = new OpenAPIHono<{ Bindings: Env; Variables: Var }>()
         code_id: generateOTP(),
         code_type: "email_verification",
         login_id: session.login_id,
-        expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(),
+        expires_at: new Date(
+          Date.now() + EMAIL_VERIFICATION_EXPIRATION_TIME,
+        ).toISOString(),
       });
 
       await sendSignupValidateEmailAddress(