From e3ee2f3a728376e2d7d5b63c15473a2ef69a6aea Mon Sep 17 00:00:00 2001 From: Markus Ahlstrand Date: Thu, 12 Dec 2024 09:56:04 +0100 Subject: [PATCH] fix: update expires --- src/authentication-flows/password.ts | 9 +++++++-- src/authentication-flows/passwordless.ts | 7 +++++-- src/authentication-flows/ticket.ts | 4 ++-- src/constants.ts | 18 +++--------------- src/routes/universal-login/routes.tsx | 9 +++++++-- 5 files changed, 24 insertions(+), 23 deletions(-) diff --git a/src/authentication-flows/password.ts b/src/authentication-flows/password.ts index ce1131a8b..01d475d37 100644 --- a/src/authentication-flows/password.ts +++ b/src/authentication-flows/password.ts @@ -6,7 +6,10 @@ import { getUserByEmailAndProvider, getUsersByEmail, } from "../utils/users"; -import { CODE_EXPIRATION_TIME } from "../constants"; +import { + CODE_EXPIRATION_TIME, + LOGIN_SESSION_EXPIRATION_TIME, +} from "../constants"; import generateOTP from "../utils/otp"; import { sendResetPassword } from "../controllers/email"; import { createLogMessage } from "../utils/create-log-message"; @@ -59,7 +62,9 @@ export async function requestPasswordReset( } const loginSession = await ctx.env.data.logins.create(client.tenant.id, { - expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(), + expires_at: new Date( + Date.now() + LOGIN_SESSION_EXPIRATION_TIME, + ).toISOString(), authParams: { client_id: client.id, username: email, diff --git a/src/authentication-flows/passwordless.ts b/src/authentication-flows/passwordless.ts index fe54a4775..3f5baf520 100644 --- a/src/authentication-flows/passwordless.ts +++ b/src/authentication-flows/passwordless.ts @@ -9,6 +9,7 @@ import { import generateOTP from "../utils/otp"; import { CODE_EXPIRATION_TIME, + EMAIL_VERIFICATION_EXPIRATION_TIME, UNIVERSAL_AUTH_SESSION_EXPIRES_IN_SECONDS, } from "../constants"; import { @@ -77,7 +78,7 @@ export async function validateCode( }; } - await env.data.codes.remove(client.tenant.id, code.code_id); + await env.data.codes.used(client.tenant.id, code.code_id); const emailUser = await getPrimaryUserByEmailAndProvider({ userAdapter: env.data.users, @@ -167,7 +168,9 @@ export async function sendEmailVerificationEmail({ code_id, code_type: "email_verification", login_id: loginSession.login_id, - expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(), + expires_at: new Date( + Date.now() + EMAIL_VERIFICATION_EXPIRATION_TIME, + ).toISOString(), }); await sendValidateEmailAddress(env, client, user.email, code_id, state); diff --git a/src/authentication-flows/ticket.ts b/src/authentication-flows/ticket.ts index b02d3cd73..2b808d31e 100644 --- a/src/authentication-flows/ticket.ts +++ b/src/authentication-flows/ticket.ts @@ -32,7 +32,7 @@ export async function ticketAuth( ctx.set("connection", realm); const code = await env.data.codes.get(tenant_id, ticketId, "ticket"); - if (!code) { + if (!code || code.used_at) { throw new HTTPException(403, { message: "Ticket not found" }); } @@ -45,7 +45,7 @@ export async function ticketAuth( const client = await getClient(ctx.env, login.authParams.client_id); ctx.set("client_id", login.authParams.client_id); - await env.data.codes.remove(tenant_id, ticketId); + await env.data.codes.used(tenant_id, ticketId); const provider = getProviderFromRealm(realm); diff --git a/src/constants.ts b/src/constants.ts index 1dbe2e65b..00ec4a694 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -1,23 +1,11 @@ export const ACCESS_TOKEN_EXPIRE_IN_SECONDS = 60 * 60 * 24; // 24 hours export const MONTH_IN_SECONDS = 30 * 24 * 60 * 60; -// export const headers = { -// accessControlAllowHeaders: "Access-Control-Allow-Headers", -// accessControlAllowOrigin: "Access-Control-Allow-Origin", -// accessControlAllowMethod: "Access-Control-Allow-Methods", -// accessControlAllowCredentials: "Access-Control-Allow-Credentials", -// accessControlExposeHeaders: "Access-Control-Expose-Headers", -// cacheControl: "cache-control", -// contentType: "content-type", -// contentRange: "content-range", -// location: "location", -// setCookie: "set-cookie", -// tenantId: "tenant-id", -// }; - export const UNIVERSAL_AUTH_SESSION_EXPIRES_IN_SECONDS = 60 * 60 * 24; // 1 day export const OAUTH2_CODE_EXPIRES_IN_SECONDS = 5 * 60; // 5 minutes -export const CODE_EXPIRATION_TIME = 24 * 60 * 60 * 1000; +export const CODE_EXPIRATION_TIME = 30 * 60 * 1000; // 30 minutes +export const EMAIL_VERIFICATION_EXPIRATION_TIME = 7 * 24 * 60 * 60 * 1000; // One week +export const LOGIN_SESSION_EXPIRATION_TIME = 24 * 60 * 60 * 1000; // 24 hours export const CLIENT_ID = process.env.CLIENT_ID || "default"; diff --git a/src/routes/universal-login/routes.tsx b/src/routes/universal-login/routes.tsx index 6802fd069..b4389ba53 100644 --- a/src/routes/universal-login/routes.tsx +++ b/src/routes/universal-login/routes.tsx @@ -39,7 +39,10 @@ import { requestPasswordReset, } from "../../authentication-flows/password"; import { CustomException } from "../../models/CustomError"; -import { CODE_EXPIRATION_TIME } from "../../constants"; +import { + CODE_EXPIRATION_TIME, + EMAIL_VERIFICATION_EXPIRATION_TIME, +} from "../../constants"; import { Client, Login, @@ -1493,7 +1496,9 @@ export const loginRoutes = new OpenAPIHono<{ Bindings: Env; Variables: Var }>() code_id: generateOTP(), code_type: "email_verification", login_id: session.login_id, - expires_at: new Date(Date.now() + CODE_EXPIRATION_TIME).toISOString(), + expires_at: new Date( + Date.now() + EMAIL_VERIFICATION_EXPIRATION_TIME, + ).toISOString(), }); await sendSignupValidateEmailAddress(