refactor: make SessionMaxLifetime configurable

2026-05-08 17:37:01 +00:00 · 2021-08-25 10:55:53 +02:00
parent 6e45fa804c
commit cb514c2294
3 changed files with 8 additions and 3 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,6 +1,8 @@
 package config

 import (
+	"time"
+
 	flag "github.com/spf13/pflag"

 	"github.com/nais/liberator/pkg/conftools"
@@ -29,6 +31,7 @@ type IDPorten struct {
 	SecurityLevel         string            `json:"security-level"`
 	PostLogoutRedirectURI string            `json:"post-logout-redirect-uri"`
 	Scopes                []string          `json:"scopes"`
+	SessionMaxLifetime    time.Duration     `json:"session-max-lifetime"`
 }

 const (
@@ -46,6 +49,7 @@ const (
 	IDPortenSecurityLevel         = "idporten.security-level"
 	IDPortenPostLogoutRedirectURI = "idporten.post-logout-redirect-uri"
 	IDPortenScopes                = "idporten.scopes"
+	IDPortenSessionMaxLifetime    = "idporten.session-max-lifetime"
 )

 func bindNAIS() {
@@ -69,6 +73,7 @@ func Initialize() *Config {
 	flag.String(IDPortenLocale, "nb", "Locale for OAuth2 consent screen.")
 	flag.String(IDPortenPostLogoutRedirectURI, "https://nav.no", "URI for redirecting the user after successful logout at IDPorten.")
 	flag.StringSlice(IDPortenScopes, []string{token.ScopeOpenID}, "List of scopes that should be used during the Auth Code flow.")
+	flag.Duration(IDPortenSessionMaxLifetime, time.Hour, "Max lifetime for user sessions.")

 	return &Config{}
 }
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -27,7 +27,6 @@ import (
 )

 const (
-	SessionMaxLifetime     = time.Hour
 	LoginCookieLifetime    = 10 * time.Minute
 	SessionCookieName      = "io.nais.wonderwall.session"
 	StateCookieName        = "io.nais.wonderwall.state"
@@ -218,7 +217,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err = h.setEncryptedCookie(w, SessionCookieName, idToken.SessionID, SessionMaxLifetime)
+	err = h.setEncryptedCookie(w, SessionCookieName, idToken.SessionID, h.Config.SessionMaxLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -228,7 +227,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	err = h.Sessions.Write(r.Context(), idToken.SessionID, &session.Data{
 		ID:    idToken.SessionID,
 		Token: tokens,
-	}, SessionMaxLifetime)
+	}, h.Config.SessionMaxLifetime)
 	if err != nil {
 		log.Error(err)
 		w.WriteHeader(http.StatusInternalServerError)
--- a/pkg/router/router_test.go
+++ b/pkg/router/router_test.go
@@ -59,6 +59,7 @@ func defaultConfig() config.IDPorten {
 		Locale:                "nb",
 		SecurityLevel:         "Level4",
 		PostLogoutRedirectURI: "",
+		SessionMaxLifetime:    time.Hour,
 	}
 }