Skip to content
Snippets Groups Projects
Unverified Commit da85276c authored by abdul aziz ali's avatar abdul aziz ali Committed by GitHub
Browse files

Add new environment setting reset-token-ttl-hours (#32132) 

* Add new setting reset-token-ttl-h. Expose in selectors (#12829)

* Add reset-token-ttl-h setter, fix call in reset-token-ttl-ms. Add additional reset-token-ttl-h tests. (#12829)

* Revert previous changes. Define reset-token-ttl-hours and reset-token-ttl-hours-test (#12829)

* Fix formatting errors (#12829)
parent c6583878
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/metabase/api/session.clj
+ 13
5
View file @ da85276c
......@@ -15,7 +15,7 @@
[metabase.models.login-history :refer [LoginHistory]]
[metabase.models.pulse :as pulse]
[metabase.models.session :refer [Session]]
[metabase.models.setting :as setting]
[metabase.models.setting :as setting :refer [defsetting]]
[metabase.models.user :as user :refer [User]]
[metabase.public-settings :as public-settings]
[metabase.server.middleware.session :as mw.session]
......@@ -232,9 +232,17 @@
(forgot-password-impl email)
api/generic-204-no-content)
(def ^:private ^:const reset-token-ttl-ms
"Number of milliseconds a password reset is considered valid."
(* 48 60 60 1000)) ; token considered valid for 48 hours
(defsetting reset-token-ttl-hours
(deferred-tru "Number of hours a password reset is considered valid.")
:visibility :internal
:type :integer
:default 48)
(defn reset-token-ttl-ms
"number of milliseconds a password reset is considered valid."
[]
(* (reset-token-ttl-hours) 60 60 1000))
(defn- valid-reset-token->user
"Check if a password reset token is valid. If so, return the `User` ID it corresponds to."
......@@ -249,7 +257,7 @@
(u.password/bcrypt-verify token reset_token))
;; check that the reset was triggered within the last 48 HOURS, after that the token is considered expired
(let [token-age (- (System/currentTimeMillis) reset_triggered)]
(when (< token-age reset-token-ttl-ms)
(when (< token-age (reset-token-ttl-ms))
user)))))))
#_{:clj-kondo/ignore [:deprecated-var]}
......
test/metabase/api/session_test.clj
+ 22
0
View file @ da85276c
......@@ -358,6 +358,28 @@
(is (= {:valid false}
(mt/client :get 200 "session/password_reset_token_valid", :token token)))))))
(deftest reset-token-ttl-hours-test
(testing "Test reset-token-ttl-hours-test"
(testing "reset-token-ttl-hours-test is reset to default when not set"
(mt/with-temp-env-var-value [mb-reset-token-ttl-hours nil]
(is (= 48 (setting/get-value-of-type :integer :reset-token-ttl-hours)))))
(testing "reset-token-ttl-hours-test is set to positive value"
(mt/with-temp-env-var-value [mb-reset-token-ttl-hours 36]
(is (= 36 (setting/get-value-of-type :integer :reset-token-ttl-hours)))))
(testing "reset-token-ttl-hours-test is set to large positive value"
(mt/with-temp-env-var-value [mb-reset-token-ttl-hours (+ Integer/MAX_VALUE 1)]
(is (= (+ Integer/MAX_VALUE 1) (setting/get-value-of-type :integer :reset-token-ttl-hours)))))
(testing "reset-token-ttl-hours-test is set to zero"
(mt/with-temp-env-var-value [mb-reset-token-ttl-hours 0]
(is (= 0 (setting/get-value-of-type :integer :reset-token-ttl-hours)))))
(testing "reset-token-ttl-hours-test is set to negative value"
(mt/with-temp-env-var-value [mb-reset-token-ttl-hours -1]
(is (= -1 (setting/get-value-of-type :integer :reset-token-ttl-hours)))))))
(deftest properties-test
(reset-throttlers!)
(testing "GET /session/properties"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment