aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel García <[email protected]>2023-02-21 21:30:19 +0100
committerDaniel García <[email protected]>2023-02-21 21:30:19 +0100
commitadf83c698dee8f60bc40629af3d4f63ac9b1183c (patch)
treef632cae5cd38b01fc67b204a1f51b47aad500b51
parente7d36de784fc978c951cbd68862912af6a165876 (diff)
parent8fcbc58ee216d4bc3b3870fcf071b668bb431cef (diff)
downloadvaultwarden-adf83c698dee8f60bc40629af3d4f63ac9b1183c.tar.gz
vaultwarden-adf83c698dee8f60bc40629af3d4f63ac9b1183c.zip
Merge branch 'mittler-works-adjustable_admin_cookie_lifetime'
-rw-r--r--.env.template3
-rw-r--r--src/api/admin.rs2
-rw-r--r--src/auth.rs2
-rw-r--r--src/config.rs3
4 files changed, 8 insertions, 2 deletions
diff --git a/.env.template b/.env.template
index d2eb768e..3c7e7d1e 100644
--- a/.env.template
+++ b/.env.template
@@ -335,6 +335,9 @@
## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
# ADMIN_RATELIMIT_MAX_BURST=3
+## Set the lifetime of admin sessions to this value (in minutes).
+# ADMIN_SESSION_LIFETIME=20
+
## Yubico (Yubikey) Settings
## Set your Client ID and Secret Key for Yubikey OTP
## You can generate it here: https://upgrade.yubico.com/getapikey/
diff --git a/src/api/admin.rs b/src/api/admin.rs
index f22d3bc2..8bfc1f21 100644
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -183,7 +183,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp
let cookie = Cookie::build(COOKIE_NAME, jwt)
.path(admin_path())
- .max_age(rocket::time::Duration::minutes(20))
+ .max_age(rocket::time::Duration::minutes(CONFIG.admin_session_lifetime()))
.same_site(SameSite::Strict)
.http_only(true)
.finish();
diff --git a/src/auth.rs b/src/auth.rs
index 03f14cb8..380c6a73 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -241,7 +241,7 @@ pub fn generate_admin_claims() -> BasicJwtClaims {
let time_now = Utc::now().naive_utc();
BasicJwtClaims {
nbf: time_now.timestamp(),
- exp: (time_now + Duration::minutes(20)).timestamp(),
+ exp: (time_now + Duration::minutes(CONFIG.admin_session_lifetime())).timestamp(),
iss: JWT_ADMIN_ISSUER.to_string(),
sub: "admin_panel".to_string(),
}
diff --git a/src/config.rs b/src/config.rs
index fa53c55b..f3736a1f 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -581,6 +581,9 @@ make_config! {
/// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds`
admin_ratelimit_max_burst: u32, false, def, 3;
+ /// Admin session lifetime |> Set the lifetime of admin sessions to this value (in minutes).
+ admin_session_lifetime: i64, true, def, 20;
+
/// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!).
org_groups_enabled: bool, false, def, false;
},