diff options
author | Daniel García <[email protected]> | 2023-02-21 21:30:19 +0100 |
---|---|---|
committer | Daniel García <[email protected]> | 2023-02-21 21:30:19 +0100 |
commit | adf83c698dee8f60bc40629af3d4f63ac9b1183c (patch) | |
tree | f632cae5cd38b01fc67b204a1f51b47aad500b51 | |
parent | e7d36de784fc978c951cbd68862912af6a165876 (diff) | |
parent | 8fcbc58ee216d4bc3b3870fcf071b668bb431cef (diff) | |
download | vaultwarden-adf83c698dee8f60bc40629af3d4f63ac9b1183c.tar.gz vaultwarden-adf83c698dee8f60bc40629af3d4f63ac9b1183c.zip |
Merge branch 'mittler-works-adjustable_admin_cookie_lifetime'
-rw-r--r-- | .env.template | 3 | ||||
-rw-r--r-- | src/api/admin.rs | 2 | ||||
-rw-r--r-- | src/auth.rs | 2 | ||||
-rw-r--r-- | src/config.rs | 3 |
4 files changed, 8 insertions, 2 deletions
diff --git a/.env.template b/.env.template index d2eb768e..3c7e7d1e 100644 --- a/.env.template +++ b/.env.template @@ -335,6 +335,9 @@ ## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`. # ADMIN_RATELIMIT_MAX_BURST=3 +## Set the lifetime of admin sessions to this value (in minutes). +# ADMIN_SESSION_LIFETIME=20 + ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ diff --git a/src/api/admin.rs b/src/api/admin.rs index f22d3bc2..8bfc1f21 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -183,7 +183,7 @@ fn post_admin_login(data: Form<LoginForm>, cookies: &CookieJar<'_>, ip: ClientIp let cookie = Cookie::build(COOKIE_NAME, jwt) .path(admin_path()) - .max_age(rocket::time::Duration::minutes(20)) + .max_age(rocket::time::Duration::minutes(CONFIG.admin_session_lifetime())) .same_site(SameSite::Strict) .http_only(true) .finish(); diff --git a/src/auth.rs b/src/auth.rs index 03f14cb8..380c6a73 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -241,7 +241,7 @@ pub fn generate_admin_claims() -> BasicJwtClaims { let time_now = Utc::now().naive_utc(); BasicJwtClaims { nbf: time_now.timestamp(), - exp: (time_now + Duration::minutes(20)).timestamp(), + exp: (time_now + Duration::minutes(CONFIG.admin_session_lifetime())).timestamp(), iss: JWT_ADMIN_ISSUER.to_string(), sub: "admin_panel".to_string(), } diff --git a/src/config.rs b/src/config.rs index fa53c55b..f3736a1f 100644 --- a/src/config.rs +++ b/src/config.rs @@ -581,6 +581,9 @@ make_config! { /// Max burst size for admin login requests |> Allow a burst of requests of up to this size, while maintaining the average indicated by `admin_ratelimit_seconds` admin_ratelimit_max_burst: u32, false, def, 3; + /// Admin session lifetime |> Set the lifetime of admin sessions to this value (in minutes). + admin_session_lifetime: i64, true, def, 20; + /// Enable groups (BETA!) (Know the risks!) |> Enables groups support for organizations (Currently contains known issues!). org_groups_enabled: bool, false, def, false; }, |