-
Notifications
You must be signed in to change notification settings - Fork 669
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MF-1008 - Make token duration configurable #1550
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1550 +/- ##
==========================================
+ Coverage 67.47% 69.09% +1.61%
==========================================
Files 139 134 -5
Lines 11321 11058 -263
==========================================
+ Hits 7639 7640 +1
+ Misses 3051 2787 -264
Partials 631 631
Continue to review full report at Codecov.
|
cmd/auth/main.go
Outdated
lduration := mainflux.Env(envLoginDuration, defLoginDuration) | ||
duration, err := strconv.Atoi(lduration) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
loginDuration := time.Duration(duration) * time.Minute |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use
lduration := mainflux.Env(envLoginDuration, defLoginDuration) | |
duration, err := strconv.Atoi(lduration) | |
if err != nil { | |
log.Fatal(err) | |
} | |
loginDuration := time.Duration(duration) * time.Minute | |
loginDuration, err := time.PareDuration(mainflux.Env(envLoginDuration, defLoginDuration)) |
This also implies that duration is passed using the format with units (1h
, 15m
, 1500s
...) which means that defLoginDuration
needs to be changed, and it needs to be updated in README.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initially, the duration is passed in as a string e.g "5"
which means 5 minutes. Then we convert this to Integer and finally time.duration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use time.PareDuration
instead and document that the duration unit needs to be passed with the value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
cmd/auth/main.go
Outdated
@@ -52,6 +54,7 @@ const ( | |||
defKetoHost = "mainflux-keto" | |||
defKetoWritePort = "4467" | |||
defKetoReadPort = "4466" | |||
defLoginDuration = "50" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make default 10h
to be aligned with the old version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to 600 which is 10h
auth/README.md
Outdated
| MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| MF_AUTH_LOGIN_TOKEN_DURATION | Time in minutes for the login token to last of type time.duration | 600m | | ||
| MF_JAEGER_URL | Jaeger server URL | localhost:6831| |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add space after port value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
docker/.env
Outdated
@@ -35,6 +35,7 @@ MF_AUTH_DB_USER=mainflux | |||
MF_AUTH_DB_PASS=mainflux | |||
MF_AUTH_DB=auth | |||
MF_AUTH_SECRET=secret | |||
MF_AUTH_LOGIN_TOKEN_DURATION="600m" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe MF_AUTH_LOGIN_TOKEN_EXPIRATION
is better naming
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dusanb94 had suggested this MF_AUTH_LOGIN_TOKEN_DURATION
auth/README.md
Outdated
| MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| MF_AUTH_LOGIN_TOKEN_DURATION | Time in hours for the login token to last of type time.duration | 10h | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@0x6f736f646f This is not correct. It is not necessarily in hours, you can change the time unit in the value itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -14,9 +14,6 @@ import ( | |||
) | |||
|
|||
const ( | |||
loginDuration = 10 * time.Hour | |||
recoveryDuration = 5 * time.Minute |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't remove recoveryDuration, please keep using the constant for recovery duration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It wasn't being used but I have kept it back
auth/service.go
Outdated
@@ -130,9 +131,9 @@ func (svc service) Issue(ctx context.Context, token string, key Key) (Key, strin | |||
case APIKey: | |||
return svc.userKey(ctx, token, key) | |||
case RecoveryKey: | |||
return svc.tmpKey(recoveryDuration, key) | |||
return svc.tmpKey(svc.loginDuration, key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I mentioned in this comment, revert this line back to use the constant.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
auth/README.md
Outdated
| MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| MF_AUTH_LOGIN_TOKEN_DURATION | Time in hours or minutes for the login token to last of type time.duration | 10h | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not hours or minutes
, it can be seconds (and milliseconds, microseconds; though that's not advisable), as well. Just use:
The duration that represents how long the login token is valid from the moment of its creation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -142,6 +146,11 @@ func loadConfig() config { | |||
SSLRootCert: mainflux.Env(envDBSSLRootCert, defDBSSLRootCert), | |||
} | |||
|
|||
loginDuration, err := time.ParseDuration(mainflux.Env(envLoginDuration, defLoginDuration)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of panic can we use defLoginDuration value
And log the envLoginDuration as warning or error
If the defLoginDuration value got error during parse , then log panic
Like
loginDuration, err := time.ParseDuration(envLoginDuration)
if err != nil {
logger.Info("Invalid Login Duration %v: %v", envLoginDuration, err)
loginDuration , err := time.ParseDuration(defLoginDuration)
if err != nil {
log.Painc(fmt.Sprintf("Invalid default login duration %v: %v", defLoginDuration err))
}
logger.Info("Using default Login Duration %v", defLoginDuration)
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's is one way to do it. TBH, since default
is not exactly fallback
(despite the params naming in mainflux.Env
), and due to code simplicity, I prefer the current solution. It's also aligned with the rest of the codebase.
auth/README.md
Outdated
| MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| MF_AUTH_LOGIN_TOKEN_DURATION | The duration that represents how long the login token is valid from the moment of its created | 10h | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe you can use something simpler here. The login token lifetime
or The login token expiration period
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
auth/api/grpc/endpoint_test.go
Outdated
@@ -37,6 +37,8 @@ const ( | |||
|
|||
authoritiesObj = "authorities" | |||
memberRelation = "member" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kill this blank line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
auth/service.go
Outdated
@@ -14,7 +14,6 @@ import ( | |||
) | |||
|
|||
const ( | |||
loginDuration = 10 * time.Hour | |||
recoveryDuration = 5 * time.Minute | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kill this blank line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@arvindh123 can you update your branch please |
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: 0x6f736f646f blackd0t@protonmail.com
What does this do?
Make token duration configurable at service
Which issue(s) does this PR fix/relate to?
Resolves #1008
List any changes that modify/break current functionality
It makes the token duration configurable
Have you included tests for your changes?
No
Did you document any new/modified functionality?
No
Notes
No