MF-1008 - Make token duration configurable #1550
Conversation
Codecov Report
@@ Coverage Diff @@
## master #1550 +/- ##
==========================================
+ Coverage 67.47% 69.09% +1.61%
==========================================
Files 139 134 -5
Lines 11321 11058 -263
==========================================
+ Hits 7639 7640 +1
+ Misses 3051 2787 -264
Partials 631 631
Continue to review full report at Codecov.
|
cmd/auth/main.go
Outdated
| lduration := mainflux.Env(envLoginDuration, defLoginDuration) | ||
| duration, err := strconv.Atoi(lduration) | ||
| if err != nil { | ||
| log.Fatal(err) | ||
| } | ||
| loginDuration := time.Duration(duration) * time.Minute |
There was a problem hiding this comment.
Use
| lduration := mainflux.Env(envLoginDuration, defLoginDuration) | |
| duration, err := strconv.Atoi(lduration) | |
| if err != nil { | |
| log.Fatal(err) | |
| } | |
| loginDuration := time.Duration(duration) * time.Minute | |
| loginDuration, err := time.PareDuration(mainflux.Env(envLoginDuration, defLoginDuration)) |
This also implies that duration is passed using the format with units (1h, 15m, 1500s...) which means that defLoginDuration needs to be changed, and it needs to be updated in README.
There was a problem hiding this comment.
Initially, the duration is passed in as a string e.g "5" which means 5 minutes. Then we convert this to Integer and finally time.duration
There was a problem hiding this comment.
Please use time.PareDuration instead and document that the duration unit needs to be passed with the value.
cmd/auth/main.go
Outdated
| @@ -52,6 +54,7 @@ const ( | |||
| defKetoHost = "mainflux-keto" | |||
| defKetoWritePort = "4467" | |||
| defKetoReadPort = "4466" | |||
| defLoginDuration = "50" | |||
There was a problem hiding this comment.
Make default 10h to be aligned with the old version.
There was a problem hiding this comment.
Changed to 600 which is 10h
auth/README.md
Outdated
| | MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| | MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| | MF_AUTH_LOGIN_TOKEN_DURATION | Time in minutes for the login token to last of type time.duration | 600m | | ||
| | MF_JAEGER_URL | Jaeger server URL | localhost:6831| |
There was a problem hiding this comment.
add space after port value
docker/.env
Outdated
| @@ -35,6 +35,7 @@ MF_AUTH_DB_USER=mainflux | |||
| MF_AUTH_DB_PASS=mainflux | |||
| MF_AUTH_DB=auth | |||
| MF_AUTH_SECRET=secret | |||
| MF_AUTH_LOGIN_TOKEN_DURATION="600m" | |||
There was a problem hiding this comment.
maybe MF_AUTH_LOGIN_TOKEN_EXPIRATION is better naming
There was a problem hiding this comment.
@dusanb94 had suggested this MF_AUTH_LOGIN_TOKEN_DURATION
auth/README.md
Outdated
| | MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| | MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| | MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| | MF_AUTH_LOGIN_TOKEN_DURATION | Time in hours for the login token to last of type time.duration | 10h | |
There was a problem hiding this comment.
@0x6f736f646f This is not correct. It is not necessarily in hours, you can change the time unit in the value itself.
| @@ -14,9 +14,6 @@ import ( | |||
| ) | |||
|
|
|||
| const ( | |||
| loginDuration = 10 * time.Hour | |||
| recoveryDuration = 5 * time.Minute | |||
There was a problem hiding this comment.
Don't remove recoveryDuration, please keep using the constant for recovery duration.
There was a problem hiding this comment.
It wasn't being used but I have kept it back
auth/service.go
Outdated
| @@ -130,9 +131,9 @@ func (svc service) Issue(ctx context.Context, token string, key Key) (Key, strin | |||
| case APIKey: | |||
| return svc.userKey(ctx, token, key) | |||
| case RecoveryKey: | |||
| return svc.tmpKey(recoveryDuration, key) | |||
| return svc.tmpKey(svc.loginDuration, key) | |||
There was a problem hiding this comment.
As I mentioned in this comment, revert this line back to use the constant.
auth/README.md
Outdated
| | MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| | MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| | MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| | MF_AUTH_LOGIN_TOKEN_DURATION | Time in hours or minutes for the login token to last of type time.duration | 10h | |
There was a problem hiding this comment.
It is not hours or minutes, it can be seconds (and milliseconds, microseconds; though that's not advisable), as well. Just use:
The duration that represents how long the login token is valid from the moment of its creation
| @@ -142,6 +146,11 @@ func loadConfig() config { | |||
| SSLRootCert: mainflux.Env(envDBSSLRootCert, defDBSSLRootCert), | |||
| } | |||
|
|
|||
| loginDuration, err := time.ParseDuration(mainflux.Env(envLoginDuration, defLoginDuration)) | |||
There was a problem hiding this comment.
Instead of panic can we use defLoginDuration value
And log the envLoginDuration as warning or error
If the defLoginDuration value got error during parse , then log panic
Like
loginDuration, err := time.ParseDuration(envLoginDuration)
if err != nil {
logger.Info("Invalid Login Duration %v: %v", envLoginDuration, err)
loginDuration , err := time.ParseDuration(defLoginDuration)
if err != nil {
log.Painc(fmt.Sprintf("Invalid default login duration %v: %v", defLoginDuration err))
}
logger.Info("Using default Login Duration %v", defLoginDuration)
}
There was a problem hiding this comment.
That's is one way to do it. TBH, since default is not exactly fallback (despite the params naming in mainflux.Env), and due to code simplicity, I prefer the current solution. It's also aligned with the rest of the codebase.
auth/README.md
Outdated
| | MF_AUTH_SERVER_CERT | Path to server certificate in pem format | | | ||
| | MF_AUTH_SERVER_KEY | Path to server key in pem format | | | ||
| | MF_AUTH_SECRET | String used for signing tokens | auth | | ||
| | MF_AUTH_LOGIN_TOKEN_DURATION | The duration that represents how long the login token is valid from the moment of its created | 10h | |
There was a problem hiding this comment.
Maybe you can use something simpler here. The login token lifetime or The login token expiration period
auth/api/grpc/endpoint_test.go
Outdated
| @@ -37,6 +37,8 @@ const ( | |||
|
|
|||
| authoritiesObj = "authorities" | |||
| memberRelation = "member" | |||
|
|
|||
auth/service.go
Outdated
| @@ -14,7 +14,6 @@ import ( | |||
| ) | |||
|
|
|||
| const ( | |||
| loginDuration = 10 * time.Hour | |||
| recoveryDuration = 5 * time.Minute | |||
|
|
|||
|
@arvindh123 can you update your branch please |
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f <blackd0t@protonmail.com>
Signed-off-by: 0x6f736f646f blackd0t@protonmail.com
What does this do?
Make token duration configurable at service
Which issue(s) does this PR fix/relate to?
Resolves #1008
List any changes that modify/break current functionality
It makes the token duration configurable
Have you included tests for your changes?
No
Did you document any new/modified functionality?
No
Notes
No