Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make invitation expiration time configurable #2805

Merged
merged 2 commits into from
Oct 9, 2022
Merged

make invitation expiration time configurable #2805

merged 2 commits into from
Oct 9, 2022

Conversation

stefan0xC
Copy link
Contributor

Add an option to configure the number of hours after which organization invites, emergency access invites, email verification emails and account deletion requests expire (defaults to 5 days or 120 hours and must be at least 1 hour).

@stefan0xC
make invitation expiration time configurable
b70316e 
configure the number of hours after which organization invites,
emergency access invites, email verification emails and account deletion
requests expire (defaults to 5 days or 120 hours and must be atleast 1)
tessus
tessus reviewed Oct 8, 2022
View reviewed changes
src/config.rs Outdated Show resolved Hide resolved
@tessus
Copy link
Contributor

tessus commented Oct 8, 2022

Is there a reason why you go with hours as unit? I think days is granular enough. I doubt anyone would really set such a value in hours. e.g. who cares if it is 120h or 123h?

@stefan0xC
Copy link
Contributor Author

Is there a reason why you go with hours as unit? I think days is granular enough. I doubt anyone would really set such a value in hours. e.g. who cares if it is 120h or 123h?

Yes. Self-hosted Bitwarden has hours as a unit. Cf. globalSettings__organizationInviteExpirationHours=

@tessus
Copy link
Contributor

tessus commented Oct 9, 2022

Thanks. Then it makes sense to be consistent.

However, I still find it puzzling why they went with this unit.

@stefan0xC @tessus
improve spelling of minimum expiration hours check
ac120be 
Co-authored-by: Helmut K. C. Tessarek <tessarek@evermeet.cx>
@beckerj
Copy link

beckerj commented Oct 9, 2022
edited
Loading

However, I still find it puzzling why they went with this unit.

You are right, the difference between 120h and 132h probably doesn't matter at all.
The valid use case here is to set it to something less then 24h/1day, e.g. 1-2h in case you want to minimize the time that someone could potentially gain access to a valid link (email is unencrypted after all). 1-2h is enough time for most private installations where a "family-admin" guides you through the process anyways.

@dani-garcia dani-garcia merged commit ac120be into dani-garcia:main Oct 9, 2022
@stefan0xC stefan0xC deleted the configure-expirations branch October 10, 2022 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tessus tessus tessus left review comments

@BlackDex BlackDex BlackDex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@stefan0xC @tessus @beckerj @BlackDex @dani-garcia