Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed bug whereby when certain users are added via tokenclaims and a … #41

Merged
merged 1 commit into from
Jul 16, 2024
Merged

Fixed bug whereby when certain users are added via tokenclaims and a … #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ An example configuration file can be found in `example-config.yaml`. A breakdown
- `idp_provider_url`: URL of the Identity Provider service.
- `idp_refresh_directory_interval`: How often the directory information should be refreshed from the Identity Provider.
- `idp_refresh_directory_timeout`: How long the system should wait for a directory refresh before timing out.
- `idp_provider_token_claims_user_ttl`: For the `tokenclaims` IdP provider - Determines how long (in seconds) the user will exist in the Veriflow database before being deleted and requiring a re-auth. Default is 604800 (7 days)
- `signing_key`: RSA private key for signing JWT tokens, encoded in base64.
- `redirect_base_path`: Base path for redirection URLs. By default `/.veriflow`
- `jwks_path`: Location of the JSON Web Key Set (JWKS) that can be called to get the public keys of the signing key.
Expand Down
1 change: 1 addition & 0 deletions example-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ idp_provider_user_id_claim: oid
idp_provider_url: https://login.microsoftonline.com/00000000-1111-2222-3333-444444444444/v2.0
idp_refresh_directory_interval: 10m
idp_refresh_directory_timeout: 5m
idp_provider_token_claims_user_ttl: 604800
signing_key: "BASE64_ENCODED_RSA_PRIVATE_KEY"
redirect_base_path: /.veriflow
jwks_path: /.veriflow/jwks.json
Expand Down
4 changes: 3 additions & 1 deletion lib/idp_adapters/tokenclaims.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ async function addNewUserFromClaims(claims) {
var currentConfig = getConfig()
var userId = claims[currentConfig.idp_provider_user_id_claim]

var expires = currentConfig.idp_provider_token_claims_user_ttl || 604800 // Default user to be removed from Veriflow after 7 days

var userData = {
vfsid: crypto.randomUUID(),
id: userId,
Expand All @@ -42,7 +44,7 @@ async function addNewUserFromClaims(claims) {
};

await redisClient.set(`veriflow:users:${userId}`, JSON.stringify(userData))
await redisClient.expire(`veriflow:users:${userId}`, 87000); // expire in 24 hours
await redisClient.expire(`veriflow:users:${userId}`, expires); // expire in 24 hours
}

async function getAllUsers() {
Expand Down
Loading