From 6510dd5175b84c9780dda2fe0d8869efaeb2404b Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Fri, 19 Jul 2024 09:35:51 -0500
Subject: Enable external configuration of session expiry period

Enable passing in the number of minutes that a session can be valid
for. This enables the length of time that the session can last to be
configurable rather than hard-coded.
---
 gn_auth/auth/authorisation/users/admin/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'gn_auth/auth/authorisation/users')

diff --git a/gn_auth/auth/authorisation/users/admin/views.py b/gn_auth/auth/authorisation/users/admin/views.py
index 8ca1e51..0ab69e9 100644
--- a/gn_auth/auth/authorisation/users/admin/views.py
+++ b/gn_auth/auth/authorisation/users/admin/views.py
@@ -62,7 +62,8 @@ _FORM_GRANT_TYPES_ = ({
 @admin.before_request
 def update_expires():
     """Update session expiration."""
-    if session.session_info() and not session.update_expiry():
+    if (session.session_info() and not session.update_expiry(
+            int(app.config.get("SESSION_EXPIRY_MINUTES", 10)))):
         flash("Session has expired. Logging out...", "alert-warning")
         session.clear_session_info()
         return redirect(url_for("oauth2.admin.login"))
@@ -96,7 +97,8 @@ def login():
                 session.update_session_info(
                     user=asdict(user),
                     expires=(
-                        datetime.now(tz=timezone.utc) + timedelta(minutes=10)))
+                        datetime.now(tz=timezone.utc) + timedelta(minutes=int(
+                            app.config.get("SESSION_EXPIRY_MINUTES", 10)))))
                 return redirect(url_for(next_uri))
             raise NotFoundError(error_message)
     except NotFoundError as _nfe:
-- 
cgit v1.2.3