From 3808ce453d1ff803823b0cd0907ec0747b752e9e Mon Sep 17 00:00:00 2001 From: Nassim Tabchiche Date: Thu, 18 Apr 2024 23:21:41 +0200 Subject: [PATCH] Implement auto-refreshing authentication token TTL --- backend/ciso_assistant/settings.py | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py index 0a7507c2f..b7789567d 100644 --- a/backend/ciso_assistant/settings.py +++ b/backend/ciso_assistant/settings.py @@ -12,8 +12,7 @@ from pathlib import Path import os from dotenv import load_dotenv -import subprocess -import json +from datetime import timedelta import logging.config import structlog from django.core.management.utils import get_random_secret_key @@ -149,14 +148,12 @@ def set_ciso_assistant_url(_, __, event_dict): LOGIN_REDIRECT_URL = "home" LOGOUT_REDIRECT_URL = "login" -SESSION_COOKIE_AGE = int( - os.environ.get("SESSION_COOKIE_AGE", default=60 * 15) +AUTH_TOKEN_TTL = int( + os.environ.get("AUTH_TOKEN_TTL", default=60 * 15) ) # defaults to 15 minutes -# prevents session from expiring when user is active -SESSION_SAVE_EVERY_REQUEST = os.environ.get("SESSION_SAVE_EVERY_REQUEST", default=True) -SESSION_EXPIRE_AT_BROWSER_CLOSE = os.environ.get( - "SESSION_EXPIRE_AT_BROWSER_CLOSE", default=True -) +AUTH_TOKEN_AUTO_REFRESH = ( + os.environ.get("AUTH_TOKEN_AUTO_REFRESH", default="True") == "True" +) # prevents token from expiring while user is active CISO_ASSISTANT_SUPERUSER_EMAIL = os.environ.get("CISO_ASSISTANT_SUPERUSER_EMAIL") DEFAULT_FROM_EMAIL = os.environ.get("DEFAULT_FROM_EMAIL") @@ -192,6 +189,15 @@ def set_ciso_assistant_url(_, __, event_dict): "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema", } +REST_KNOX = { + "SECURE_HASH_ALGORITHM": "cryptography.hazmat.primitives.hashes.SHA512", + "AUTH_TOKEN_CHARACTER_LENGTH": 64, + "TOKEN_TTL": timedelta(seconds=AUTH_TOKEN_TTL), + "TOKEN_LIMIT_PER_USER": None, + "AUTO_REFRESH": AUTH_TOKEN_AUTO_REFRESH, + "MIN_REFRESH_INTERVAL": 60, +} + if DEBUG: REST_FRAMEWORK["DEFAULT_RENDERER_CLASSES"].append( "rest_framework.renderers.BrowsableAPIRenderer"