From 341c58a722f5175defd43dcbdae12fbe173f6e09 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 16 Sep 2021 09:57:34 +0200 Subject: [PATCH] core: fix token expiry for service accounts being only 30 minutes Signed-off-by: Jens Langhammer --- authentik/core/api/users.py | 3 +++ web/src/pages/users/ServiceAccountForm.ts | 3 +++ 2 files changed, 6 insertions(+) diff --git a/authentik/core/api/users.py b/authentik/core/api/users.py index f00a12f3d..c03e4a9b1 100644 --- a/authentik/core/api/users.py +++ b/authentik/core/api/users.py @@ -1,4 +1,5 @@ """User API Views""" +from datetime import timedelta from json import loads from typing import Optional @@ -7,6 +8,7 @@ from django.db.transaction import atomic from django.db.utils import IntegrityError from django.urls import reverse_lazy from django.utils.http import urlencode +from django.utils.timezone import now from django.utils.translation import gettext as _ from django_filters.filters import BooleanFilter, CharFilter, ModelMultipleChoiceFilter from django_filters.filterset import FilterSet @@ -274,6 +276,7 @@ class UserViewSet(UsedByMixin, ModelViewSet): identifier=f"service-account-{username}-password", intent=TokenIntents.INTENT_APP_PASSWORD, user=user, + expires=now() + timedelta(days=360), ) return Response({"username": user.username, "token": token.key}) except (IntegrityError) as exc: diff --git a/web/src/pages/users/ServiceAccountForm.ts b/web/src/pages/users/ServiceAccountForm.ts index fc533d259..54e766a46 100644 --- a/web/src/pages/users/ServiceAccountForm.ts +++ b/web/src/pages/users/ServiceAccountForm.ts @@ -74,6 +74,9 @@ export class ServiceAccountForm extends Form { value=${ifDefined(this.result?.token)} class="pf-c-form-control" /> +

+ ${t`Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List.`} +

`; }