MCPcopy Index your code
hub / github.com/bytebase/bytebase / GetRefreshTokenDuration

Function GetRefreshTokenDuration

backend/api/auth/header.go:63–97  ·  view source on GitHub ↗
(ctx context.Context, store *store.Store, licenseService *enterprise.LicenseService, workspaceID string)

Source from the content-addressed store, hash-verified

61}
62
63func GetRefreshTokenDuration(ctx context.Context, store *store.Store, licenseService *enterprise.LicenseService, workspaceID string) time.Duration {
64 refreshTokenDuration := DefaultRefreshTokenDuration
65
66 // If the sign-in frequency control feature is not enabled, return default duration
67 if err := licenseService.IsFeatureEnabled(ctx, workspaceID, v1pb.PlanFeature_FEATURE_TOKEN_DURATION_CONTROL); err != nil {
68 return refreshTokenDuration
69 }
70
71 workspaceProfile, err := store.GetWorkspaceProfileSetting(ctx, workspaceID)
72 if err != nil {
73 return refreshTokenDuration
74 }
75
76 if workspaceProfile.GetRefreshTokenDuration().GetSeconds() > 0 {
77 refreshTokenDuration = workspaceProfile.GetRefreshTokenDuration().AsDuration()
78 }
79
80 if err := licenseService.IsFeatureEnabled(ctx, workspaceID, v1pb.PlanFeature_FEATURE_PASSWORD_RESTRICTIONS); err != nil {
81 return refreshTokenDuration
82 }
83 // Currently we implement the password rotation restriction in a simple way:
84 // 1. Only check if users need to reset their password during login.
85 // 2. For the 1st time login, if `RequireResetPasswordForFirstLogin` is true, `require_reset_password` in the response will be true
86 // 3. Otherwise if the `PasswordRotation` exists, check the password last updated time to decide if the `require_reset_password` is true.
87 // So we will use the minimum value between (`refreshTokenDuration`, `passwordRestriction.PasswordRotation`) to force to expire the token.
88 passwordRestriction := workspaceProfile.GetPasswordRestriction()
89 if passwordRestriction.GetPasswordRotation().GetSeconds() > 0 {
90 passwordRotation := passwordRestriction.GetPasswordRotation().AsDuration()
91 if passwordRotation.Seconds() < refreshTokenDuration.Seconds() {
92 refreshTokenDuration = passwordRotation
93 }
94 }
95
96 return refreshTokenDuration
97}
98
99// GetRefreshTokenCookie creates a cookie for the refresh token.
100// token="" => unset (clears cookie)

Callers 4

SignupMethod · 0.92
finalizeLoginMethod · 0.92
GetTokenCookieFunction · 0.85

Calls 5

IsFeatureEnabledMethod · 0.80
GetPasswordRotationMethod · 0.45

Tested by

no test coverage detected