From 954a2f5113253c8e0b3bbfd7563724df35603424 Mon Sep 17 00:00:00 2001 From: Johan Lindell Date: Sat, 7 Oct 2023 22:58:45 +0200 Subject: [PATCH] fix: "remember me" with long TOKEN_TIME (#2602) * Fixed "remember me" with long TOKEN_TIME * Reverted changes in create_access_token --- mealie/routes/auth/auth.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/mealie/routes/auth/auth.py b/mealie/routes/auth/auth.py index da3afe0ea..0e1d3e467 100644 --- a/mealie/routes/auth/auth.py +++ b/mealie/routes/auth/auth.py @@ -7,6 +7,7 @@ from pydantic import BaseModel from sqlalchemy.orm.session import Session from mealie.core import root_logger, security +from mealie.core.config import get_app_settings from mealie.core.dependencies import get_current_user from mealie.core.security import authenticate_user from mealie.core.security.security import UserLockedOut @@ -18,6 +19,8 @@ public_router = APIRouter(tags=["Users: Authentication"]) user_router = UserAPIRouter(tags=["Users: Authentication"]) logger = root_logger.get_logger("auth") +remember_me_duration = timedelta(days=14) + class CustomOAuth2Form(OAuth2PasswordRequestForm): def __init__( @@ -55,6 +58,8 @@ def get_token( data: CustomOAuth2Form = Depends(), session: Session = Depends(generate_session), ): + settings = get_app_settings() + email = data.username password = data.password if "x-forwarded-for" in request.headers: @@ -76,7 +81,10 @@ def get_token( status_code=status.HTTP_401_UNAUTHORIZED, ) - duration = timedelta(days=14) if data.remember_me else None + duration = timedelta(hours=settings.TOKEN_TIME) + if data.remember_me and remember_me_duration > duration: + duration = remember_me_duration + access_token = security.create_access_token(dict(sub=str(user.id)), duration) # type: ignore response.set_cookie(