From 897b2fceababb6cccfcf6f34adfc2d3265a17437 Mon Sep 17 00:00:00 2001 From: waltaskew Date: Wed, 1 Oct 2014 15:59:28 -0400 Subject: [PATCH] Add configuration for token expiration --- AUTHORS | 1 + docs/configuration.rst | 4 ++++ flask_security/core.py | 3 ++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/AUTHORS b/AUTHORS index e098338..1aaa781 100644 --- a/AUTHORS +++ b/AUTHORS @@ -36,3 +36,4 @@ Rotem Yaari Srijan Choudhary Tristan Escalada Vadim Kotov +Walt Askew diff --git a/docs/configuration.rst b/docs/configuration.rst index 018d4ae..0a9bf69 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -37,6 +37,10 @@ Core ``SECURITY_TOKEN_AUTHENTICATION_HEADER`` Specifies the HTTP header to read when using token authentication. Defaults to ``Authentication-Token``. +``SECURITY_TOKEN_MAX_AGE`` Specifies the number of seconds before + an authentication token expires. + Defaults to None, meaning the token + never expires. ``SECURITY_DEFAULT_HTTP_AUTH_REALM`` Specifies the default authentication realm when using basic HTTP auth. Defaults to ``Login Required`` diff --git a/flask_security/core.py b/flask_security/core.py index fb2a6b6..d29149c 100644 --- a/flask_security/core.py +++ b/flask_security/core.py @@ -75,6 +75,7 @@ _default_config = { 'EMAIL_SENDER': 'no-reply@localhost', 'TOKEN_AUTHENTICATION_KEY': 'auth_token', 'TOKEN_AUTHENTICATION_HEADER': 'Authentication-Token', + 'TOKEN_MAX_AGE': None, 'CONFIRM_SALT': 'confirm-salt', 'RESET_SALT': 'reset-salt', 'LOGIN_SALT': 'login-salt', @@ -192,7 +193,7 @@ def _user_loader(user_id): def _token_loader(token): try: - data = _security.remember_token_serializer.loads(token) + data = _security.remember_token_serializer.loads(token, max_age=_security.token_max_age) user = _security.datastore.find_user(id=data[0]) if user and safe_str_cmp(md5(user.password), data[1]): return user