projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
17903: Merge branch 'main' into 17903-login-sync-centos7
[arvados.git] / services / api / app / models / api_client_authorization.rb
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 7e7140369171a56dc3ba2a2ad4b9eb531f798cb4..52f2cee064905fd6a81e4e9e60a774dfc80bab55 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -406,9 +406,9 @@ class ApiClientAuthorization < ArvadosModel
   protected
 
   def clamp_token_expiration
-    if !current_user.andand.is_admin && Rails.configuration.API.MaxTokenLifetime > 0
+    if Rails.configuration.API.MaxTokenLifetime > 0
       max_token_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime
-      if (self.new_record? || self.expires_at_changed?) && (self.expires_at.nil? || self.expires_at > max_token_expiration)
+      if (self.new_record? || self.expires_at_changed?) && (self.expires_at.nil? || (self.expires_at > max_token_expiration && !current_user.andand.is_admin))
         self.expires_at = max_token_expiration
       end
     end