end
if Rails.configuration.Login.TokenLifetime > 0
if token_expiration == nil
- token_expiration = Time.now + Rails.configuration.Login.TokenLifetime
+ token_expiration = db_current_time + Rails.configuration.Login.TokenLifetime
else
- token_expiration = [token_expiration, Time.now + Rails.configuration.Login.TokenLifetime].min
+ token_expiration = [token_expiration, db_current_time + Rails.configuration.Login.TokenLifetime].min
end
end
include KindAndEtag
include CommonApiTemplate
extend CurrentApiClient
+ extend DbCurrentTime
belongs_to :api_client
belongs_to :user
auth.update_attributes!(user: user,
api_token: stored_secret,
api_client_id: 0,
- expires_at: Time.now + Rails.configuration.Login.RemoteTokenRefresh)
+ expires_at: db_current_time + Rails.configuration.Login.RemoteTokenRefresh)
Rails.logger.debug "cached remote token #{token_uuid} with secret #{stored_secret} in local db"
auth.api_token = secret
return auth
def clamp_token_expiration
if !current_user.andand.is_admin && Rails.configuration.API.MaxTokenLifetime > 0
- max_token_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime
+ max_token_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime
if self.new_record? && (self.expires_at.nil? || self.expires_at > max_token_expiration)
self.expires_at = max_token_expiration
elsif !self.new_record? && self.expires_at_changed? && (self.expires_at.nil? || self.expires_at > max_token_expiration)
require 'test_helper'
class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
+ include DbCurrentTime
+ extend DbCurrentTime
fixtures :all
test "create system auth" do
assert_response 403
end
- [nil, Time.now + 2.hours].each do |desired_expiration|
+ [nil, db_current_time + 2.hours].each do |desired_expiration|
test "expires_at gets clamped on non-admins when API.MaxTokenLifetime is set and desired expires_at #{desired_expiration.nil? ? 'is not set' : 'exceeds the limit'}" do
Rails.configuration.API.MaxTokenLifetime = 1.hour
# Test token creation
- start_t = Time.now
+ start_t = db_current_time
post "/arvados/v1/api_client_authorizations",
params: {
:format => :json,
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
- end_t = Time.now
+ end_t = db_current_time
assert_response 200
expiration_t = json_response['expires_at'].to_time
assert_operator expiration_t.to_f, :>, (start_t + Rails.configuration.API.MaxTokenLifetime).to_f
# Test token update
previous_expiration = expiration_t
token_uuid = json_response["uuid"]
- start_t = Time.now
+ start_t = db_current_time
put "/arvados/v1/api_client_authorizations/#{token_uuid}",
params: {
:api_client_authorization => {
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
- end_t = Time.now
+ end_t = db_current_time
assert_response 200
expiration_t = json_response['expires_at'].to_time
assert_operator previous_expiration.to_f, :<, expiration_t.to_f
previous_expiration = json_response['expires_at']
token_uuid = json_response['uuid']
if previous_expiration.nil?
- desired_updated_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime + 1.hour
+ desired_updated_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime + 1.hour
else
desired_updated_expiration = nil
end