Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to configure JWT expiration #5732

Closed
phlmn opened this issue Apr 7, 2020 · 2 comments
Closed

Allow to configure JWT expiration #5732

phlmn opened this issue Apr 7, 2020 · 2 comments
Labels
good first issue Good for newcomers issue: enhancement Issue suggesting an enhancement to an existing feature severity: low If the issue only affects a very niche base of users and an easily implemented workaround can solve source: plugin:users-permissions Source is plugin/users-permissions package

Comments

@phlmn
Copy link

phlmn commented Apr 7, 2020
edited

We are currently doing a penetration test on strapi. One finding was that the JWTs in the admin section don't get invalidated on logout and also have a very long validity period (30d 馃槺).

I would suggest to add a configuration option which allows to set the expiresIn option here:

strapi/packages/strapi-plugin-users-permissions/services/Jwt.js

Line 12 in 6309af2

const defaultJwtOptions = { expiresIn: '30d' };

I'm happy to file a PR if you like that idea. 馃檪

Cheers
@lauriejim
Copy link
Contributor

lauriejim commented Apr 7, 2020
edited

Hello @phlmn !
Thank you for this suggestion, this is a really simple thing to do.
Can you please submit a PR to add this feature.
I will appreciate your contribution.

You will have to remove this line - https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/services/Jwt.js#L12

Add in the config folder create a jwt.json file - https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/config/
Similar to the request one.

And is the first file I linked, do the same as here to load configurations - https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/config/policies/rateLimit.js#L20

You will also have to add this option in the documentation.

@lauriejim lauriejim added severity: low If the issue only affects a very niche base of users and an easily implemented workaround can solve source: plugin:users-permissions Source is plugin/users-permissions package issue: enhancement Issue suggesting an enhancement to an existing feature good first issue Good for newcomers labels Apr 7, 2020
@BRA1L0R BRA1L0R mentioned this issue Apr 12, 2020
Closed
@lauriejim
Copy link
Contributor

#6315

@strapi strapi locked as resolved and limited conversation to collaborators Jun 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue Good for newcomers issue: enhancement Issue suggesting an enhancement to an existing feature severity: low If the issue only affects a very niche base of users and an easily implemented workaround can solve source: plugin:users-permissions Source is plugin/users-permissions package
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phlmn @lauriejim