Extend conan token expiration to 1 day

Change conan token expiration from 1 hour to 1 day to better suit user usage patterns. Changelog: changed

Extend conan token expiration to 1 day
Change conan token expiration from 1 hour to 1 day to better suit user usage patterns. Changelog: changed
9c60db07 · Steve Abrams · Sean McGivern · a749065a · 9c60db07 · 9c60db07
Commit 9c60db07 authored May 11, 2021 by Steve Abrams Committed by Sean McGivern May 11, 2021
4 changed files
--- a/changelogs/unreleased/234005-extend-conantoken-expiration.yml
+++ b/changelogs/unreleased/234005-extend-conantoken-expiration.yml
+---
+title: Change conan token expiration from 1 hour to 24 hours
+merge_request: 60763
+author:
+type: changed
--- a/lib/gitlab/conan_token.rb
+++ b/lib/gitlab/conan_token.rb
@@ -8,6 +8,7 @@
 module Gitlab
  class ConanToken
    HMAC_KEY = 'gitlab-conan-packages'
+    CONAN_TOKEN_EXPIRE_TIME = 1.day.freeze

    attr_reader :access_token_id, :user_id

@@ -57,7 +58,7 @@ module Gitlab
      JSONWebToken::HMACToken.new(self.class.secret).tap do |token|
        token['access_token'] = access_token_id
        token['user_id'] = user_id
-        token.expire_time = token.issued_at + 1.hour
+        token.expire_time = token.issued_at + CONAN_TOKEN_EXPIRE_TIME
      end
    end
  end

--- a/spec/lib/gitlab/conan_token_spec.rb
+++ b/spec/lib/gitlab/conan_token_spec.rb
@@ -20,7 +20,7 @@ RSpec.describe Gitlab::ConanToken do
    JSONWebToken::HMACToken.new(jwt_secret).tap do |jwt|
      jwt['access_token'] = access_token_id
      jwt['user_id'] = user_id || user_id
-      jwt.expire_time = expire_time || jwt.issued_at + 1.hour
+      jwt.expire_time = expire_time || jwt.issued_at + ::Gitlab::ConanToken::CONAN_TOKEN_EXPIRE_TIME
    end
  end

@@ -75,7 +75,7 @@ RSpec.describe Gitlab::ConanToken do
    it 'returns nil for expired JWT' do
      jwt = build_jwt(access_token_id: 123,
                      user_id: 456,
-                      expire_time: Time.zone.now - 2.hours)
+                      expire_time: Time.zone.now - (::Gitlab::ConanToken::CONAN_TOKEN_EXPIRE_TIME + 1.hour))

      expect(described_class.decode(jwt.encoded)).to be_nil
    end

--- a/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb
@@ -106,7 +106,7 @@ RSpec.shared_examples 'conan authenticate endpoint' do
        expect(payload['user_id']).to eq(personal_access_token.user_id)

        duration = payload['exp'] - payload['iat']
-        expect(duration).to eq(1.hour)
+        expect(duration).to eq(::Gitlab::ConanToken::CONAN_TOKEN_EXPIRE_TIME)
      end
    end
  end