core: fix token expiry for service accounts being only 30 minutes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-16 09:57:34 +02:00 · 2021-09-16 09:57:34 +02:00 · 341c58a722
parent 9b04f2da48
commit 341c58a722
2 changed files with 6 additions and 0 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -1,4 +1,5 @@
 """User API Views"""
+from datetime import timedelta
 from json import loads
 from typing import Optional

@ -7,6 +8,7 @@ from django.db.transaction import atomic
 from django.db.utils import IntegrityError
 from django.urls import reverse_lazy
 from django.utils.http import urlencode
+from django.utils.timezone import now
 from django.utils.translation import gettext as _
 from django_filters.filters import BooleanFilter, CharFilter, ModelMultipleChoiceFilter
 from django_filters.filterset import FilterSet
@ -274,6 +276,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
                    identifier=f"service-account-{username}-password",
                    intent=TokenIntents.INTENT_APP_PASSWORD,
                    user=user,
+                    expires=now() + timedelta(days=360),
                )
                return Response({"username": user.username, "token": token.key})
            except (IntegrityError) as exc:
--- a/web/src/pages/users/ServiceAccountForm.ts
+++ b/web/src/pages/users/ServiceAccountForm.ts
@ -74,6 +74,9 @@ export class ServiceAccountForm extends Form<UserServiceAccountRequest> {
                        value=${ifDefined(this.result?.token)}
                        class="pf-c-form-control"
                    />
+                    <p class="pf-c-form__helper-text">
+                        ${t`Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List.`}
+                    </p>
                </ak-form-element-horizontal>
            </form>`;
    }