feat(settings): add admin session policy management
This commit is contained in:
@@ -48,6 +48,7 @@ final class SettingsRegistrar implements ContainerRegistrar
|
||||
$c->get(SettingsAppGateway::class),
|
||||
$c->get(SettingsApiPolicyGateway::class),
|
||||
$c->get(SettingsUserLifecycleGateway::class),
|
||||
$c->get(SettingsSessionGateway::class),
|
||||
$c->get(SettingsSystemAuditGateway::class),
|
||||
$c->get(SettingsFrontendTelemetryGateway::class),
|
||||
$c->get(SettingsMicrosoftGateway::class),
|
||||
|
||||
@@ -16,6 +16,7 @@ class AdminSettingsService
|
||||
private readonly SettingsAppGateway $settingsAppGateway,
|
||||
private readonly SettingsApiPolicyGateway $settingsApiPolicyGateway,
|
||||
private readonly SettingsUserLifecycleGateway $settingsUserLifecycleGateway,
|
||||
private readonly SettingsSessionGateway $settingsSessionGateway,
|
||||
private readonly SettingsSystemAuditGateway $settingsSystemAuditGateway,
|
||||
private readonly SettingsFrontendTelemetryGateway $settingsFrontendTelemetryGateway,
|
||||
private readonly SettingsMicrosoftGateway $settingsMicrosoftGateway,
|
||||
@@ -61,6 +62,8 @@ class AdminSettingsService
|
||||
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
|
||||
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'api_cors_allowed_origins' => $this->settingsApiPolicyGateway->getApiCorsAllowedOriginsText(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
@@ -90,6 +93,8 @@ class AdminSettingsService
|
||||
'api_token_max_ttl_days' => $this->settingsMetadataGateway->get(SettingKeys::API_TOKEN_MAX_TTL_DAYS_KEY),
|
||||
'user_inactivity_deactivate_days' => $this->settingsMetadataGateway->get(SettingKeys::USER_INACTIVITY_DEACTIVATE_DAYS_KEY),
|
||||
'user_inactivity_delete_days' => $this->settingsMetadataGateway->get(SettingKeys::USER_INACTIVITY_DELETE_DAYS_KEY),
|
||||
'session_idle_timeout_minutes' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_IDLE_TIMEOUT_MINUTES_KEY),
|
||||
'session_absolute_timeout_hours' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_ABSOLUTE_TIMEOUT_HOURS_KEY),
|
||||
'api_cors_allowed_origins' => $this->settingsMetadataGateway->get(SettingKeys::API_CORS_ALLOWED_ORIGINS_KEY),
|
||||
'system_audit_enabled' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_ENABLED_KEY),
|
||||
'system_audit_retention_days' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_RETENTION_DAYS_KEY),
|
||||
@@ -126,6 +131,8 @@ class AdminSettingsService
|
||||
$apiTokenMaxTtlDays = (int) ($post['api_token_max_ttl_days'] ?? 0);
|
||||
$userInactivityDeactivateDays = (int) ($post['user_inactivity_deactivate_days'] ?? 0);
|
||||
$userInactivityDeleteDays = (int) ($post['user_inactivity_delete_days'] ?? 0);
|
||||
$sessionIdleTimeoutMinutes = (int) ($post['session_idle_timeout_minutes'] ?? 0);
|
||||
$sessionAbsoluteTimeoutHours = (int) ($post['session_absolute_timeout_hours'] ?? 0);
|
||||
$apiCorsAllowedOrigins = $this->normalizeScalarText($post['api_cors_allowed_origins'] ?? '');
|
||||
$systemAuditEnabled = isset($post['system_audit_enabled']);
|
||||
$systemAuditRetentionDays = (int) ($post['system_audit_retention_days'] ?? 0);
|
||||
@@ -158,6 +165,8 @@ class AdminSettingsService
|
||||
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
|
||||
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),
|
||||
@@ -209,6 +218,20 @@ class AdminSettingsService
|
||||
$this->settingsUserLifecycleGateway->setUserInactivityDeleteDays(0);
|
||||
}
|
||||
|
||||
$sessionIdleOk = $this->settingsSessionGateway->setSessionIdleTimeoutMinutes(
|
||||
$sessionIdleTimeoutMinutes > 0 ? $sessionIdleTimeoutMinutes : null
|
||||
);
|
||||
if (!$sessionIdleOk) {
|
||||
$errors[] = ['message' => 'Session idle timeout is invalid', 'key' => 'session_idle_timeout_invalid'];
|
||||
}
|
||||
|
||||
$sessionAbsoluteOk = $this->settingsSessionGateway->setSessionAbsoluteTimeoutHours(
|
||||
$sessionAbsoluteTimeoutHours > 0 ? $sessionAbsoluteTimeoutHours : null
|
||||
);
|
||||
if (!$sessionAbsoluteOk) {
|
||||
$errors[] = ['message' => 'Session absolute timeout is invalid', 'key' => 'session_absolute_timeout_invalid'];
|
||||
}
|
||||
|
||||
$apiCorsOriginsOk = $this->settingsApiPolicyGateway->setApiCorsAllowedOrigins($apiCorsAllowedOrigins);
|
||||
if (!$apiCorsOriginsOk) {
|
||||
$errors[] = ['message' => 'CORS allowed origins are invalid', 'key' => 'api_cors_allowed_origins_invalid'];
|
||||
@@ -311,6 +334,8 @@ class AdminSettingsService
|
||||
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
|
||||
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),
|
||||
|
||||
Reference in New Issue
Block a user