feat(settings): add admin session policy management

This commit is contained in:
2026-03-09 20:07:55 +01:00
parent 7c75df51bb
commit 792af5a532
6 changed files with 378 additions and 0 deletions

View File

@@ -48,6 +48,7 @@ final class SettingsRegistrar implements ContainerRegistrar
$c->get(SettingsAppGateway::class),
$c->get(SettingsApiPolicyGateway::class),
$c->get(SettingsUserLifecycleGateway::class),
$c->get(SettingsSessionGateway::class),
$c->get(SettingsSystemAuditGateway::class),
$c->get(SettingsFrontendTelemetryGateway::class),
$c->get(SettingsMicrosoftGateway::class),

View File

@@ -16,6 +16,7 @@ class AdminSettingsService
private readonly SettingsAppGateway $settingsAppGateway,
private readonly SettingsApiPolicyGateway $settingsApiPolicyGateway,
private readonly SettingsUserLifecycleGateway $settingsUserLifecycleGateway,
private readonly SettingsSessionGateway $settingsSessionGateway,
private readonly SettingsSystemAuditGateway $settingsSystemAuditGateway,
private readonly SettingsFrontendTelemetryGateway $settingsFrontendTelemetryGateway,
private readonly SettingsMicrosoftGateway $settingsMicrosoftGateway,
@@ -61,6 +62,8 @@ class AdminSettingsService
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
'api_cors_allowed_origins' => $this->settingsApiPolicyGateway->getApiCorsAllowedOriginsText(),
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
@@ -90,6 +93,8 @@ class AdminSettingsService
'api_token_max_ttl_days' => $this->settingsMetadataGateway->get(SettingKeys::API_TOKEN_MAX_TTL_DAYS_KEY),
'user_inactivity_deactivate_days' => $this->settingsMetadataGateway->get(SettingKeys::USER_INACTIVITY_DEACTIVATE_DAYS_KEY),
'user_inactivity_delete_days' => $this->settingsMetadataGateway->get(SettingKeys::USER_INACTIVITY_DELETE_DAYS_KEY),
'session_idle_timeout_minutes' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_IDLE_TIMEOUT_MINUTES_KEY),
'session_absolute_timeout_hours' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_ABSOLUTE_TIMEOUT_HOURS_KEY),
'api_cors_allowed_origins' => $this->settingsMetadataGateway->get(SettingKeys::API_CORS_ALLOWED_ORIGINS_KEY),
'system_audit_enabled' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_ENABLED_KEY),
'system_audit_retention_days' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_RETENTION_DAYS_KEY),
@@ -126,6 +131,8 @@ class AdminSettingsService
$apiTokenMaxTtlDays = (int) ($post['api_token_max_ttl_days'] ?? 0);
$userInactivityDeactivateDays = (int) ($post['user_inactivity_deactivate_days'] ?? 0);
$userInactivityDeleteDays = (int) ($post['user_inactivity_delete_days'] ?? 0);
$sessionIdleTimeoutMinutes = (int) ($post['session_idle_timeout_minutes'] ?? 0);
$sessionAbsoluteTimeoutHours = (int) ($post['session_absolute_timeout_hours'] ?? 0);
$apiCorsAllowedOrigins = $this->normalizeScalarText($post['api_cors_allowed_origins'] ?? '');
$systemAuditEnabled = isset($post['system_audit_enabled']);
$systemAuditRetentionDays = (int) ($post['system_audit_retention_days'] ?? 0);
@@ -158,6 +165,8 @@ class AdminSettingsService
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),
@@ -209,6 +218,20 @@ class AdminSettingsService
$this->settingsUserLifecycleGateway->setUserInactivityDeleteDays(0);
}
$sessionIdleOk = $this->settingsSessionGateway->setSessionIdleTimeoutMinutes(
$sessionIdleTimeoutMinutes > 0 ? $sessionIdleTimeoutMinutes : null
);
if (!$sessionIdleOk) {
$errors[] = ['message' => 'Session idle timeout is invalid', 'key' => 'session_idle_timeout_invalid'];
}
$sessionAbsoluteOk = $this->settingsSessionGateway->setSessionAbsoluteTimeoutHours(
$sessionAbsoluteTimeoutHours > 0 ? $sessionAbsoluteTimeoutHours : null
);
if (!$sessionAbsoluteOk) {
$errors[] = ['message' => 'Session absolute timeout is invalid', 'key' => 'session_absolute_timeout_invalid'];
}
$apiCorsOriginsOk = $this->settingsApiPolicyGateway->setApiCorsAllowedOrigins($apiCorsAllowedOrigins);
if (!$apiCorsOriginsOk) {
$errors[] = ['message' => 'CORS allowed origins are invalid', 'key' => 'api_cors_allowed_origins_invalid'];
@@ -311,6 +334,8 @@ class AdminSettingsService
'api_token_max_ttl_days' => $this->settingsApiPolicyGateway->getApiTokenMaxTtlDays(),
'user_inactivity_deactivate_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeactivateDays(),
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),