feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL
This commit is contained in:
@@ -21,6 +21,7 @@ class AdminSettingsService
|
||||
private readonly SettingsFrontendTelemetryGateway $settingsFrontendTelemetryGateway,
|
||||
private readonly SettingsMicrosoftGateway $settingsMicrosoftGateway,
|
||||
private readonly SettingsSmtpGateway $settingsSmtpGateway,
|
||||
private readonly SettingsLoginPersistenceGateway $settingsLoginPersistenceGateway,
|
||||
private readonly SettingsMetadataGateway $settingsMetadataGateway,
|
||||
private readonly SettingCacheService $settingCacheService,
|
||||
private readonly TenantService $tenantService,
|
||||
@@ -64,6 +65,8 @@ class AdminSettingsService
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'microsoft_auto_remember_default' => $this->settingsLoginPersistenceGateway->isMicrosoftAutoRememberDefault(),
|
||||
'remember_token_lifetime_days' => $this->settingsLoginPersistenceGateway->getRememberTokenLifetimeDays(),
|
||||
'api_cors_allowed_origins' => $this->settingsApiPolicyGateway->getApiCorsAllowedOriginsText(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
@@ -95,6 +98,8 @@ class AdminSettingsService
|
||||
'user_inactivity_delete_days' => $this->settingsMetadataGateway->get(SettingKeys::USER_INACTIVITY_DELETE_DAYS_KEY),
|
||||
'session_idle_timeout_minutes' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_IDLE_TIMEOUT_MINUTES_KEY),
|
||||
'session_absolute_timeout_hours' => $this->settingsMetadataGateway->get(SettingKeys::SESSION_ABSOLUTE_TIMEOUT_HOURS_KEY),
|
||||
'microsoft_auto_remember_default' => $this->settingsMetadataGateway->get(SettingKeys::MICROSOFT_AUTO_REMEMBER_DEFAULT_KEY),
|
||||
'remember_token_lifetime_days' => $this->settingsMetadataGateway->get(SettingKeys::REMEMBER_TOKEN_LIFETIME_DAYS_KEY),
|
||||
'api_cors_allowed_origins' => $this->settingsMetadataGateway->get(SettingKeys::API_CORS_ALLOWED_ORIGINS_KEY),
|
||||
'system_audit_enabled' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_ENABLED_KEY),
|
||||
'system_audit_retention_days' => $this->settingsMetadataGateway->get(SettingKeys::SYSTEM_AUDIT_RETENTION_DAYS_KEY),
|
||||
@@ -133,6 +138,8 @@ class AdminSettingsService
|
||||
$userInactivityDeleteDays = (int) ($post['user_inactivity_delete_days'] ?? 0);
|
||||
$sessionIdleTimeoutMinutes = (int) ($post['session_idle_timeout_minutes'] ?? 0);
|
||||
$sessionAbsoluteTimeoutHours = (int) ($post['session_absolute_timeout_hours'] ?? 0);
|
||||
$microsoftAutoRememberDefault = isset($post['microsoft_auto_remember_default']);
|
||||
$rememberTokenLifetimeDays = (int) ($post['remember_token_lifetime_days'] ?? 0);
|
||||
$apiCorsAllowedOrigins = $this->normalizeScalarText($post['api_cors_allowed_origins'] ?? '');
|
||||
$systemAuditEnabled = isset($post['system_audit_enabled']);
|
||||
$systemAuditRetentionDays = (int) ($post['system_audit_retention_days'] ?? 0);
|
||||
@@ -167,6 +174,8 @@ class AdminSettingsService
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'microsoft_auto_remember_default' => $this->settingsLoginPersistenceGateway->isMicrosoftAutoRememberDefault(),
|
||||
'remember_token_lifetime_days' => $this->settingsLoginPersistenceGateway->getRememberTokenLifetimeDays(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),
|
||||
@@ -232,6 +241,15 @@ class AdminSettingsService
|
||||
$errors[] = ['message' => 'Session absolute timeout is invalid', 'key' => 'session_absolute_timeout_invalid'];
|
||||
}
|
||||
|
||||
$this->settingsLoginPersistenceGateway->setMicrosoftAutoRememberDefault($microsoftAutoRememberDefault);
|
||||
|
||||
$rememberTtlOk = $this->settingsLoginPersistenceGateway->setRememberTokenLifetimeDays(
|
||||
$rememberTokenLifetimeDays > 0 ? $rememberTokenLifetimeDays : null
|
||||
);
|
||||
if (!$rememberTtlOk) {
|
||||
$errors[] = ['message' => 'Remember token lifetime is invalid', 'key' => 'remember_token_lifetime_days_invalid'];
|
||||
}
|
||||
|
||||
$apiCorsOriginsOk = $this->settingsApiPolicyGateway->setApiCorsAllowedOrigins($apiCorsAllowedOrigins);
|
||||
if (!$apiCorsOriginsOk) {
|
||||
$errors[] = ['message' => 'CORS allowed origins are invalid', 'key' => 'api_cors_allowed_origins_invalid'];
|
||||
@@ -336,6 +354,8 @@ class AdminSettingsService
|
||||
'user_inactivity_delete_days' => $this->settingsUserLifecycleGateway->getUserInactivityDeleteDays(),
|
||||
'session_idle_timeout_minutes' => $this->settingsSessionGateway->getSessionIdleTimeoutMinutes(),
|
||||
'session_absolute_timeout_hours' => $this->settingsSessionGateway->getSessionAbsoluteTimeoutHours(),
|
||||
'microsoft_auto_remember_default' => $this->settingsLoginPersistenceGateway->isMicrosoftAutoRememberDefault(),
|
||||
'remember_token_lifetime_days' => $this->settingsLoginPersistenceGateway->getRememberTokenLifetimeDays(),
|
||||
'system_audit_enabled' => $this->settingsSystemAuditGateway->isSystemAuditEnabled(),
|
||||
'system_audit_retention_days' => $this->settingsSystemAuditGateway->getSystemAuditRetentionDays(),
|
||||
'frontend_telemetry_enabled' => $this->settingsFrontendTelemetryGateway->isFrontendTelemetryEnabled(),
|
||||
|
||||
Reference in New Issue
Block a user