From c71e55ecc4c2381785b5f8ae10af74d8a537d6c3 Mon Sep 17 00:00:00 2001 From: Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> Date: Wed, 7 Jul 2021 15:46:42 +0200 Subject: clean up some weirdness in the router (#80) --- internal/api/client/auth/authorize.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'internal/api/client/auth/authorize.go') diff --git a/internal/api/client/auth/authorize.go b/internal/api/client/auth/authorize.go index f473579db..7661019db 100644 --- a/internal/api/client/auth/authorize.go +++ b/internal/api/client/auth/authorize.go @@ -38,6 +38,9 @@ import ( func (m *Module) AuthorizeGETHandler(c *gin.Context) { l := m.log.WithField("func", "AuthorizeGETHandler") s := sessions.Default(c) + s.Options(sessions.Options{ + MaxAge: 120, // give the user 2 minutes to sign in before expiring their session + }) // UserID will be set in the session by AuthorizePOSTHandler if the caller has already gone through the authentication flow // If it's not set, then we don't know yet who the user is, so we need to redirect them to the sign in page. @@ -117,9 +120,6 @@ func (m *Module) AuthorizePOSTHandler(c *gin.Context) { l := m.log.WithField("func", "AuthorizePOSTHandler") s := sessions.Default(c) - // At this point we know the user has said 'yes' to allowing the application and oauth client - // work for them, so we can set the - // We need to retrieve the original form submitted to the authorizeGEThandler, and // recreate it on the request so that it can be used further by the oauth2 library. // So first fetch all the values from the session. @@ -153,8 +153,13 @@ func (m *Module) AuthorizePOSTHandler(c *gin.Context) { c.JSON(http.StatusBadRequest, gin.H{"error": "session missing userid"}) return } + // we're done with the session so we can clear it now s.Clear() + if err := s.Save(); err != nil { + c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()}) + return + } // now set the values on the request values := url.Values{} -- cgit v1.2.3