From 4a3e3633ea77e56923c979b9c2009fd5aaeea044 Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Fri, 25 Mar 2022 20:29:00 +0530
Subject: [PATCH] fix: default access token expiry time

---
 dashboard/src/pages/Environment.tsx | 7 ++++---
 server/env/env.go                   | 3 +++
 server/env/persist_env.go           | 1 +
 server/handlers/authorize.go        | 3 ---
 server/resolvers/env.go             | 4 ++++
 server/token/auth_token.go          | 4 ++--
 6 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/dashboard/src/pages/Environment.tsx b/dashboard/src/pages/Environment.tsx
index c51b95a..a6ef5a5 100644
--- a/dashboard/src/pages/Environment.tsx
+++ b/dashboard/src/pages/Environment.tsx
@@ -618,11 +618,12 @@ export default function Environment() {
 					</Flex>
 				</Flex>
 				<Flex>
-					<Flex w="30%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Custom Access Token Scripts:</Text>
+					<Flex w="30%" justifyContent="start" direction="column">
+						<Text fontSize="sm">Custom Scripts:</Text>
+						<Text fontSize="sm">Used to add custom fields in ID token</Text>
 					</Flex>
 					<Flex w="70%">
-					<InputField
+						<InputField
 							variables={envVariables}
 							setVariables={setEnvVariables}
 							inputType={TextAreaInputType.CUSTOM_ACCESS_TOKEN_SCRIPT}
diff --git a/server/env/env.go b/server/env/env.go
index 728bb6b..2861d91 100644
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -122,6 +122,9 @@ func InitAllEnv() error {
 
 	if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
 		envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+		if envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] == "" {
+			envData.StringEnv[constants.EnvKeyAccessTokenExpiryTime] = "30m"
+		}
 	}
 
 	if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {
diff --git a/server/env/persist_env.go b/server/env/persist_env.go
index 42ba969..82283d7 100644
--- a/server/env/persist_env.go
+++ b/server/env/persist_env.go
@@ -165,6 +165,7 @@ func PersistEnv() error {
 				hasChanged = true
 			}
 		}
+
 		envstore.EnvStoreObj.UpdateEnvStore(storeData)
 		jwk, err := crypto.GenerateJWKBasedOnEnv()
 		if err != nil {
diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
index b70c4de..572ebae 100644
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -1,7 +1,6 @@
 package handlers
 
 import (
-	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -52,8 +51,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 			gc.JSON(400, gin.H{"error": "invalid response mode"})
 		}
 
-		fmt.Println("=> redirect URI:", redirectURI)
-		fmt.Println("=> state:", state)
 		if redirectURI == "" {
 			redirectURI = "/app"
 		}
diff --git a/server/resolvers/env.go b/server/resolvers/env.go
index 9ee3c60..dc7db8d 100644
--- a/server/resolvers/env.go
+++ b/server/resolvers/env.go
@@ -67,6 +67,10 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	organizationName := store.StringEnv[constants.EnvKeyOrganizationName]
 	organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]
 
+	if accessTokenExpiryTime == "" {
+		accessTokenExpiryTime = "30m"
+	}
+
 	res = &model.Env{
 		AccessTokenExpiryTime:      &accessTokenExpiryTime,
 		AdminSecret:                &adminSecret,
diff --git a/server/token/auth_token.go b/server/token/auth_token.go
index 905df4a..9608809 100644
--- a/server/token/auth_token.go
+++ b/server/token/auth_token.go
@@ -132,7 +132,7 @@ func CreateRefreshToken(user models.User, roles, scopes []string, hostname, nonc
 func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce string) (string, int64, error) {
 	expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
 	if err != nil {
-		expiryBound = time.Minute * 15
+		expiryBound = time.Minute * 30
 	}
 
 	expiresAt := time.Now().Add(expiryBound).Unix()
@@ -288,7 +288,7 @@ func ValidateBrowserSession(gc *gin.Context, encryptedSession string) (*SessionD
 func CreateIDToken(user models.User, roles []string, hostname, nonce string) (string, int64, error) {
 	expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
 	if err != nil {
-		expiryBound = time.Minute * 15
+		expiryBound = time.Minute * 30
 	}
 
 	expiresAt := time.Now().Add(expiryBound).Unix()