diff --git a/app/models/users/access_verifier.rb b/app/models/users/access_verifier.rb index e6526a04d128a..71be5a1fb48a7 100644 --- a/app/models/users/access_verifier.rb +++ b/app/models/users/access_verifier.rb @@ -21,8 +21,6 @@ module Users module AccessVerifier - TTL_MINUTES = 5 - class InvalidVerifier < RuntimeError end @@ -40,7 +38,7 @@ def self.generate(claims) jwt_claims[:root_account_id] = root_account.global_id.to_s if root_account jwt_claims.merge!(claims.slice(:oauth_host, :return_url, :fallback_url)) - expires = TTL_MINUTES.minutes.from_now + expires = Setting.get("access_verifier.ttl_minutes", "5").to_i.minutes.from_now key = nil # use default key { sf_verifier: Canvas::Security.create_jwt(jwt_claims, expires, key, :HS512) } end diff --git a/spec/controllers/files_controller_spec.rb b/spec/controllers/files_controller_spec.rb index 2df86e3bc6ded..c1d7a568e18c5 100644 --- a/spec/controllers/files_controller_spec.rb +++ b/spec/controllers/files_controller_spec.rb @@ -367,7 +367,7 @@ def file_with_path(path) # second use after verifier expiration but before session expiration. # expired verifier should be ignored but session should still be extended - Timecop.freeze((Users::AccessVerifier::TTL_MINUTES + 1).minutes.from_now) do + Timecop.freeze((Setting.get("access_verifier.ttl_minutes", "5").to_i + 1).minutes.from_now) do get "show", params: verifier.merge(id: file.id) end expect(response).to be_successful diff --git a/spec/models/users/access_verifier_spec.rb b/spec/models/users/access_verifier_spec.rb index 8e6a5aa1fb52b..2e38522502edd 100644 --- a/spec/models/users/access_verifier_spec.rb +++ b/spec/models/users/access_verifier_spec.rb @@ -91,7 +91,7 @@ module Users it "raises InvalidVerifier if too old" do verifier = Users::AccessVerifier.generate(user: user) - Timecop.freeze(10.minutes.from_now) do + Timecop.freeze((Setting.get("access_verifier.ttl_minutes", "5").to_i + 1).minutes.from_now) do expect { Users::AccessVerifier.validate(verifier) }.to raise_exception(Canvas::Security::TokenExpired) end end