PLT-1558 adding session length to config file

9 files changed, 67 insertions, 24 deletions

diff --git a/api/context.go b/api/context.go
index a6f9bc1e1..b39f03a7d 100644
--- a/api/context.go
+++ b/api/context.go
@@ -523,6 +523,13 @@ func GetSession(token string) *model.Session {
 			l4g.Error("Invalid session token=" + token + ", err=" + sessionResult.Err.DetailedError)
 		} else {
 			session = sessionResult.Data.(*model.Session)
+
+			if session.IsExpired() {
+				return nil
+			} else {
+				AddSessionToCache(session)
+				return session
+			}
 		}
 	}
 
@@ -553,5 +560,5 @@ func FindMultiSessionForTeamId(r *http.Request, teamId string) (int64, *model.Se
 }
 
 func AddSessionToCache(session *model.Session) {
-	sessionCache.Add(session.Token, session)
+	sessionCache.AddWithExpiresInSecs(session.Token, session, int64(*utils.Cfg.ServiceSettings.SessionCacheInMinutes*60))
 }
diff --git a/api/user.go b/api/user.go
index 42a65c934..d4c7fcaf5 100644
--- a/api/user.go
+++ b/api/user.go
@@ -492,11 +492,11 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User,
 
 	session := &model.Session{UserId: user.Id, TeamId: user.TeamId, Roles: user.Roles, DeviceId: deviceId, IsOAuth: false}
 
-	maxAge := model.SESSION_TIME_WEB_IN_SECS
+	maxAge := *utils.Cfg.ServiceSettings.SessionLengthWebInDays * 60 * 60 * 24
 
 	if len(deviceId) > 0 {
-		session.SetExpireInDays(model.SESSION_TIME_MOBILE_IN_DAYS)
-		maxAge = model.SESSION_TIME_MOBILE_IN_SECS
+		session.SetExpireInDays(*utils.Cfg.ServiceSettings.SessionLengthMobileInDays)
+		maxAge = *utils.Cfg.ServiceSettings.SessionLengthMobileInDays * 60 * 60 * 24
 
 		// A special case where we logout of all other sessions with the same Id
 		if result := <-Srv.Store.Session().GetSessions(user.Id); result.Err != nil {
@@ -518,7 +518,7 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User,
 		}
 
 	} else {
-		session.SetExpireInDays(model.SESSION_TIME_WEB_IN_DAYS)
+		session.SetExpireInDays(*utils.Cfg.ServiceSettings.SessionLengthWebInDays)
 	}
 
 	ua := user_agent.New(r.UserAgent())
diff --git a/config/config.json b/config/config.json
index 5469608f8..ac9f5db95 100644
--- a/config/config.json
+++ b/config/config.json
@@ -11,7 +11,11 @@
         "EnablePostIconOverride": false,
         "EnableTesting": false,
         "EnableDeveloper": false,
-        "EnableSecurityFixAlert": true
+        "EnableSecurityFixAlert": true,
+        "SessionLengthWebInDays" : 30,
+        "SessionLengthMobileInDays" : 30,
+        "SessionLengthSSOInDays" : 30,
+        "SessionCacheInMinutes" : 10
     },
     "TeamSettings": {
         "SiteName": "Mattermost",
diff --git a/docker/dev/config_docker.json b/docker/dev/config_docker.json
index 2c109c105..255961e37 100644
--- a/docker/dev/config_docker.json
+++ b/docker/dev/config_docker.json
@@ -11,7 +11,11 @@
         "EnablePostIconOverride": false,
         "EnableTesting": false,
         "EnableDeveloper": false,
-        "EnableSecurityFixAlert": true
+        "EnableSecurityFixAlert": true,
+        "SessionLengthWebInDays" : 30,
+        "SessionLengthMobileInDays" : 30,
+        "SessionLengthSSOInDays" : 30,
+        "SessionCacheInMinutes" : 10
     },
     "TeamSettings": {
         "SiteName": "Mattermost",
diff --git a/docker/local/config_docker.json b/docker/local/config_docker.json
index 2c109c105..255961e37 100644
--- a/docker/local/config_docker.json
+++ b/docker/local/config_docker.json
@@ -11,7 +11,11 @@
         "EnablePostIconOverride": false,
         "EnableTesting": false,
         "EnableDeveloper": false,
-        "EnableSecurityFixAlert": true
+        "EnableSecurityFixAlert": true,
+        "SessionLengthWebInDays" : 30,
+        "SessionLengthMobileInDays" : 30,
+        "SessionLengthSSOInDays" : 30,
+        "SessionCacheInMinutes" : 10
     },
     "TeamSettings": {
         "SiteName": "Mattermost",
diff --git a/manualtesting/manual_testing.go b/manualtesting/manual_testing.go
index ffdb578a4..b3d01a5a6 100644
--- a/manualtesting/manual_testing.go
+++ b/manualtesting/manual_testing.go
@@ -114,7 +114,7 @@ func manualTest(c *api.Context, w http.ResponseWriter, r *http.Request) {
 			Name:     model.SESSION_COOKIE_TOKEN,
 			Value:    client.AuthToken,
 			Path:     "/",
-			MaxAge:   model.SESSION_TIME_WEB_IN_SECS,
+			MaxAge:   *utils.Cfg.ServiceSettings.SessionLengthWebInDays * 60 * 60 * 24,
 			HttpOnly: true,
 		}
 		http.SetCookie(w, sessionCookie)
diff --git a/model/config.go b/model/config.go
index a4792ff9e..ed56ed0c7 100644
--- a/model/config.go
+++ b/model/config.go
@@ -36,6 +36,10 @@ type ServiceSettings struct {
 	EnableTesting              bool
 	EnableDeveloper            *bool
 	EnableSecurityFixAlert     *bool
+	SessionLengthWebInDays     *int
+	SessionLengthMobileInDays  *int
+	SessionLengthSSOInDays     *int
+	SessionCacheInMinutes      *int
 }
 
 type SSOSettings struct {
@@ -306,6 +310,26 @@ func (o *Config) SetDefaults() {
 		o.LdapSettings.Enable = new(bool)
 		*o.LdapSettings.Enable = false
 	}
+
+	if o.ServiceSettings.SessionLengthWebInDays == nil {
+		o.ServiceSettings.SessionLengthWebInDays = new(int)
+		*o.ServiceSettings.SessionLengthWebInDays = 30
+	}
+
+	if o.ServiceSettings.SessionLengthMobileInDays == nil {
+		o.ServiceSettings.SessionLengthMobileInDays = new(int)
+		*o.ServiceSettings.SessionLengthMobileInDays = 30
+	}
+
+	if o.ServiceSettings.SessionLengthSSOInDays == nil {
+		o.ServiceSettings.SessionLengthSSOInDays = new(int)
+		*o.ServiceSettings.SessionLengthSSOInDays = 30
+	}
+
+	if o.ServiceSettings.SessionCacheInMinutes == nil {
+		o.ServiceSettings.SessionCacheInMinutes = new(int)
+		*o.ServiceSettings.SessionCacheInMinutes = 10
+	}
 }
 
 func (o *Config) IsValid() *AppError {
diff --git a/model/session.go b/model/session.go
index 5fe74a161..d1dfc3514 100644
--- a/model/session.go
+++ b/model/session.go
@@ -9,18 +9,18 @@ import (
 )
 
 const (
-	SESSION_COOKIE_TOKEN        = "MMTOKEN"
-	SESSION_TIME_WEB_IN_DAYS    = 30
-	SESSION_TIME_WEB_IN_SECS    = 60 * 60 * 24 * SESSION_TIME_WEB_IN_DAYS
-	SESSION_TIME_MOBILE_IN_DAYS = 30
-	SESSION_TIME_MOBILE_IN_SECS = 60 * 60 * 24 * SESSION_TIME_MOBILE_IN_DAYS
-	SESSION_TIME_OAUTH_IN_DAYS  = 365
-	SESSION_TIME_OAUTH_IN_SECS  = 60 * 60 * 24 * SESSION_TIME_OAUTH_IN_DAYS
-	SESSION_CACHE_IN_SECS       = 60 * 10
-	SESSION_CACHE_SIZE          = 10000
-	SESSION_PROP_PLATFORM       = "platform"
-	SESSION_PROP_OS             = "os"
-	SESSION_PROP_BROWSER        = "browser"
+	SESSION_COOKIE_TOKEN = "MMTOKEN"
+	// SESSION_TIME_WEB_IN_DAYS    = 30
+	// SESSION_TIME_WEB_IN_SECS    = 60 * 60 * 24 * SESSION_TIME_WEB_IN_DAYS
+	// SESSION_TIME_MOBILE_IN_DAYS = 30
+	// SESSION_TIME_MOBILE_IN_SECS = 60 * 60 * 24 * SESSION_TIME_MOBILE_IN_DAYS
+	// SESSION_TIME_OAUTH_IN_DAYS  = 365
+	// SESSION_TIME_OAUTH_IN_SECS  = 60 * 60 * 24 * SESSION_TIME_OAUTH_IN_DAYS
+	// SESSION_CACHE_IN_SECS       = 60 * 10
+	SESSION_CACHE_SIZE    = 10000
+	SESSION_PROP_PLATFORM = "platform"
+	SESSION_PROP_OS       = "os"
+	SESSION_PROP_BROWSER  = "browser"
 )
 
 type Session struct {
@@ -89,8 +89,8 @@ func (me *Session) IsExpired() bool {
 	return false
 }
 
-func (me *Session) SetExpireInDays(days int64) {
-	me.ExpiresAt = GetMillis() + (1000 * 60 * 60 * 24 * days)
+func (me *Session) SetExpireInDays(days int) {
+	me.ExpiresAt = GetMillis() + (1000 * 60 * 60 * 24 * int64(days))
 }
 
 func (me *Session) AddProp(key string, value string) {
diff --git a/web/web.go b/web/web.go
index 6e0e8df32..7e8234138 100644
--- a/web/web.go
+++ b/web/web.go
@@ -991,7 +991,7 @@ func getAccessToken(c *api.Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	accessRsp := &model.AccessResponse{AccessToken: session.Token, TokenType: model.ACCESS_TOKEN_TYPE, ExpiresIn: model.SESSION_TIME_OAUTH_IN_SECS}
+	accessRsp := &model.AccessResponse{AccessToken: session.Token, TokenType: model.ACCESS_TOKEN_TYPE, ExpiresIn: int32(*utils.Cfg.ServiceSettings.SessionLengthSSOInDays * 60 * 60 * 24)}
 
 	w.Header().Set("Content-Type", "application/json")
 	w.Header().Set("Cache-Control", "no-store")