feat: allow to configure WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME environment variable

ccd84de3 · Fabrice Gangler · 6d50ccd9 · ccd84de3 · ccd84de3 · ccd84de3
Commit ccd84de3 authored 9 months ago by Fabrice Gangler
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -39,6 +39,7 @@ The following parameters are available in the `comptoir` class:
 * [`app_name`](#-comptoir--app_name)
 * [`app_shortname`](#-comptoir--app_shortname)
 * [`app_session_lifetime`](#-comptoir--app_session_lifetime)
+* [`app_reset_password_token_lifetime`](#-comptoir--app_reset_password_token_lifetime)
 * [`app_user_min_password_lenght`](#-comptoir--app_user_min_password_lenght)
 * [`app_version_displayed_publicly`](#-comptoir--app_version_displayed_publicly)
 * [`app_secret`](#-comptoir--app_secret)
@@ -121,6 +122,14 @@ Lifetime of webapp session in seconds
 Default value: `3600`
+##### <a name="-comptoir--app_reset_password_token_lifetime"></a>`app_reset_password_token_lifetime`
+Data type: `Integer`
+Lifetime of reset password token in seconds
+Default value: `1500`
 ##### <a name="-comptoir--app_user_min_password_lenght"></a>`app_user_min_password_lenght`
 Data type: `Integer`

--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -9,6 +9,7 @@
 # @param app_name A custom string displayed to users as name of service.
 # @param app_shortname A custom string displayed to users as short name of service.
 # @param app_session_lifetime Lifetime of webapp session in seconds
+# @param app_reset_password_token_lifetime Lifetime of reset password token in seconds
 # @param app_user_min_password_lenght Minimum user password length
 # @param app_version_displayed_publicly Public display of software version
 # @param app_secret Application secret is required to generate CSRF tokens
@@ -53,6 +54,7 @@ class comptoir (
  String[1] $app_name = 'Comptoir-du-Libre',
  String[1] $app_shortname = 'Comptoir',
  Integer $app_session_lifetime = 3600,
+  Integer $app_reset_password_token_lifetime = 1500,
  Integer $app_user_min_password_lenght = 12,
  Boolean $app_version_displayed_publicly = false,
  Stdlib::Absolutepath $config_path = '/etc/comptoir',

--- a/spec/classes/comptoir_spec.rb
+++ b/spec/classes/comptoir_spec.rb
@@ -38,6 +38,8 @@ describe 'comptoir' do
            .with_content(sensitive(%r{^WEBAPP_TIMEZONE='Europe/Paris'$}))
          is_expected.to contain_file('/etc/comptoir/env.prod.local') \
            .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=12$}))
+          is_expected.to contain_file('/etc/comptoir/env.prod.local') \
+            .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=1500$}))
        end
      end
@@ -264,6 +266,32 @@ describe 'comptoir' do
            .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=16$}))
        end
      end
+      context '/etc/comptoir/env.prod.local with custom password reset token lifetime (10 minutes, smaller than default value)' do
+        let(:params) do
+          {
+            app_reset_password_token_lifetime: 60 * 10, # 60 secondes * 10 minutes = 600 seconds
+          }
+        end
+        it do
+          is_expected.to contain_file('/etc/comptoir/env.prod.local') \
+            .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=600$}))
+        end
+      end
+      context '/etc/comptoir/env.prod.local with custom password reset token lifetime (3 hours, greater than default value)' do
+        let(:params) do
+          {
+            app_reset_password_token_lifetime: 60 * 60 * 3, # 60 secondes * 60 minutes * 3 hours = 10 800 seconds
+          }
+        end
+        it do
+          is_expected.to contain_file('/etc/comptoir/env.prod.local') \
+            .with_content(sensitive(%r{^WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=10800$}))
+        end
+      end
    end
  end
 end
--- a/templates/env.prod.local.epp
+++ b/templates/env.prod.local.epp
@@ -23,9 +23,9 @@
 #    - WEBAPP_TIMEZONE              Time Zone of web application (default: Europe/Paris)
 #    - WEBAPP_TRUSTED_HOSTS         List of allowed domains and IP to prevent HTTP Host header attacks
 #######################################################################################################################
-#    - WEBAPP_USER_CONFIG_RESET_PASSWORD_TOKEN_LIFETIME   Lifetime of reset password token in seconds (default: 1200 = 20 minutes).
-#    - WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH             Minimum user password length (default: 12)
 #    - WEBAPP_SOFTWARE_VERSION_DISPLAYED_PUBLICLY         Public display of software version (default: true)
+#    - WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH             Minimum user password length (default: 12)
+#    - WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME   Lifetime of reset password token in seconds (default: 1200 = 20 minutes).
 #######################################################################################################################
 APP_ENV=prod
@@ -44,7 +44,4 @@ WEBAPP_SOFTWARE_VERSION_DISPLAYED_PUBLICLY=<% if $comptoir::app_version_displaye
 WEBAPP_TIMEZONE='<%= $comptoir::timezone %>'
 WEBAPP_TRUSTED_HOSTS='<%= $comptoir::trusted_hosts %>'
 WEBAPP_USER_CONFIG_MIN_PASSWORD_LENGTH=<%= $comptoir::app_user_min_password_lenght %>
+WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=<%= $comptoir::app_reset_password_token_lifetime %>
-############ Environment variables not yet managed by Puppet ##########################################################
-# WEBAPP_USER_CONFIG_PASSWORD_RESET_TOKEN_LIFETIME=1200
-#######################################################################################################################