diff --git a/app/models/users/access_verifier.rb b/app/models/users/access_verifier.rb index 72ab7f314f4df..c815dba863f0c 100644 --- a/app/models/users/access_verifier.rb +++ b/app/models/users/access_verifier.rb @@ -21,8 +21,6 @@ module Users module AccessVerifier - TTL_MINUTES = 5 - class InvalidVerifier < RuntimeError end @@ -40,7 +38,7 @@ def self.generate(claims) jwt_claims[:root_account_id] = root_account.global_id.to_s if root_account jwt_claims.merge!(claims.slice(:oauth_host, :return_url, :fallback_url)) - expires = TTL_MINUTES.minutes.from_now + expires = Setting.get('access_verifier.ttl_minutes', '5').to_i.minutes.from_now key = nil # use default key { sf_verifier: Canvas::Security.create_jwt(jwt_claims, expires, key, :HS512) } end diff --git a/spec/controllers/files_controller_spec.rb b/spec/controllers/files_controller_spec.rb index cfe33084f5b05..b8a1d92374800 100644 --- a/spec/controllers/files_controller_spec.rb +++ b/spec/controllers/files_controller_spec.rb @@ -369,7 +369,7 @@ def file_with_path(path) # second use after verifier expiration but before session expiration. # expired verifier should be ignored but session should still be extended - Timecop.freeze((Users::AccessVerifier::TTL_MINUTES + 1).minutes.from_now) do + Timecop.freeze((Setting.get('access_verifier.ttl_minutes', '5').to_i + 1).minutes.from_now) do get 'show', params: verifier.merge(id: file.id) end expect(response).to be_successful diff --git a/spec/models/users/access_verifier_spec.rb b/spec/models/users/access_verifier_spec.rb index 814066feb0f06..03e6535f684a0 100644 --- a/spec/models/users/access_verifier_spec.rb +++ b/spec/models/users/access_verifier_spec.rb @@ -92,7 +92,7 @@ module Users it "raises InvalidVerifier if too old" do verifier = Users::AccessVerifier.generate(user: user) - Timecop.freeze(10.minutes.from_now) do + Timecop.freeze((Setting.get('access_verifier.ttl_minutes', '5').to_i + 1).minutes.from_now) do expect{ Users::AccessVerifier.validate(verifier) }.to raise_exception(Canvas::Security::TokenExpired) end end