From 04bb60a05e4c62e893b96b4f5c548263d725077c Mon Sep 17 00:00:00 2001 From: Mateusz Mandera Date: Tue, 5 Dec 2023 02:00:53 +0100 Subject: [PATCH] remote_billing: Increase signed link validity to 2 hours. This cannot be so short if we're adding an intermittent "check your details, agree to ToS and confirm login" page. We're also considering having users potentially share these links. --- corporate/views/remote_billing_page.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/corporate/views/remote_billing_page.py b/corporate/views/remote_billing_page.py index 0cbc027e2a..0625027e0a 100644 --- a/corporate/views/remote_billing_page.py +++ b/corporate/views/remote_billing_page.py @@ -38,6 +38,8 @@ billing_logger = logging.getLogger("corporate.stripe") VALID_NEXT_PAGES = [None, "sponsorship", "upgrade", "billing", "plans"] VALID_NEXT_PAGES_TYPE = Literal[None, "sponsorship", "upgrade", "billing", "plans"] +REMOTE_BILLING_SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS = 2 * 60 * 60 + @csrf_exempt @typed_endpoint @@ -87,12 +89,14 @@ def remote_realm_billing_finalize_login( ) -> HttpResponse: # Sanity assert, because otherwise these make no sense. assert ( - settings.SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS < REMOTE_BILLING_SESSION_VALIDITY_SECONDS + REMOTE_BILLING_SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS + <= REMOTE_BILLING_SESSION_VALIDITY_SECONDS ) try: identity_dict: RemoteBillingIdentityDict = signing.loads( - signed_billing_access_token, max_age=settings.SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS + signed_billing_access_token, + max_age=REMOTE_BILLING_SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS, ) except signing.SignatureExpired: raise JsonableError(_("Billing access token expired."))