Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

settings: Add new SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS setting.

This commit is contained in:
Mateusz Mandera 2023-11-21 15:34:07 +01:00 committed by Tim Abbott
parent 8187d6b963
commit 2149cd236f
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/views/upload.py
View File

@ -208,7 +208,9 @@ def get_file_path_id_from_token(token: str) -> Optional[str]:
signer = TimestampSigner(salt=USER_UPLOADS_ACCESS_TOKEN_SALT) signer = TimestampSigner(salt=USER_UPLOADS_ACCESS_TOKEN_SALT)
try: try:
signed_data = base64.b16decode(token).decode() signed_data = base64.b16decode(token).decode()
path_id = signer.unsign(signed_data, max_age=timedelta(seconds=60)) path_id = signer.unsign(
signed_data, max_age=timedelta(seconds=settings.SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS)
)
except (BadSignature, binascii.Error): except (BadSignature, binascii.Error):
return None return None

4
zproject/default_settings.py
View File

@ -608,3 +608,7 @@ MAX_STREAM_SIZE_FOR_TYPING_NOTIFICATIONS = 100
# installations with thousands of users with many guests limited in # installations with thousands of users with many guests limited in
# this way, pending further optimization of the relevant code paths. # this way, pending further optimization of the relevant code paths.
CAN_ACCESS_ALL_USERS_GROUP_LIMITS_PRESENCE = False CAN_ACCESS_ALL_USERS_GROUP_LIMITS_PRESENCE = False
# General expiry time for signed tokens we may generate
# in some places through the codebase.
SIGNED_ACCESS_TOKEN_VALIDITY_IN_SECONDS = 60