getMaxTokenLifetime returns the maximum allowed token lifetime for a user. It distinguishes between regular users and owners.
(ctx context.Context, userID uuid.UUID)
| 540 | // getMaxTokenLifetime returns the maximum allowed token lifetime for a user. |
| 541 | // It distinguishes between regular users and owners. |
| 542 | func (api *API) getMaxTokenLifetime(ctx context.Context, userID uuid.UUID) (time.Duration, error) { |
| 543 | subject, _, err := httpmw.UserRBACSubject(ctx, api.Database, userID, rbac.ScopeAll) |
| 544 | if err != nil { |
| 545 | return 0, xerrors.Errorf("failed to get user rbac subject: %w", err) |
| 546 | } |
| 547 | |
| 548 | roles, err := subject.Roles.Expand() |
| 549 | if err != nil { |
| 550 | return 0, xerrors.Errorf("failed to expand user roles: %w", err) |
| 551 | } |
| 552 | |
| 553 | maxLifetime := api.DeploymentValues.Sessions.MaximumTokenDuration.Value() |
| 554 | for _, role := range roles { |
| 555 | if role.Identifier.Name == codersdk.RoleOwner { |
| 556 | // Owners have a different max lifetime. |
| 557 | maxLifetime = api.DeploymentValues.Sessions.MaximumAdminTokenDuration.Value() |
| 558 | break |
| 559 | } |
| 560 | } |
| 561 | |
| 562 | return maxLifetime, nil |
| 563 | } |
| 564 | |
| 565 | func (api *API) createAPIKey(ctx context.Context, params apikey.CreateParams) (*http.Cookie, *database.APIKey, error) { |
| 566 | key, sessionToken, err := apikey.Generate(params) |
no test coverage detected