Refresh token never expires

Use `nil` for the `expires_at` field instead of setting a date far in the future. Because by default adding timezone is capped to a date in the future based on the tz database used. Since I don't want to have to deal with this complication, setting it to nil does the job just fine.
beyond-all-reason · Jul 28, 2024 · 7b2a579 · 7b2a579
1 parent 5ddcc77
commit 7b2a579
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/lib/teiserver/o_auth.ex b/lib/teiserver/o_auth.ex
@@ -189,8 +189,8 @@ defmodule Teiserver.OAuth do
         application_id: application.id,
         scopes: application.scopes,
         # there's no real recourse when the refresh token expires and it's
-        # quite annoying, so make it "never" expire.
-        expires_at: Timex.add(now, Timex.Duration.from_days(365 * 100)),
+        # quite annoying, so make it never expire.
+        expires_at: nil,
         type: :refresh,
         refresh_token: nil
       }
@@ -229,7 +229,7 @@ defmodule Teiserver.OAuth do
       token ->
         now = Keyword.get(opts, :now, Timex.now())
 
-        if Timex.after?(now, token.expires_at) do
+        if expired?(token, now) do
           {:error, :expired}
         else
           {:ok, token}
@@ -382,7 +382,11 @@ defmodule Teiserver.OAuth do
     do_create_token(%{autohost_id: credential.autohost_id}, credential.application)
   end
 
+  @spec expired?(map(), DateTime.t()) :: boolean()
   defp expired?(obj, now) do
-    Timex.after?(now, Map.fetch!(obj, :expires_at))
+    case Map.get(obj, :expires_at) do
+      nil -> false
+      expires_at -> Timex.after?(now, expires_at)
+    end
   end
 end
diff --git a/lib/teiserver/o_auth/schemas/token.ex b/lib/teiserver/o_auth/schemas/token.ex
@@ -10,7 +10,7 @@ defmodule Teiserver.OAuth.Token do
           owner: User.t(),
           application: OAuth.Application.t(),
           scopes: OAuth.Application.scopes(),
-          expires_at: DateTime.t(),
+          expires_at: DateTime.t() | nil,
           type: :access | :refresh,
           refresh_token: t()
         }
@@ -34,7 +34,7 @@ defmodule Teiserver.OAuth.Token do
     token
     |> cast(attrs, [:value, :owner_id, :application_id, :scopes, :expires_at, :type, :autohost_id])
     |> cast_assoc(:refresh_token)
-    |> validate_required([:value, :application_id, :scopes, :expires_at, :type])
+    |> validate_required([:value, :application_id, :scopes, :type])
     |> Ecto.Changeset.validate_subset(:scopes, OAuth.Application.allowed_scopes())
   end
 end
diff --git a/priv/repo/migrations/20240608144340_oauth_setup.exs b/priv/repo/migrations/20240608144340_oauth_setup.exs
@@ -35,7 +35,7 @@ defmodule Teiserver.Repo.Migrations.OauthSetup do
       add :owner_id, references(:account_users, on_delete: :delete_all)
       add :application_id, references(:oauth_applications, on_delete: :delete_all), null: false
       add :scopes, {:array, :string}, null: false
-      add :expires_at, :utc_datetime, null: false
+      add :expires_at, :utc_datetime, null: true
       add :type, :string, null: false
       # we should create a new refresh token when deleting an auth token and vice versa
       add :refresh_token_id, references(:oauth_tokens)