diff --git a/packages/server/modules/workspaces/domain/sso/logic.ts b/packages/server/modules/workspaces/domain/sso/logic.ts index 6e33cc400..c991d99c9 100644 --- a/packages/server/modules/workspaces/domain/sso/logic.ts +++ b/packages/server/modules/workspaces/domain/sso/logic.ts @@ -9,9 +9,9 @@ import type { UnknownObject, UserinfoResponse } from 'openid-client' * Get the default expiration time for an SSO session based on the current time. * TODO: Is 7 days a good default session length? */ -export const getDefaultSsoSessionExpirationDate = (): Date => { +export const getDefaultSsoSessionExpirationDate = (days = 7): Date => { const now = new Date() - now.setDate(now.getDate() + 7) + now.setDate(now.getDate() + days) return now } diff --git a/packages/server/modules/workspaces/domain/sso/types.ts b/packages/server/modules/workspaces/domain/sso/types.ts index 31b425fef..aa0339845 100644 --- a/packages/server/modules/workspaces/domain/sso/types.ts +++ b/packages/server/modules/workspaces/domain/sso/types.ts @@ -3,6 +3,7 @@ import type { infer as Infer } from 'zod' type ProviderBaseRecord = { id: string + sessionTimeoutDays: number createdAt: Date updatedAt: Date } diff --git a/packages/server/modules/workspaces/rest/sso.ts b/packages/server/modules/workspaces/rest/sso.ts index f507c82bb..891c0a491 100644 --- a/packages/server/modules/workspaces/rest/sso.ts +++ b/packages/server/modules/workspaces/rest/sso.ts @@ -636,7 +636,9 @@ const handleOidcCallbackFactory = userId: req.user.id, providerId: decryptedOidcProvider.providerId, createdAt: new Date(), - validUntil: getDefaultSsoSessionExpirationDate() + validUntil: getDefaultSsoSessionExpirationDate( + decryptedOidcProvider.sessionTimeoutDays + ) } }) diff --git a/packages/server/modules/workspaces/services/sso.ts b/packages/server/modules/workspaces/services/sso.ts index 57ca9ba9a..f9851d161 100644 --- a/packages/server/modules/workspaces/services/sso.ts +++ b/packages/server/modules/workspaces/services/sso.ts @@ -116,6 +116,7 @@ export const saveSsoProviderRegistrationFactory = providerType: 'oidc', createdAt: new Date(), updatedAt: new Date(), + sessionTimeoutDays: 7, id: providerId } const maybeExistingSsoProvider = await getWorkspaceSsoProvider({ workspaceId }) diff --git a/packages/server/modules/workspaces/tests/helpers/creation.ts b/packages/server/modules/workspaces/tests/helpers/creation.ts index b58c36848..c951dd460 100644 --- a/packages/server/modules/workspaces/tests/helpers/creation.ts +++ b/packages/server/modules/workspaces/tests/helpers/creation.ts @@ -723,6 +723,7 @@ export const createTestOidcProvider = async ( id: providerId, createdAt: new Date(), updatedAt: new Date(), + sessionTimeoutDays: 7, providerType: 'oidc', provider: { providerName: 'Test Provider', diff --git a/packages/server/modules/workspacesCore/migrations/20250820151448_add_sso_timeout_override.ts b/packages/server/modules/workspacesCore/migrations/20250820151448_add_sso_timeout_override.ts new file mode 100644 index 000000000..c7e8d5e15 --- /dev/null +++ b/packages/server/modules/workspacesCore/migrations/20250820151448_add_sso_timeout_override.ts @@ -0,0 +1,13 @@ +import type { Knex } from 'knex' + +export async function up(knex: Knex): Promise { + await knex.schema.alterTable('sso_providers', (table) => { + table.integer('sessionTimeoutDays').notNullable().defaultTo(7) + }) +} + +export async function down(knex: Knex): Promise { + await knex.schema.alterTable('sso_providers', (table) => { + table.dropColumn('sessionTimeoutDays') + }) +}