Join the conversation

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

login, tokens and expiration

Wekan/General · April 14, 2020 at 5:01pm

login, tokens and expiration

Wekan / General · April 14, 2020 at 5:01pm

Once you have registered and then logged in with Password you get a token with a token expiration date.

If you do not logout ,that token and its expiration determines how long you can go to the site before you have to re-authenticate, correct?

If you logout, is that token still good for the duration of the original expiration date or are you re-issued a new token with a further in future expiration date?

Where can I change that expiration to a longer or short time? (in the api) or (in the GUI) or (in mongo collection)

Can I remove the expiration time so it never times out? (in the api) or (in the GUI) or (in mongo collection)

Can I force the token to expire prematurely with no user activity for a while (like 4 hours)? (in the api) or (in the GUI) or (in mongo collection)

I have an application where for some features for some users are already logged into another application and for many accounts they all see wekan as a web page embed, so getting another challenge/response to auth into wekan is a limitation. Call it a trust relationship between the two apps. The mother app has a very high authentication hurtle (three keys and two factor). Trting to automate or at least streamline the auth back into wekan.

Thanks as always

April 15, 2020 at 12:49am

Lauri Ojansivu@xet7

Team

12:49am

Hmm, it seems 2018 called again about token issue https://github.com/wekan/wekan/issues/1437

April 15, 2020 at 3:09pm

Paul Verdone@pvcon13

3:09pm

ok that issue is a good reference thank you

3:09pm

3:10pm

I may be incorrect in my assumptions

3:11pm

gui tokens have that attribute loginExpirationinDays or is that REST tokens?

3:11pm

I use both obviously

3:11pm

3:18pm

I see resume.logintoken in user collection in mongo and they have an issue date

3:18pm

is loginexpirationinsays set to three days or zero days

3:18pm

is that in snap setup?

3:18pm

if not where?

3:20pm

If so I can manually delete the tokens whenever I want

3:21pm

like with no activity or if we have too many tokens floating around we no longer need as they have been replaced in effect by newer ones

3:21pm

so I would set that (where I have to to zero and then run my own method to police in the mean time

3:38pm

I looked online for wekan loginExpirationIndays did not find anything useful

3:38pm

can I assume that is settable in snap?

3:38pm

thanks

April 15, 2020 at 10:23pm

Lauri Ojansivu@xet7

Team

10:23pm

I think those tokens are at mongodb database, but there is no snap setting for that

Paul Verdone@pvcon13

10:27pm

the tokens are in mongo under the header resume yes

10:28pm

the loginexpireindays variable I cannot find anywhere in Mongo

10:28pm

unless if it not set (declared) then there is a coded default

10:29pm

what the link you posted above ...the line I am speaking of is:

Edited

10:29pm

Ok i did some research, the login tokens are stored under resume.loginTokens and you can config the expiration with a setting loginExpirationInDays where null or 0 means, never delete tokens.

Edited

10:30pm

does config mean at the snap level?

April 16, 2020 at 3:31am

Lauri Ojansivu@xet7

Team

3:31am

snap commands are environment variables passed to node.js. Those may or may not effect database in some way. It's like sudo snap set root-url='https://example.com'. You see all commands with wekan.help | less