Join the conversation

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

login, tokens and expiration

Wekan/General · April 14, 2020 at 5:01pm

login, tokens and expiration

Wekan / General · April 14, 2020 at 5:01pm

Once you have registered and then logged in with Password you get a token with a token expiration date.

If you do not logout ,that token and its expiration determines how long you can go to the site before you have to re-authenticate, correct?

If you logout, is that token still good for the duration of the original expiration date or are you re-issued a new token with a further in future expiration date?

Where can I change that expiration to a longer or short time? (in the api) or (in the GUI) or (in mongo collection)

Can I remove the expiration time so it never times out? (in the api) or (in the GUI) or (in mongo collection)

Can I force the token to expire prematurely with no user activity for a while (like 4 hours)? (in the api) or (in the GUI) or (in mongo collection)

I have an application where for some features for some users are already logged into another application and for many accounts they all see wekan as a web page embed, so getting another challenge/response to auth into wekan is a limitation. Call it a trust relationship between the two apps. The mother app has a very high authentication hurtle (three keys and two factor). Trting to automate or at least streamline the auth back into wekan.

Thanks as always

Load previous messages

April 15, 2020 at 3:09pm

Paul Verdone@pvcon13

3:09pm

3:10pm

I may be incorrect in my assumptions

3:11pm

gui tokens have that attribute loginExpirationinDays or is that REST tokens?

3:11pm

I use both obviously

3:11pm

3:18pm

I see resume.logintoken in user collection in mongo and they have an issue date

3:18pm

is loginexpirationinsays set to three days or zero days

3:18pm

is that in snap setup?

3:18pm

if not where?

3:20pm

If so I can manually delete the tokens whenever I want

3:21pm

like with no activity or if we have too many tokens floating around we no longer need as they have been replaced in effect by newer ones

3:21pm

so I would set that (where I have to to zero and then run my own method to police in the mean time

3:38pm

I looked online for wekan loginExpirationIndays did not find anything useful

3:38pm

can I assume that is settable in snap?

3:38pm

thanks

April 15, 2020 at 10:23pm

Lauri Ojansivu@xet7

Team

10:23pm

I think those tokens are at mongodb database, but there is no snap setting for that

Paul Verdone@pvcon13

10:27pm

the tokens are in mongo under the header resume yes

10:28pm

the loginexpireindays variable I cannot find anywhere in Mongo

10:28pm

unless if it not set (declared) then there is a coded default

10:29pm

what the link you posted above ...the line I am speaking of is:

Edited

10:29pm

Ok i did some research, the login tokens are stored under resume.loginTokens and you can config the expiration with a setting loginExpirationInDays where null or 0 means, never delete tokens.

Edited

10:30pm

does config mean at the snap level?

April 16, 2020 at 3:31am

Lauri Ojansivu@xet7

Team

3:31am

snap commands are environment variables passed to node.js. Those may or may not effect database in some way. It's like sudo snap set root-url='https://example.com'. You see all commands with wekan.help | less

3:31am

at bash, it's export ROOT_URL=https://example.com

3:32am

similarly at docker-compose.yml at https://wekan.github.io