Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include expiration info, drop "personalized", in MFA email #24630

Merged
merged 1 commit into from
Dec 11, 2024
Merged

Include expiration info, drop "personalized", in MFA email #24630

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions server/datastore/mysql/sessions.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,12 @@ import (
"context"
"database/sql"
"errors"
"time"

"github.com/fleetdm/fleet/v4/server"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/jmoiron/sqlx"
)

const mfaLinkTTL = time.Minute * 15
const mfaTokenEntropyInBytes = 32

func (ds *Datastore) SessionByMFAToken(ctx context.Context, token string, sessionKeySize int) (*fleet.Session, *fleet.User, error) {
Expand All @@ -23,7 +20,7 @@ func (ds *Datastore) SessionByMFAToken(ctx context.Context, token string, sessio
&userID,
"SELECT user_id FROM verification_tokens WHERE token = ? AND created_at >= NOW() - INTERVAL ? SECOND",
token,
mfaLinkTTL.Seconds(),
fleet.MFALinkTTL.Seconds(),
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
Expand Down
2 changes: 1 addition & 1 deletion server/datastore/mysql/sessions_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func testMFA(t *testing.T, ds *Datastore) {
_, err := q.ExecContext(
context.Background(),
"UPDATE verification_tokens SET created_at = NOW() - INTERVAL ? SECOND - INTERVAL 0.5 SECOND",
mfaLinkTTL.Seconds(),
fleet.MFALinkTTL.Seconds(),
)
return err
})
Expand Down
2 changes: 2 additions & 0 deletions server/fleet/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1196,4 +1196,6 @@ const (
BatchSetSoftwareInstallersStatusFailed = "failed"
// MinOrbitLUKSVersion is the earliest version of Orbit that can escrow LUKS passphrases
MinOrbitLUKSVersion = "1.36.0"
// MFALinkTTL is how long MFA verification links stay active
MFALinkTTL = time.Minute * 15
)
13 changes: 8 additions & 5 deletions server/mail/mfa.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package mail

import (
"bytes"
"github.com/fleetdm/fleet/v4/server/fleet"
"html/template"
"time"

Expand All @@ -10,15 +11,17 @@ import (

// MFAMailer is used to build an email template for the MFA email.
type MFAMailer struct {
FullName string
Token string
BaseURL template.URL
AssetURL template.URL
CurrentYear int
FullName string
Token string
BaseURL template.URL
AssetURL template.URL
CurrentYear int
TTLInMinutes float64 // due to rounding below, will always be a whole number
}

func (i *MFAMailer) Message() ([]byte, error) {
i.CurrentYear = time.Now().Year()
i.TTLInMinutes = fleet.MFALinkTTL.Truncate(time.Minute).Minutes() // better to show a whole, rounded-down number
t, err := server.GetTemplate("server/mail/templates/mfa.html", "email_template")
if err != nil {
return nil, err
Expand Down
4 changes: 2 additions & 2 deletions server/mail/templates/mfa.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,8 +110,8 @@
<h1>Log in to Fleet</h1>
<p>Hello <b>{{.FullName}}</b>,</p>
<p>
Please click the personalized link below to log into your
account.
Please click the link below to log into your account. This link will stay
active for {{.TTLInMinutes}} minutes.
</p>

<a
Expand Down
Loading