disallow 0 max ttl

Author: david-crespo

nexus/db-model/src/silo_settings.rs

@@ -57,7 +57,9 @@ pub struct SiloSettingsUpdate {
 impl From<params::SiloSettingsUpdate> for SiloSettingsUpdate {
     fn from(params: params::SiloSettingsUpdate) -> Self {
         Self {
-            device_token_max_ttl_seconds: params.device_token_max_ttl_seconds,
+            device_token_max_ttl_seconds: params
+                .device_token_max_ttl_seconds
+                .map(|ttl| ttl.get().into()),
             time_modified: Utc::now(),
         }
     }

nexus/tests/integration_tests/device_auth.rs

@@ -2,12 +2,16 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
+use std::num::NonZeroU32;
+
 use dropshot::test_util::ClientTestContext;
 use nexus_auth::authn::USER_TEST_UNPRIVILEGED;
 use nexus_db_queries::db::fixed_data::silo::DEFAULT_SILO;
 use nexus_db_queries::db::identity::{Asset, Resource};
 use nexus_test_utils::http_testing::TestResponse;
-use nexus_test_utils::resource_helpers::{object_get, object_put};
+use nexus_test_utils::resource_helpers::{
+    object_get, object_put, object_put_error,
+};
 use nexus_test_utils::{
     http_testing::{AuthnMode, NexusRequest, RequestBuilder},
     resource_helpers::grant_iam,
@@ -245,9 +249,8 @@ async fn get_device_token(testctx: &ClientTestContext) -> String {
     token.access_token
 }
 
-/// similar to the above except happy path only, focused on expiration
 #[nexus_test]
-async fn test_device_auth_expiration(cptestctx: &ControlPlaneTestContext) {
+async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
     let testctx = &cptestctx.external_client;
 
     let settings: views::SiloSettings =
@@ -263,11 +266,26 @@ async fn test_device_auth_expiration(cptestctx: &ControlPlaneTestContext) {
         .await
         .expect("initial token should work");
 
+    //  passing negative or zero gives a 400
+    for value in [-3, 0] {
+        let error = object_put_error(
+            testctx,
+            "/v1/settings",
+            &serde_json::json!({ "device_token_max_ttl_seconds": value }),
+            StatusCode::BAD_REQUEST,
+        )
+        .await;
+        let msg = "unable to parse JSON body: device_token_max_ttl_seconds: invalid value";
+        assert!(error.message.starts_with(&msg));
+    }
+
     // set token expiration on silo to 3 seconds
     let settings: views::SiloSettings = object_put(
         testctx,
         "/v1/settings",
-        &params::SiloSettingsUpdate { device_token_max_ttl_seconds: Some(3) },
+        &params::SiloSettingsUpdate {
+            device_token_max_ttl_seconds: NonZeroU32::new(3),
+        },
     )
     .await;
 

nexus/types/src/external_api/params.rs

@@ -28,6 +28,7 @@ use serde::{
 use std::collections::BTreeMap;
 use std::collections::BTreeSet;
 use std::collections::HashMap;
+use std::num::NonZeroU32;
 use std::{net::IpAddr, str::FromStr};
 use url::Url;
 use uuid::Uuid;
@@ -490,12 +491,12 @@ pub struct SiloQuotasUpdate {
 // was discussed.
 
 /// Updateable properties of a silo's settings.
-/// If a value is omitted it will not be updated.
 #[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)]
 pub struct SiloSettingsUpdate {
     /// Maximum lifetime of a device token in seconds. If unset (or set to
     /// null), users will be able to create tokens that do not expire.
-    pub device_token_max_ttl_seconds: Option<i64>,
+    #[schemars(range(min = 1))]
+    pub device_token_max_ttl_seconds: Option<NonZeroU32>,
 }
 
 /// Create-time parameters for a `User`

openapi/nexus.json

@@ -22889,14 +22889,15 @@
         ]
       },
       "SiloSettingsUpdate": {
-        "description": "Updateable properties of a silo's settings. If a value is omitted it will not be updated.",
+        "description": "Updateable properties of a silo's settings.",
         "type": "object",
         "properties": {
           "device_token_max_ttl_seconds": {
             "nullable": true,
             "description": "Maximum lifetime of a device token in seconds. If unset (or set to null), users will be able to create tokens that do not expire.",
             "type": "integer",
-            "format": "int64"
+            "format": "uint32",
+            "minimum": 1
           }
         }
       },

schema/crdb/dbinit.sql

@@ -1071,7 +1071,7 @@ CREATE TABLE IF NOT EXISTS omicron.public.silo_settings (
     time_modified TIMESTAMPTZ NOT NULL,
 
     -- null means no max: users can tokens that never expire
-    device_token_max_ttl_seconds INT8
+    device_token_max_ttl_seconds INT8 CHECK (device_token_max_ttl_seconds > 0)
 );
 /*
  * Projects

schema/crdb/silo-settings-token-expiration/up01.sql

@@ -4,5 +4,5 @@ CREATE TABLE IF NOT EXISTS omicron.public.silo_settings (
     time_modified TIMESTAMPTZ NOT NULL,
 
     -- null means no max: users can tokens that never expire
-    device_token_max_ttl_seconds INT8
+    device_token_max_ttl_seconds INT8 CHECK (device_token_max_ttl_seconds > 0)
 );