From d09f9dc8a4acb0cecc0ce4ed7f518cf4f8e04ea4 Mon Sep 17 00:00:00 2001
From: Bjarke Madsen <bjarke@nordu.net>
Date: Wed, 9 Aug 2023 14:23:35 +0200
Subject: [PATCH] Make session length 7 days instead of default of 31

---
 compendium_v2/routes/authentication.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/compendium_v2/routes/authentication.py b/compendium_v2/routes/authentication.py
index f3273abe..aec7d330 100644
--- a/compendium_v2/routes/authentication.py
+++ b/compendium_v2/routes/authentication.py
@@ -1,12 +1,19 @@
-
-from flask_login import login_required, login_user, logout_user  # type: ignore
-from flask import Blueprint, url_for, redirect
+from flask_login import login_user, logout_user  # type: ignore
+from flask import Blueprint, url_for, redirect, session, current_app
+from datetime import timedelta
 from compendium_v2.auth import get_client
 from compendium_v2.auth.session_management import fetch_user, create_user
 
 routes = Blueprint('authentication', __name__)
 
 
+@routes.before_request
+def before_request():
+    # logout users if they haven't visited in 7 days (session refreshes on each visit)
+    session.permanent = True
+    current_app.permanent_session_lifetime = timedelta(days=7)
+
+
 @routes.route('/login')
 def login():
     client = get_client()
@@ -37,7 +44,6 @@ def authorize():
 
 
 @routes.route("/logout")
-@login_required
 def logout():
     # The user will be logged out of the application, but not the IDP.
     # If they visit again before their oauth token expires, they are immediately logged in.
-- 
GitLab