bump default logout from 30 days to 3 months (#3170)

* bump default logout from 30 to 365 days

* * Change cookie duration to constant
* Change cookie duration to three months

* use class

* use 90 days (otherwise login form says 91.3 days)

* change class

* also this works now

Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>

app/Controllers/configureController.php

@@ -346,7 +346,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 	 *   - user limit (default: 1)
 	 *   - user category limit (default: 16384)
 	 *   - user feed limit (default: 16384)
-	 *   - user login duration for form auth (default: 2592000)
+	 *   - user login duration for form auth (default: FreshRSS_Auth::DEFAULT_COOKIE_DURATION)
 	 *
 	 * The `force-email-validation` is ignored with PHP < 5.5
 	 */
@@ -363,7 +363,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 			$limits['max_registrations'] = Minz_Request::param('max-registrations', 1);
 			$limits['max_feeds'] = Minz_Request::param('max-feeds', 16384);
 			$limits['max_categories'] = Minz_Request::param('max-categories', 16384);
-			$limits['cookie_duration'] = Minz_Request::param('cookie-duration', 2592000);
+			$limits['cookie_duration'] = Minz_Request::param('cookie-duration', FreshRSS_Auth::DEFAULT_COOKIE_DURATION);
 			FreshRSS_Context::$system_conf->limits = $limits;
 			FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS');
 			FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false);

app/Models/Auth.php

@@ -7,6 +7,8 @@ class FreshRSS_Auth {
 	/**
 	 * Determines if user is connected.
 	 */
+	const DEFAULT_COOKIE_DURATION = 7776000;
+
 	private static $login_ok = false;
 
 	/**
@@ -261,7 +263,7 @@ class FreshRSS_FormAuth {
 		$mtime = @filemtime($token_file);
 		$conf = Minz_Configuration::get('system');
 		$limits = $conf->limits;
-		$cookie_duration = empty($limits['cookie_duration']) ? 2592000 : $limits['cookie_duration'];
+		$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
 		if ($mtime + $cookie_duration < time()) {
 			// Token has expired (> cookie_duration) or does not exist.
 			@unlink($token_file);
@@ -284,7 +286,7 @@ class FreshRSS_FormAuth {
 		}
 
 		$limits = $conf->limits;
-		$cookie_duration = empty($limits['cookie_duration']) ? 2592000 : $limits['cookie_duration'];
+		$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
 		$expire = time() + $cookie_duration;
 		Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire);
 		return $token;
@@ -305,7 +307,7 @@ class FreshRSS_FormAuth {
 	public static function purgeTokens() {
 		$conf = Minz_Configuration::get('system');
 		$limits = $conf->limits;
-		$cookie_duration = empty($limits['cookie_duration']) ? 2592000 : $limits['cookie_duration'];
+		$cookie_duration = empty($limits['cookie_duration']) ? FreshRSS_Auth::DEFAULT_COOKIE_DURATION : $limits['cookie_duration'];
 		$oldest = time() - $cookie_duration;
 		foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $file_info) {
 			$extension = $file_info->getExtension();

config.default.php

@@ -89,7 +89,7 @@ return array(
 	'limits' => array(
 
 		# Duration in seconds of the login cookie.
-		'cookie_duration' => 2592000,
+		'cookie_duration' => FreshRSS_Auth::DEFAULT_COOKIE_DURATION,
 
 		# Duration in seconds of the SimplePie cache,
 		#	during which a query to the RSS feed will return the local cached version.