From 33e7ad4b1de425a901d5ffa719592634a3bd71a8 Mon Sep 17 00:00:00 2001
From: "J. Cliff Dyer" <cdyer@edx.org>
Date: Thu, 14 Jan 2016 21:41:38 +0000
Subject: [PATCH 1/3] Create hooks to customize OAuth2 token lifetimes.

Access tokens last 30 days by default (365 days for confidential
clients).  This can be customized with django settings.  Here we provide
hooks to inject those settings from a JSON env file.

MA-1955: Allow installations to customize OAuth token expiration times
---
 lms/envs/aws.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lms/envs/aws.py b/lms/envs/aws.py
index 192163012b..609401a9f3 100644
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -601,6 +601,13 @@ if FEATURES.get('ENABLE_OAUTH2_PROVIDER'):
     OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
     OAUTH_ENFORCE_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_SECURE', True)
     OAUTH_ENFORCE_CLIENT_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_CLIENT_SECURE', True)
+    # Defaults for the following are defined in provider.constants in django-oauth2-provider
+    if 'OAUTH_EXPIRE_DELTA_DAYS' in ENV_TOKENS:
+        # Default = 365 days
+        OAUTH_EXPIRE_DELTA = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_DAYS'])
+    if 'OAUTH_EXPIRE_DELTA_PUBLIC_DAYS' in ENV_TOKENS:
+        # Default = 30 days
+        OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_PUBLIC_DAYS'])
 
 ##### ADVANCED_SECURITY_CONFIG #####
 ADVANCED_SECURITY_CONFIG = ENV_TOKENS.get('ADVANCED_SECURITY_CONFIG', {})

From a975f59850d3c68b170d15ca2f490126b22d567d Mon Sep 17 00:00:00 2001
From: "J. Cliff Dyer" <cdyer@edx.org>
Date: Fri, 22 Jan 2016 20:42:15 +0000
Subject: [PATCH 2/3] fixup: rework settings structure.

---
 lms/envs/aws.py    | 4 +---
 lms/envs/common.py | 6 +++++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lms/envs/aws.py b/lms/envs/aws.py
index 609401a9f3..f423bf60f2 100644
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -601,12 +601,10 @@ if FEATURES.get('ENABLE_OAUTH2_PROVIDER'):
     OAUTH_OIDC_ISSUER = ENV_TOKENS['OAUTH_OIDC_ISSUER']
     OAUTH_ENFORCE_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_SECURE', True)
     OAUTH_ENFORCE_CLIENT_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_CLIENT_SECURE', True)
-    # Defaults for the following are defined in provider.constants in django-oauth2-provider
+    # Defaults for the following are defined in lms.envs.common
     if 'OAUTH_EXPIRE_DELTA_DAYS' in ENV_TOKENS:
-        # Default = 365 days
         OAUTH_EXPIRE_DELTA = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_DAYS'])
     if 'OAUTH_EXPIRE_DELTA_PUBLIC_DAYS' in ENV_TOKENS:
-        # Default = 30 days
         OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_PUBLIC_DAYS'])
 
 ##### ADVANCED_SECURITY_CONFIG #####
diff --git a/lms/envs/common.py b/lms/envs/common.py
index 088779a71e..72d901a6c6 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -29,9 +29,10 @@ Longer TODO:
 # and throws spurious errors. Therefore, we disable invalid-name checking.
 # pylint: disable=invalid-name
 
+import datetime
+import imp
 import sys
 import os
-import imp
 
 from path import Path as path
 from warnings import simplefilter
@@ -444,6 +445,9 @@ OAUTH_OIDC_USERINFO_HANDLERS = (
     'oauth2_handler.UserInfoHandler'
 )
 
+OAUTH_EXPIRE_DELTA = datetime.timedelta(days=365)
+OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(days=30)
+
 ################################## TEMPLATE CONFIGURATION #####################################
 # Mako templating
 # TODO: Move the Mako templating into a different engine in TEMPLATES below.

From 2c2f5e3b468a2766b187c94763f130894f99d1ac Mon Sep 17 00:00:00 2001
From: "J. Cliff Dyer" <cdyer@edx.org>
Date: Mon, 25 Jan 2016 16:25:56 +0000
Subject: [PATCH 3/3] Improve local settings variable name.

---
 lms/envs/aws.py    | 10 ++++++----
 lms/envs/common.py |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/lms/envs/aws.py b/lms/envs/aws.py
index f423bf60f2..d21ae086b2 100644
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -602,10 +602,12 @@ if FEATURES.get('ENABLE_OAUTH2_PROVIDER'):
     OAUTH_ENFORCE_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_SECURE', True)
     OAUTH_ENFORCE_CLIENT_SECURE = ENV_TOKENS.get('OAUTH_ENFORCE_CLIENT_SECURE', True)
     # Defaults for the following are defined in lms.envs.common
-    if 'OAUTH_EXPIRE_DELTA_DAYS' in ENV_TOKENS:
-        OAUTH_EXPIRE_DELTA = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_DAYS'])
-    if 'OAUTH_EXPIRE_DELTA_PUBLIC_DAYS' in ENV_TOKENS:
-        OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(days=ENV_TOKENS['OAUTH_EXPIRE_DELTA_PUBLIC_DAYS'])
+    OAUTH_EXPIRE_DELTA = datetime.timedelta(
+        days=ENV_TOKENS.get('OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS', OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS)
+    )
+    OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(
+        days=ENV_TOKENS['OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS', OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS])
+
 
 ##### ADVANCED_SECURITY_CONFIG #####
 ADVANCED_SECURITY_CONFIG = ENV_TOKENS.get('ADVANCED_SECURITY_CONFIG', {})
diff --git a/lms/envs/common.py b/lms/envs/common.py
index 72d901a6c6..073709e8ae 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -445,8 +445,8 @@ OAUTH_OIDC_USERINFO_HANDLERS = (
     'oauth2_handler.UserInfoHandler'
 )
 
-OAUTH_EXPIRE_DELTA = datetime.timedelta(days=365)
-OAUTH_EXPIRE_DELTA_PUBLIC = datetime.timedelta(days=30)
+OAUTH_EXPIRE_CONFIDENTIAL_CLIENT_DAYS = 365
+OAUTH_EXPIRE_PUBLIC_CLIENT_DAYS = 30
 
 ################################## TEMPLATE CONFIGURATION #####################################
 # Mako templating