diff --git a/CHANGELOG.md b/CHANGELOG.md index a638ec4ae9..d8b2227f02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). - #3054, Fix not allowing special characters in JSON keys - @laurenceisla - #2344, Replace JSON parser error with a clearer generic message - @develop7 + - #3100, Add missing in-database configuration option for `jwt-cache-max-lifetime` - @laurenceisla ## [12.0.0] - 2023-12-01 diff --git a/src/PostgREST/Config/Database.hs b/src/PostgREST/Config/Database.hs index 697d06cee4..8180975fe7 100644 --- a/src/PostgREST/Config/Database.hs +++ b/src/PostgREST/Config/Database.hs @@ -60,6 +60,7 @@ dbSettingsNames = ,"jwt_role_claim_key" ,"jwt_secret" ,"jwt_secret_is_base64" + ,"jwt_cache_max_lifetime" ,"openapi_mode" ,"openapi_security_active" ,"openapi_server_proxy_uri" diff --git a/test/io/configs/expected/no-defaults-with-db-other-authenticator.config b/test/io/configs/expected/no-defaults-with-db-other-authenticator.config index b8d0b018b0..b33a0a34ea 100644 --- a/test/io/configs/expected/no-defaults-with-db-other-authenticator.config +++ b/test/io/configs/expected/no-defaults-with-db-other-authenticator.config @@ -22,7 +22,7 @@ jwt-aud = "https://otherexample.org" jwt-role-claim-key = ".\"other\".\"pre_config_role\"" jwt-secret = "ODERREALLYREALLYREALLYREALLYVERYSAFE" jwt-secret-is-base64 = true -jwt-cache-max-lifetime = 86400 +jwt-cache-max-lifetime = 7200 log-level = "info" openapi-mode = "disabled" openapi-security-active = false diff --git a/test/io/configs/expected/no-defaults-with-db.config b/test/io/configs/expected/no-defaults-with-db.config index 2cb69cb722..d1fd38c87a 100644 --- a/test/io/configs/expected/no-defaults-with-db.config +++ b/test/io/configs/expected/no-defaults-with-db.config @@ -22,7 +22,7 @@ jwt-aud = "https://example.org" jwt-role-claim-key = ".\"a\".\"role\"" jwt-secret = "OVERRIDE=REALLY=REALLY=REALLY=REALLY=VERY=SAFE" jwt-secret-is-base64 = false -jwt-cache-max-lifetime = 86400 +jwt-cache-max-lifetime = 3600 log-level = "info" openapi-mode = "ignore-privileges" openapi-security-active = true diff --git a/test/io/db_config.sql b/test/io/db_config.sql index 265b403178..65380590ef 100644 --- a/test/io/db_config.sql +++ b/test/io/db_config.sql @@ -6,6 +6,7 @@ ALTER ROLE db_config_authenticator SET pgrst.openapi_server_proxy_uri = 'https:/ ALTER ROLE db_config_authenticator SET pgrst.jwt_secret = 'REALLY=REALLY=REALLY=REALLY=VERY=SAFE'; ALTER ROLE db_config_authenticator SET pgrst.jwt_secret_is_base64 = 'false'; ALTER ROLE db_config_authenticator SET pgrst.jwt_role_claim_key = '."a"."role"'; +ALTER ROLE db_config_authenticator SET pgrst.jwt_cache_max_lifetime = '3600'; ALTER ROLE db_config_authenticator SET pgrst.db_aggregates_enabled = 'false'; ALTER ROLE db_config_authenticator SET pgrst.db_anon_role = 'anonymous'; ALTER ROLE db_config_authenticator SET pgrst.db_tx_end = 'commit-allow-override'; @@ -54,6 +55,7 @@ ALTER ROLE other_authenticator SET pgrst.jwt_aud = 'https://otherexample.org'; ALTER ROLE other_authenticator SET pgrst.openapi_server_proxy_uri = 'https://otherexample.org/api'; ALTER ROLE other_authenticator SET pgrst.jwt_secret = 'ODERREALLYREALLYREALLYREALLYVERYSAFE'; ALTER ROLE other_authenticator SET pgrst.jwt_secret_is_base64 = 'true'; +ALTER ROLE other_authenticator SET pgrst.jwt_cache_max_lifetime = '7200'; ALTER ROLE other_authenticator SET pgrst.db_aggregates_enabled = 'false'; ALTER ROLE other_authenticator SET pgrst.db_schemas = 'test, other_tenant1, other_tenant2'; ALTER ROLE other_authenticator SET pgrst.db_root_spec = 'other_root';