Increase state token TTLs. Potential fix for #4.

Emzi0767 · Sep 30, 2020 · 9bb5f8c · 9bb5f8c
1 parent 1e3e040
commit 9bb5f8c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/src/cache/RosettaCTF.Cache.Redis/RedisMfaStateRepository.cs b/src/cache/RosettaCTF.Cache.Redis/RedisMfaStateRepository.cs
@@ -39,8 +39,8 @@ public async Task<string> GenerateStateAsync(string remoteAddress, ActionToken s
             var state = Guid.NewGuid().ToString();
             var tkstring = serverToken.ExportString();
 
-            await this.Redis.CreateTemporaryValueAsync(remoteAddress, TimeSpan.FromMinutes(2), MfaKey, state);
-            await this.Redis.CreateTemporaryValueAsync(tkstring, TimeSpan.FromMinutes(2), MfaKey, state, MfaTokenKey);
+            await this.Redis.CreateTemporaryValueAsync(remoteAddress, TimeSpan.FromMinutes(5), MfaKey, state);
+            await this.Redis.CreateTemporaryValueAsync(tkstring, TimeSpan.FromMinutes(5), MfaKey, state, MfaTokenKey);
             return MfaPrefix + state;
         }
 

diff --git a/src/cache/RosettaCTF.Cache.Redis/RedisOAuthStateRepository.cs b/src/cache/RosettaCTF.Cache.Redis/RedisOAuthStateRepository.cs
@@ -39,8 +39,8 @@ public async Task<string> GenerateStateAsync(string remoteAddress, ActionToken s
             var state = Guid.NewGuid().ToString();
             var tkstring = serverToken.ExportString();
 
-            await this.Redis.CreateTemporaryValueAsync(remoteAddress, TimeSpan.FromMinutes(2), OAuthKey, state);
-            await this.Redis.CreateTemporaryValueAsync(tkstring, TimeSpan.FromMinutes(2), OAuthKey, state, OAuthTokenKey);
+            await this.Redis.CreateTemporaryValueAsync(remoteAddress, TimeSpan.FromMinutes(5), OAuthKey, state);
+            await this.Redis.CreateTemporaryValueAsync(tkstring, TimeSpan.FromMinutes(5), OAuthKey, state, OAuthTokenKey);
             return OAuthPrefix + state;
         }