4 年前 · fde00a4172
--- a/api/desecapi/tests/test_user_management.py
+++ b/api/desecapi/tests/test_user_management.py
@@ -104,9 +104,7 @@ class UserManagementTestCase(DesecTestCase, PublicSuffixMockMixin):
 
				         return email.strip(), password, self.client.register(email, password, captcha_id, captcha_solution, **kwargs)
			
 
				 
			
 
				     def login_user(self, email, password):
			
 
				-        response = self.client.login_user(email, password)
			
 
				-        token = response.data.get('token')
			
 
				-        return token, response
			
 
				+        return self.client.login_user(email, password)
			
 
				 
			
 
				     def logout(self, token):
			
 
				         return self.client.logout(token)
			
@@ -448,9 +446,11 @@ class UserManagementTestCase(DesecTestCase, PublicSuffixMockMixin):
 
				         return email, password, domain
			
 
				 
			
 
				     def _test_login(self):
			
 
				-        token, response = self.login_user(self.email, self.password)
			
 
				+        response = self.login_user(self.email, self.password)
			
 
				         self.assertLoginSuccessResponse(response)
			
 
				-        return token
			
 
				+        self.assertEqual(response.data['max_age'], '7 00:00:00')
			
 
				+        self.assertEqual(response.data['max_unused_period'], '01:00:00')
			
 
				+        return response.data['token']
			
 
				 
			
 
				     def _test_logout(self):
			
 
				         response = self.logout(self.token)
			
--- a/api/desecapi/views.py
+++ b/api/desecapi/views.py
@@ -510,7 +510,8 @@ class AccountLoginView(generics.GenericAPIView):
 
				     def post(self, request, *args, **kwargs):
			
 
				         user = self.request.user
			
 
				 
			
 
				-        token = models.Token.objects.create(user=user, name="login", perm_manage_tokens=True)
			
 
				+        token = models.Token.objects.create(user=user, name="login", perm_manage_tokens=True,
			
 
				+                                            max_age=timedelta(days=7), max_unused_period=timedelta(hours=1))
			
 
				         user_logged_in.send(sender=user.__class__, request=self.request, user=user)
			
 
				 
			
 
				         data = serializers.TokenSerializer(token, include_plain=True).data
			
--- a/webapp/src/views/Login.vue
+++ b/webapp/src/views/Login.vue
@@ -68,10 +68,11 @@
 
				               <v-layout class="justify-center">
			
 
				                 <v-checkbox
			
 
				                   v-model="useSessionStorage"
			
 
				-                  label="Keep credentials for entire browser session (session storage)"
			
 
				+                  label="Remember me during this browser session"
			
 
				                   tabindex="3"
			
 
				                 />
			
 
				               </v-layout>
			
 
				+              <p class="text-center"><strong>Note:</strong> Login sessions expire after 1 hour of inactivity, or after 7 days at the latest.</p>
			
 
				             </v-card-text>
			
 
				             <v-card-actions class="justify-center">
			
 
				               <v-btn