Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI: Show token expiring warning #23143

Merged
merged 19 commits into from
Oct 20, 2023
Merged

UI: Show token expiring warning #23143

merged 19 commits into from
Oct 20, 2023

Conversation

hashishaw
Copy link
Contributor

@hashishaw hashishaw commented Sep 18, 2023
edited
Loading

This PR addresses #20859

Currently, when a token is going to expire due to inactivity* we show a message in the user menu dropdown. However, that is not very discoverable and we should also alert the user if their token is set to expire in the main page.

This PR adds a dismissable banner if we know the token is going to expire. Clicking "Renew token" will renew the token and restart the inactivity timeout clock.

Session will expire banner

There is one limitation to this approach, which is we currently don't know if the token is at its max TTL. This should be follow-on work to show a similar message of the token will fail on the next refresh request.

*inactivity in the UI is defined as a lack of API requests. A user could be filling out a very long form, for example, and if there are no API requests (other than health and seal-status which don't count) for 3 min the user will be logged out next time the token expiration time is passed. If there are requests in that time, the UI will automatically refresh the token instead.

Replication steps

vault auth enable userpass                
vault auth tune -listing-visibility="unauth" -default-lease-ttl=6m -max-lease-ttl=15m userpass
vault write auth/userpass/users/bob password=mysecurepw

Log into UI and don't click anything or change pages. The banner should show up after about 3 minutes

@hashishaw hashishaw added the ui label Sep 18, 2023
@hashishaw hashishaw added this to the 1.16 milestone Sep 18, 2023
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Sep 18, 2023
@hashishaw hashishaw mentioned this pull request Sep 18, 2023
Closed
@github-actions
Copy link

github-actions bot commented Sep 18, 2023
edited
Loading

Build Results:
All builds succeeded! ✅

@github-actions
Copy link

github-actions bot commented Sep 18, 2023
edited
Loading

CI Results:
All Go tests succeeded! ✅

@hashishaw hashishaw enabled auto-merge (squash) September 18, 2023 22:33
@hashishaw hashishaw disabled auto-merge September 18, 2023 22:44
kiannaquach
kiannaquach approved these changes Oct 19, 2023
View reviewed changes
Copy link
Contributor

@kiannaquach kiannaquach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for tackling this Chelsea!! 🎉

@hashishaw hashishaw enabled auto-merge (squash) October 20, 2023 14:09
@hashishaw hashishaw merged commit 13523b5 into main Oct 20, 2023
68 checks passed
@hashishaw hashishaw deleted the ui/token-expiring-warning branch October 20, 2023 14:28
Merged
@glisav
Copy link

glisav commented Jul 3, 2024

Hello @hashishaw
I just had a question regarding this; if no activity after certain minutes (I think around 3 minutes) this notification will be displayed. But does it log out the user? Or it will continue to stay logged in until token expiration (if the token is not renewed anymore because of no activity) ? So, the question is: does the session terminate if no user activity?
Thanks,
Glisav

@hellobontempo
Copy link
Contributor

Hi @glisav - thank you for the question! User's are not automatically logged out due to inactivity (and you're right, inactive is 3 minutes of no user action)

This banner is to inform users the token auto-renewal the UI performs behind the scenes has stopped. If a token is renewable, the UI auto renews the lease halfway through the token's ttl. So if a token has a ttl of 4 hours the UI auto-renews the token after being logged in for 2 hours.

The UI stops this auto-renew process if a user is inactive. This allows the token to expire, which then will log the user out when the token expires. (To avoid expiration, user activity must resume or the token must be manually renewed)

@glisav
Copy link

glisav commented Jul 4, 2024

Hi @hellobontempo
Thank you for your reply :)

@glisav
Copy link

glisav commented Jul 10, 2024

@hashishaw is this inactivity time of 3 minutes configurable in Helm chart? I want to extend inactivity time and to make this banner appear after 15 minutes.

@hashishaw
Copy link
Contributor Author

@glisav no, it's not currently configurable. However, we're currently tracking requests to configure it for future feature work, so I'll add your ask to that ticket. Thanks for the feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hellobontempo hellobontempo hellobontempo left review comments

@kiannaquach kiannaquach kiannaquach approved these changes

Assignees
No one assigned
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed ui
Projects
None yet
Milestone
1.16.0-rc1
Development

Successfully merging this pull request may close these issues.
4 participants
@hashishaw @glisav @hellobontempo @kiannaquach