From 33d16910cf7ea5cadbdfdb7083247727c9971cb8 Mon Sep 17 00:00:00 2001
From: Alex Swindler <alex.swindler@nrel.gov>
Date: Tue, 17 Sep 2024 21:11:47 -0700
Subject: [PATCH] Added `COOKIE_EXPIRATION` environment variable (#4801)

Added COOKIE_EXPIRATION environment variable

Co-authored-by: Katherine Fleming <2205659+kflemin@users.noreply.github.com>
---
 config/settings/common.py             | 10 ++--------
 deploy.sh                             |  4 +++-
 docker-compose.local.yml              |  1 +
 docker-compose.yml                    |  1 +
 docs/source/docker.rst                |  3 +++
 docs/source/kubernetes_deployment.rst |  2 ++
 6 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/config/settings/common.py b/config/settings/common.py
index 81d36d8be0..4178b7d069 100644
--- a/config/settings/common.py
+++ b/config/settings/common.py
@@ -15,16 +15,8 @@
 
 PROTOCOL = os.environ.get("PROTOCOL", "https")
 
-SESSION_COOKIE_DOMAIN = None
-SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 DATA_UPLOAD_MAX_MEMORY_SIZE = None
 
-# TODO: remove managers, admins in config files.
-ADMINS = (
-    # ('Your Name', 'your_email@domain.com'),
-)
-MANAGERS = ADMINS
-
 # See: https://docs.djangoproject.com/en/dev/ref/settings/#wsgi-application
 WSGI_APPLICATION = "config.wsgi.application"
 
@@ -43,6 +35,8 @@
 SECRET_KEY = os.environ.get("SECRET_KEY", "default-ns=nb-w)#2ue-mtu!s&2krzfee1-t)^z7y8gyrp6mx^d*weifh")
 
 SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
+# Default to expiring cookies after 2 weeks
+SESSION_COOKIE_AGE = int(os.environ.get("COOKIE_EXPIRATION", 1_209_600))
 
 TEMPLATES = [
     {
diff --git a/deploy.sh b/deploy.sh
index 71c46644f7..2394e83641 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -22,9 +22,10 @@ SEED_ADMIN_PASSWORD (required), admin password for SEED
 SEED_ADMIN_ORG (required), default organization for admin user in SEED
 SECRET_KEY (required), unique key for SEED web application
 AWS_ACCESS_KEY_ID (optional), Access key for AWS
-AWS_SECRET_ACCESS_KEY, Secret key for AWS
+AWS_SECRET_ACCESS_KEY (optional), Secret key for AWS
 AWS_SES_REGION_NAME (optional), AWS Region for SES
 AWS_SES_REGION_ENDPOINT (optional), AWS endpoint for SES
+COOKIE_EXPIRATION (optional), Time in seconds that a session should be valid
 SERVER_EMAIL (optional), Email that is used by the server to send messages
 SENTRY_JS_DSN (optional), Sentry JavaScript DSN
 SENTRY_RAVEN_DSN (optional), Sentry Django DSN (Raven-based)
@@ -42,6 +43,7 @@ export AWS_ACCESS_KEY_ID=key
 export AWS_SECRET_ACCESS_KEY=secret_key
 export AWS_SES_REGION_NAME=us-west-2
 export AWS_SES_REGION_ENDPOINT=email.us-west-2.amazonaws.com
+export COOKIE_EXPIRATION=1209600
 export SERVER_EMAIL=info@seed-platform.org
 export SENTRY_JS_DSN=https://bcde@sentry.io/123456789
 export SENTRY_RAVEN_DSN=https://abcd:1234@sentry.io/123456789
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 445d07d667..18f1d25a9c 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -68,6 +68,7 @@ services:
       - SEED_ADMIN_PASSWORD
       - SEED_ADMIN_ORG
       - SECRET_KEY
+      - COOKIE_EXPIRATION
       # Pass the Sentry config to the containers
       - SENTRY_RAVEN_DSN
       - SENTRY_JS_DSN
diff --git a/docker-compose.yml b/docker-compose.yml
index 4a61e78bce..87deb13271 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -43,6 +43,7 @@ services:
       - SEED_ADMIN_PASSWORD=super-secret-password
       - SEED_ADMIN_ORG=default
       - SECRET_KEY=ARQV8qGuJKH8sGnBf6ZeEdJQRKLTUhsvEcp8qG9X9sCPXvGLhdxqnNXpZcy6HEyf
+      - COOKIE_EXPIRATION
       - DJANGO_SETTINGS_MODULE=config.settings.docker
       - NGINX_LISTEN_OPTS="http2"
       # Sentry configuration if you want to use it (make sure to enable on web-celery container too)
diff --git a/docs/source/docker.rst b/docs/source/docker.rst
index a0208c345b..00b0a5e47c 100644
--- a/docs/source/docker.rst
+++ b/docs/source/docker.rst
@@ -89,6 +89,9 @@ Ubuntu server 18.04 or newer with a m5ad.xlarge (if using in Production instance
     export AWS_SES_REGION_ENDPOINT=email.us-west-2.amazonaws.com
     export SERVER_EMAIL=user@seed-platform.org
 
+    # For custom cookie validity duration
+    export COOKIE_EXPIRATION=1209600
+
 
 * Before launching the first time, make sure the persistent volumes and the backup directory exist.
 
diff --git a/docs/source/kubernetes_deployment.rst b/docs/source/kubernetes_deployment.rst
index 3f70fdc154..e39bec961f 100644
--- a/docs/source/kubernetes_deployment.rst
+++ b/docs/source/kubernetes_deployment.rst
@@ -124,6 +124,8 @@ This chart contains the deployment specification for the SEED web container.  Re
           value: <super-secret-password>
         - name: SEED_ADMIN_USER
           value: <user@seed-platform.org>
+        - name: COOKIE_EXPIRATION
+          value: 1209600
         # Postgres variables
         - name: POSTGRES_DB
           value: seed