github-starred/flowsint
2
0
Fork 0
mirror of https://github.com/reconurge/flowsint.git synced 2026-05-07 12:26:24 -05:00
Code Issues 264 Packages Projects Releases 11 Wiki Activity

[PR #135] Security: Excessively long JWT access token lifetime #843

New Issue
Open
opened 2026-04-24 17:49:43 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-24 17:49:43 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/reconurge/flowsint/pull/135
Author: @tuanaiseo
Created: 4/7/2026
Status: 🔄 Open

Base: mainHead: contribai/fix/security/excessively-long-jwt-access-token-lifeti

📝 Commits (1)

  • 2dc267f fix(security): excessively long jwt access token lifetime

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 flowsint-core/src/flowsint_core/core/auth.py (+1 -1)

📄 Description

Problem

ACCESS_TOKEN_EXPIRE_MINUTES is set to 60 * 60 (3600 minutes = 60 hours). Long-lived bearer tokens significantly increase impact of token theft and replay.

Severity: medium
File: flowsint-core/src/flowsint_core/core/auth.py

Solution

Reduce access-token TTL (commonly 5–30 minutes), issue refresh tokens separately, and rotate/revoke tokens on sensitive events.

Changes

  • flowsint-core/src/flowsint_core/core/auth.py (modified)

Testing

  • Existing tests pass
  • Manual review completed
  • No new warnings/errors introduced

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/reconurge/flowsint/pull/135 **Author:** [@tuanaiseo](https://github.com/tuanaiseo) **Created:** 4/7/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `contribai/fix/security/excessively-long-jwt-access-token-lifeti` --- ### 📝 Commits (1) - [`2dc267f`](https://github.com/reconurge/flowsint/commit/2dc267f52afb9bf56a7af9c358c44ddecee7035e) fix(security): excessively long jwt access token lifetime ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `flowsint-core/src/flowsint_core/core/auth.py` (+1 -1) </details> ### 📄 Description ## Problem `ACCESS_TOKEN_EXPIRE_MINUTES` is set to `60 * 60` (3600 minutes = 60 hours). Long-lived bearer tokens significantly increase impact of token theft and replay. **Severity**: `medium` **File**: `flowsint-core/src/flowsint_core/core/auth.py` ## Solution Reduce access-token TTL (commonly 5–30 minutes), issue refresh tokens separately, and rotate/revoke tokens on sensitive events. ## Changes - `flowsint-core/src/flowsint_core/core/auth.py` (modified) ## Testing - [ ] Existing tests pass - [ ] Manual review completed - [ ] No new warnings/errors introduced --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-24 17:49:43 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
documentation
enhancement
pull-request
Mirrored from GitHub Pull Request
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/flowsint#843
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?