fix: elevate session on login

2026-05-06 21:42:07 +08:00 · 2026-04-12 20:08:53 +02:00
parent 530517412b
commit 624ab65742
3 changed files with 15 additions and 6 deletions
--- a/api/oidc.go
+++ b/api/oidc.go
@@ -417,10 +417,12 @@ func (a *OIDCAPI) resolveUser(info *oidc.UserInfo) (*model.User, int, error) {
 }

 func (a *OIDCAPI) createClient(name string, userID uint) (*model.Client, error) {
+	elevatedUntil := time.Now().Add(model.DefaultElevationDuration)
 	client := &model.Client{
-		Name:   name,
-		Token:  auth.GenerateNotExistingToken(generateClientToken, func(t string) bool { c, _ := a.DB.GetClientByToken(t); return c != nil }),
-		UserID: userID,
+		Name:          name,
+		Token:         auth.GenerateNotExistingToken(generateClientToken, func(t string) bool { c, _ := a.DB.GetClientByToken(t); return c != nil }),
+		UserID:        userID,
+		ElevatedUntil: &elevatedUntil,
 	}
 	return client, a.DB.CreateClient(client)
 }
--- a/api/session.go
+++ b/api/session.go
@@ -2,6 +2,7 @@ package api

 import (
 	"errors"
+	"time"

 	"github.com/gin-gonic/gin"
 	"github.com/gotify/server/v2/auth"
@@ -74,10 +75,12 @@ func (a *SessionAPI) Login(ctx *gin.Context) {
 		return
 	}

+	elevatedUntil := time.Now().Add(model.DefaultElevationDuration)
 	client := model.Client{
-		Name:   clientParams.Name,
-		Token:  auth.GenerateNotExistingToken(generateClientToken, a.clientExists),
-		UserID: user.ID,
+		Name:          clientParams.Name,
+		Token:         auth.GenerateNotExistingToken(generateClientToken, a.clientExists),
+		UserID:        user.ID,
+		ElevatedUntil: &elevatedUntil,
 	}
 	if success := successOrAbort(ctx, 500, a.DB.CreateClient(&client)); !success {
 		return