Merge pull request #888 from pradnya-orchestral/OWASP_timeInactivity

If User is inactive for longer time the user should get logout from application
StackStorm · Jun 11, 2021 · f3361a0 · f3361a0
2 parents 7205c66 + bb970a9
commit f3361a0
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/config.js b/config.js
@@ -23,7 +23,8 @@ angular.module('main')
     // render and likely freeze the browser window for deeply nested JSON object results.
     // Value is in bytes.
     // max_execution_result_size_for_render: 200 * 1024,
-    //
+    // set application inactivity time default for 2 hr, here it is in seconds.
+    // application_inactivity_time : 7200,
     // Set to true to display StackStorm and st2web version in the header
     //show_version_in_header: false;
 

diff --git a/modules/st2-menu/menu.component.js b/modules/st2-menu/menu.component.js
@@ -22,6 +22,7 @@ import api from '@stackstorm/module-api';
 import Link from '@stackstorm/module-router/link.component';
 
 import componentStyle from './style.css';
+const APPLICATION_INACTIVITY_TIME = 7200; // 2 hr time here it is in seconds
 
 class Icon extends React.Component {
   static propTypes = {
@@ -63,17 +64,42 @@ export default class Menu extends React.Component {
     style: componentStyle,
   }
 
-  componentDidMount() {
+  componentDidMount () {
+    this.idleLogout();
     window.addEventListener('storage', this.storageChange());
-  }
 
+  }
+
   componentWillUnmount() {
     window.removeEventListener('storage',this.storageChange());
   }
 
   docsLink = 'https://docs.stackstorm.com/'
   supportLink = 'https://forum.stackstorm.com/'
 
+  idleLogout() {
+    let t;
+    window.onload = resetTimer;
+    window.onmousemove = resetTimer;
+    window.onmousedown = resetTimer;  // catches touchscreen presses as well      
+    window.ontouchstart = resetTimer; // catches touchscreen swipes as well 
+    window.onclick = resetTimer;      // catches touchpad clicks as well
+    window.onkeydown = resetTimer;   
+    window.addEventListener('scroll', resetTimer, true); 
+
+    function logoutFunction() {
+      // your logout code for too long inactivity goes here
+      api.disconnect();
+      window.location.reload();
+    }
+
+    function resetTimer() {
+      window.clearTimeout(t);
+      const millisecondTime =  window.st2constants.st2Config.application_inactivity_time * 1000 || APPLICATION_INACTIVITY_TIME * 1000;
+      t = window.setTimeout(logoutFunction, millisecondTime);  // time is in milliseconds,application will logout after 2 hr. We can set whatever time we want.
+    }
+  }
+
   storageChange () {
     window.addEventListener('storage', (event) => {
       if (event.key === 'logged_in' && (event.oldValue !== event.newValue)) {