From 1bd589d66f75a15026a809bc4fe7206f9ca7f41f Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Mon, 21 Aug 2017 12:11:55 +0200
Subject: [PATCH] Fix meta lifetime.

---
 ssoauth/app_settings/__init__.py | 4 +++-
 ssoauth/app_settings/defaults.py | 9 ++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/ssoauth/app_settings/__init__.py b/ssoauth/app_settings/__init__.py
index f8b66c8..b00d50e 100644
--- a/ssoauth/app_settings/__init__.py
+++ b/ssoauth/app_settings/__init__.py
@@ -1,6 +1,7 @@
 from onelogin.saml2 import settings as onelogin_settings
 from .defaults import *
 from django import conf
+from datetime import datetime, timedelta
 
 
 # merge defaults with customized user settings
@@ -87,7 +88,8 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         "wantNameIdEncrypted": False,
         "wantAssertionsEncrypted": True,
         "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
-        "metadataCacheDuration": SP_METADATA_LIFETIME,
+        "metadataCacheDuration": "P{n}D".format(n=SP_METADATA_LIFETIME_DAYS),
+        "metadataValidUntil": (datetime.now() + timedelta(days=SP_METADATA_LIFETIME_DAYS)).strftime('%Y-%m-%dT%H:%M:%S.%fZ')
     },
     "contactPerson": SP_CONTACTS,
     "organization": SP_ORGANIZATION,
diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index e4f2b19..b62f97d 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -9,7 +9,7 @@ If you want to change something:
 
 
 """
-Settings you want to change:
+Settings you may want to change:
 """
 
 # host and port, not what Django thinks, but what nginx serves
@@ -18,6 +18,8 @@ SP_PORT = 443
 
 IDP_META_URL = "https://idp.hs-hannover.de/idp/shibboleth"  # test is "https://idp-test.it.hs-hannover.de/idp/shibboleth"
 
+SP_KEY = "{project_settings}/cert/sp.key"
+SP_CERT = "{project_settings}/cert/sp.pem"
 
 """
 Settings you DON'T want to change (in fact, you want to avoid even thinking about them):
@@ -25,10 +27,7 @@ Settings you DON'T want to change (in fact, you want to avoid even thinking abou
 
 IDP_REQUIRED = True  # die on start if cannot find IDP or parse its meta
 
-SP_KEY = "{project_settings}/cert/sp.key"
-SP_CERT = "{project_settings}/cert/sp.pem"
-
-SP_METADATA_LIFETIME = "P20Y"  # "P7D"-like (https://www.w3.org/TR/xmlschema-2/#duration)
+SP_METADATA_LIFETIME_DAYS = 365 * 20
 
 # if you really really need to add/modify something in OneLogin settings, add it to ONELOGIN_OVERRIDES
 ONELOGIN_OVERRIDES = {}  # e.g.: ONELOGIN_OVERRIDES = { "strict": False }
-- 
GitLab