FR: Can I set a default days expiration to minutes?

pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

https://docs.pwpush.com

Apache License 2.0

1.98k stars 343 forks source link

FR: Can I set a default days expiration to minutes? #553

Open weyderfs opened 1 year ago

weyderfs commented 1 year ago

Checklist

[x] I've searched the project's issues.
[x] I've searched the project's discussions.

❓ Question

Due to internal rules here at the company, I would like to know if there is a way to change the password expiration from days to minutes?

github-actions[bot] commented 1 year ago

Hello @weyderfs, thanks for contributing to the Password Pusher community! We will respond as soon as possible.

pglombardo commented 1 year ago

Not currently but the ability can be added. How many minutes would you need to set it to? Curious to know what a policy might look like...

weyderfs commented 1 year ago

Not currently but the ability can be added. How many minutes would you need to set it to? Curious to know what a policy might look like...

Hi @pglombardo, thanks for reply. About your question, I take in mind something like that:

PWP__EXPIRE_AFTER_MINUTES_MIN: 15 minutes
PWP__EXPIRE_AFTER_MINUTES_MAX: 1 hour

Actually I have been set the definitions in environment variables, because I'm using AWS EKS.

weyderfs commented 1 year ago

@pglombardo Does my explanation make sense? Is the effort too high to implement?

pglombardo commented 1 year ago

It makes perfect sense and is a fair request. Apologies that I didn't get back to you.

I agree that this would be a good addition and I'd like to add it eventually.

The additional work it creates is large though:

need to consider lazy expiration versus active expiration (e.g. rake daily_expiration)
possibly add a background job server (additional container) to schedule pushes that need to be expired
how to update/change the form sliders (for password, file and url pushes)
update the push models to consider values < 1 day for expiration calculations
update the JSON API in a way that doesn't break existing tools
Add new environment variables and update documentation
update pwpush CLI tool & alfred workflow

Not impossible just a bit of work that I have to tackle when the time is right.

Currently I'm on a couple other tasks but if/when I add this, I'll use this issue to track.

Apologies that it's not a simple task. I agree it would be a good addition/change.

pglombardo commented 4 months ago

Hi @weyderfs - just an update that this is in progress.

pwpush in minutes 2024-04-18 18 03 49

weyderfs commented 4 months ago

Hi @weyderfs - just an update that this is in progress.

Funny how things work out. I was just mentioning Password Pusher in a conversation at work today.

Loiseau2nuit commented 3 days ago

Hi there ! We add our voices to that feature request be implemented in the on premise version, as we have quite similar rules here. Anyway, thanks, already, for all the job done :)