From 72cde1ee13bf3be056a7fc305d483f5aed2dc6e7 Mon Sep 17 00:00:00 2001
From: jessevz <jesse.van.zutphen@nfi.nl>
Date: Mon, 26 Jan 2026 15:34:59 +0100
Subject: [PATCH 1/2] Fix bug in user creation

---
 src/dba/models/User.class.php        | 2 +-
 src/dba/models/generator.php         | 2 +-
 src/inc/apiv2/model/users.routes.php | 1 +
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/dba/models/User.class.php b/src/dba/models/User.class.php
index ae49f9061..f71455e68 100644
--- a/src/dba/models/User.class.php
+++ b/src/dba/models/User.class.php
@@ -72,7 +72,7 @@ static function getFeatures(): array {
     $dict['isComputedPassword'] = ['read_only' => True, "type" => "bool", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "isComputedPassword", "public" => False, "dba_mapping" => False];
     $dict['lastLoginDate'] = ['read_only' => True, "type" => "int64", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "lastLoginDate", "public" => False, "dba_mapping" => False];
     $dict['registeredSince'] = ['read_only' => True, "type" => "int64", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "registeredSince", "public" => False, "dba_mapping" => False];
-    $dict['sessionLifetime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "sessionLifetime", "public" => False, "dba_mapping" => False];
+    $dict['sessionLifetime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "sessionLifetime", "public" => False, "dba_mapping" => False];
     $dict['rightGroupId'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "globalPermissionGroupId", "public" => False, "dba_mapping" => False];
     $dict['yubikey'] = ['read_only' => True, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "yubikey", "public" => False, "dba_mapping" => False];
     $dict['otp1'] = ['read_only' => True, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "otp1", "public" => False, "dba_mapping" => False];
diff --git a/src/dba/models/generator.php b/src/dba/models/generator.php
index f47b62e9b..e0f0efecf 100644
--- a/src/dba/models/generator.php
+++ b/src/dba/models/generator.php
@@ -437,7 +437,7 @@
     ['name' => 'isComputedPassword', 'read_only' => True, 'type' => 'bool', 'protected' => True,],
     ['name' => 'lastLoginDate', 'read_only' => True, 'type' => 'int64', 'protected' => True],
     ['name' => 'registeredSince', 'read_only' => True, 'type' => 'int64', 'protected' => True],
-    ['name' => 'sessionLifetime', 'read_only' => False, 'type' => 'int', 'protected' => False],
+    ['name' => 'sessionLifetime', 'read_only' => False, 'type' => 'int', 'protected' => True],
     ['name' => 'rightGroupId', 'read_only' => False, 'type' => 'int', 'alias' => 'globalPermissionGroupId', 'relation' => 'RightGroup'],
     ['name' => 'yubikey', 'read_only' => True, 'type' => 'str(256)', 'protected' => True],
     ['name' => 'otp1', 'read_only' => True, 'type' => 'str(256)', 'protected' => True],
diff --git a/src/inc/apiv2/model/users.routes.php b/src/inc/apiv2/model/users.routes.php
index 917937ca1..75cdacc89 100644
--- a/src/inc/apiv2/model/users.routes.php
+++ b/src/inc/apiv2/model/users.routes.php
@@ -95,6 +95,7 @@ function getAllPostParameters(array $features): array {
     
     $features = parent::getAllPostParameters($features);
     unset($features[User::IS_VALID]);
+    unset($features[User::SESSION_LIFETIME]);
     return $features;
   }
   

From b66052c00eef25821c9199c28506814937344d9e Mon Sep 17 00:00:00 2001
From: jessevz <jesse.van.zutphen@nfi.nl>
Date: Mon, 26 Jan 2026 16:01:13 +0100
Subject: [PATCH 2/2] Made user session lifetime configurable

---
 src/dba/models/User.class.php        | 2 +-
 src/dba/models/generator.php         | 2 +-
 src/inc/apiv2/model/users.routes.php | 1 +
 src/inc/utils/UserUtils.class.php    | 4 ++--
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/dba/models/User.class.php b/src/dba/models/User.class.php
index f71455e68..16c812510 100644
--- a/src/dba/models/User.class.php
+++ b/src/dba/models/User.class.php
@@ -72,7 +72,7 @@ static function getFeatures(): array {
     $dict['isComputedPassword'] = ['read_only' => True, "type" => "bool", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "isComputedPassword", "public" => False, "dba_mapping" => False];
     $dict['lastLoginDate'] = ['read_only' => True, "type" => "int64", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "lastLoginDate", "public" => False, "dba_mapping" => False];
     $dict['registeredSince'] = ['read_only' => True, "type" => "int64", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "registeredSince", "public" => False, "dba_mapping" => False];
-    $dict['sessionLifetime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "sessionLifetime", "public" => False, "dba_mapping" => False];
+    $dict['sessionLifetime'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => True, "pk" => False, "protected" => False, "private" => False, "alias" => "sessionLifetime", "public" => False, "dba_mapping" => False];
     $dict['rightGroupId'] = ['read_only' => False, "type" => "int", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => False, "private" => False, "alias" => "globalPermissionGroupId", "public" => False, "dba_mapping" => False];
     $dict['yubikey'] = ['read_only' => True, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "yubikey", "public" => False, "dba_mapping" => False];
     $dict['otp1'] = ['read_only' => True, "type" => "str(256)", "subtype" => "unset", "choices" => "unset", "null" => False, "pk" => False, "protected" => True, "private" => False, "alias" => "otp1", "public" => False, "dba_mapping" => False];
diff --git a/src/dba/models/generator.php b/src/dba/models/generator.php
index e0f0efecf..f47b62e9b 100644
--- a/src/dba/models/generator.php
+++ b/src/dba/models/generator.php
@@ -437,7 +437,7 @@
     ['name' => 'isComputedPassword', 'read_only' => True, 'type' => 'bool', 'protected' => True,],
     ['name' => 'lastLoginDate', 'read_only' => True, 'type' => 'int64', 'protected' => True],
     ['name' => 'registeredSince', 'read_only' => True, 'type' => 'int64', 'protected' => True],
-    ['name' => 'sessionLifetime', 'read_only' => False, 'type' => 'int', 'protected' => True],
+    ['name' => 'sessionLifetime', 'read_only' => False, 'type' => 'int', 'protected' => False],
     ['name' => 'rightGroupId', 'read_only' => False, 'type' => 'int', 'alias' => 'globalPermissionGroupId', 'relation' => 'RightGroup'],
     ['name' => 'yubikey', 'read_only' => True, 'type' => 'str(256)', 'protected' => True],
     ['name' => 'otp1', 'read_only' => True, 'type' => 'str(256)', 'protected' => True],
diff --git a/src/inc/apiv2/model/users.routes.php b/src/inc/apiv2/model/users.routes.php
index 75cdacc89..f117f8ffe 100644
--- a/src/inc/apiv2/model/users.routes.php
+++ b/src/inc/apiv2/model/users.routes.php
@@ -86,6 +86,7 @@ protected function createObject($data): int {
       $data[User::RIGHT_GROUP_ID],
       $this->getCurrentUser(),
       $data[User::IS_VALID] ?? false,
+      $data[User::SESSION_LIFETIME] ?? 3600
     );
     
     return $user->getId();
diff --git a/src/inc/utils/UserUtils.class.php b/src/inc/utils/UserUtils.class.php
index d6f7fcd78..824ac1f16 100644
--- a/src/inc/utils/UserUtils.class.php
+++ b/src/inc/utils/UserUtils.class.php
@@ -186,7 +186,7 @@ public static function setPassword($userId, $password, $adminUser) {
    * @throws HttpConflict
    * @throws HttpError
    */
-  public static function createUser(string $username, string $email, int $rightGroupId, User $adminUser, bool $isValid = true): User {
+  public static function createUser(string $username, string $email, int $rightGroupId, User $adminUser, bool $isValid = true, int $session_lifetime=3600): User {
     $username = htmlentities($username, ENT_QUOTES, "UTF-8");
     $group = AccessControlUtils::getGroup($rightGroupId);
     if (!filter_var($email, FILTER_VALIDATE_EMAIL) || strlen($email) == 0) {
@@ -206,7 +206,7 @@ public static function createUser(string $username, string $email, int $rightGro
     $newPass = Util::randomString(10);
     $newSalt = Util::randomString(20);
     $newHash = Encryption::passwordHash($newPass, $newSalt);
-    $user = new User(null, $username, $email, $newHash, $newSalt, $isValid ? 1: 0, 1, 0, time(), 3600, $group->getId(), 0, "", "", "", "");
+    $user = new User(null, $username, $email, $newHash, $newSalt, $isValid ? 1: 0, 1, 0, time(), $session_lifetime, $group->getId(), 0, "", "", "", "");
     Factory::getUserFactory()->save($user);
     
     // add user to default group