Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 10:50:21 +08:00
Code Packages Activity Actions 9

FIX: Push notifications could fail with UnauthorizedRegistration

Browse source 
The webpush gem by default sets the expiration date of the JWT token to exactly 24 hours in the future. That's not really needed because the token isn't reused. And it might cause UnauthorizedRegistration if the server's clock isn't 100% correct, because the maximum allowed value is 24 hours.
This commit is contained in:
Gerhard Schlager 2019-02-15 21:11:44 +01:00
parent 17f1a76570
commit b0862bd15d
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/services/push_notification_pusher.rb
View file

@ -1,6 +1,8 @@
require_dependency 'webpush' require_dependency 'webpush'
class PushNotificationPusher class PushNotificationPusher
TOKEN_VALID_FOR_SECONDS ||= 5 * 60
def self.push(user, payload) def self.push(user, payload)
message = { message = {
title: I18n.t( title: I18n.t(
@ -82,7 +84,8 @@ class PushNotificationPusher
vapid: { vapid: {
subject: Discourse.base_url, subject: Discourse.base_url,
public_key: SiteSetting.vapid_public_key, public_key: SiteSetting.vapid_public_key,
private_key: SiteSetting.vapid_private_key private_key: SiteSetting.vapid_private_key,
expiration: TOKEN_VALID_FOR_SECONDS
} }
) )
rescue Webpush::ExpiredSubscription rescue Webpush::ExpiredSubscription