Make MFA session expiration configurable

config/config.example.js

@@ -113,6 +113,20 @@ module.exports = {
  */
     // maxWorkers: 4,
 
+    /* =====================
+     *       Sessions
+     * ===================== */
+
+    /*  Accounts can be protected with an OTP (One Time Password) system
+     *  to add a second authentication layer. Such accounts use a session
+     *  with a given lifetime after which they are logged out and need
+     *  to be re-authenticated. You can configure the lifetime of these
+     *  sessions here.
+     *
+     *  defaults to 7 days
+     */
+    //otpSessionExpiration: 7*24, // hours
+
     /* =====================
      *         Admin
      * ===================== */

lib/challenge-commands/totp.js

@@ -8,6 +8,7 @@ const MFA = require("../storage/mfa");
 const Sessions = require("../storage/sessions");
 const BlockStore = require("../storage/block");
 const Block = require("../commands/block");
+const config = require("../load-config");
 
 let SSOUtils; try { SSOUtils = require("../plugins/sso/sso-utils"); } catch (e) {}
 
@@ -59,9 +60,8 @@ var decode32 = S => {
 };
 
 
-// XXX Decide expire time
-// Allow user settings?
-var EXPIRATION = 7 * 24 * 3600 * 1000; // Sessions are valid 7 days
+// TODO Allow user settings?
+var EXPIRATION = (config.otpSessionExpiration || 7 * 24) * 3600 * 1000;
 
 // Create a session with a token for the given public key
 const makeSession = (Env, publicKey, oldKey, ssoSession, cb) => {

lib/http-worker.js

@@ -377,7 +377,7 @@ app.use('/block/', function (req, res, next) {
         // Same for SSO settings
         if (!SSOUtils) { return; }
         SSOUtils.readBlock(Env, name, w(function (err, content) {
-            if (err && err.code === 'ENOENT') {
+            if (err && (err.code === 'ENOENT' || err === 'ENOENT')) {
                 return;
             }
             if (err) {