Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Push notifications could fail with UnauthorizedRegistration 

The webpush gem by default sets the expiration date of the JWT token to exactly 24 hours in the future. That's not really needed because the token isn't reused. And it might cause UnauthorizedRegistration if the server's clock isn't 100% correct, because the maximum allowed value is 24 hours.
This commit is contained in:
Gerhard Schlager 2019-02-15 21:11:44 +01:00
parent 17f1a76570
commit b0862bd15d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/services/push_notification_pusher.rb
View File

@ -1,6 +1,8 @@
require_dependency 'webpush'
class PushNotificationPusher
TOKEN_VALID_FOR_SECONDS ||= 5 * 60
def self.push(user, payload)
message = {
title: I18n.t(
@ -82,7 +84,8 @@ class PushNotificationPusher
vapid: {
subject: Discourse.base_url,
public_key: SiteSetting.vapid_public_key,
private_key: SiteSetting.vapid_private_key
private_key: SiteSetting.vapid_private_key,
expiration: TOKEN_VALID_FOR_SECONDS
}
)
rescue Webpush::ExpiredSubscription