diff --git a/cmk/gui/message.py b/cmk/gui/message.py index 01c7c37c5a0..704f8f63817 100644 --- a/cmk/gui/message.py +++ b/cmk/gui/message.py @@ -64,14 +64,24 @@ def get_gui_messages(user_id: UserId | None = None) -> MutableSequence[Message]: path = cmk.utils.paths.profile_dir / user_id / "messages.mk" messages = store.load_object_from_file(path, default=[]) - # Delete too old messages + # Delete too old messages and update security message durations updated = False for index, message in enumerate(messages): now = time.time() valid_till = message.get("valid_till") - if valid_till is not None and valid_till < now: - messages.pop(index) - updated = True + valid_from = message.get("time") + if valid_till is not None: + if message.get("security") and active_config.user_security_notification_duration.get( + "update_existing_duration" + ): + message["valid_till"] = ( + valid_from + + active_config.user_security_notification_duration.get("max_duration") + ) + updated = True + if valid_till < now: + messages.pop(index) + updated = True if updated: save_gui_messages(messages) @@ -286,7 +296,7 @@ def _validate_msg(msg: Message, _varprefix: str) -> None: raise MKUserError("dest", _('A user with the id "%s" does not exist.') % user_id) -def _process_message_message(msg: Message) -> None: # pylint: disable=too-many-branches +def _process_message_message(msg: Message) -> None: # pylint: disable=R0912 msg["id"] = utils.gen_id() msg["time"] = time.time() diff --git a/cmk/gui/plugins/config/base.py b/cmk/gui/plugins/config/base.py index 5f629ca6158..a30546a0663 100644 --- a/cmk/gui/plugins/config/base.py +++ b/cmk/gui/plugins/config/base.py @@ -423,7 +423,12 @@ class CREConfig: # Individual changes to user's authentication security will trigger either emails or use notifications # Default is 7 days - user_security_notification_duration: int = 604800 + user_security_notification_duration: dict[str, Any] = field( + default_factory=lambda: { + "max_duration": 604800, + "update_existing_duration": False, + } + ) user_localizations: dict[str, dict[str, str]] = field( default_factory=lambda: { diff --git a/cmk/gui/user_message.py b/cmk/gui/user_message.py index d4ade542f7f..c9e8e45322d 100644 --- a/cmk/gui/user_message.py +++ b/cmk/gui/user_message.py @@ -109,6 +109,8 @@ def render_user_message_table(what: str) -> None: "delete", onclick=onclick, ) + else: + html.icon("warning", _("Cannot be deleted manually, must expire")) table.cell(_("Message"), msg) table.cell(_("Date sent"), datetime) diff --git a/cmk/gui/utils/user_security_message.py b/cmk/gui/utils/user_security_message.py index e32493e5bb9..5107832ac23 100644 --- a/cmk/gui/utils/user_security_message.py +++ b/cmk/gui/utils/user_security_message.py @@ -71,15 +71,14 @@ def _send_mail(email_address: str, event: SecurityNotificationEvent, event_time: def _send_gui(user_id: UserId, event: SecurityNotificationEvent, event_time: datetime) -> None: timestamp = int(event_time.timestamp()) - + duration = int(config.active_config.user_security_notification_duration["max_duration"]) message_gui( user_id, { "text": str(event.value), "dest": ("list", [user_id]), "methods": ["gui_hint"], - "valid_till": timestamp - + config.active_config.user_security_notification_duration, # 1 week + "valid_till": timestamp + duration, # 1 week "id": utils.gen_id(), "time": timestamp, "security": True, diff --git a/cmk/gui/wato/_check_mk_configuration.py b/cmk/gui/wato/_check_mk_configuration.py index 013e399bfa5..adf9c7f9cd2 100644 --- a/cmk/gui/wato/_check_mk_configuration.py +++ b/cmk/gui/wato/_check_mk_configuration.py @@ -2719,15 +2719,8 @@ def ident(self) -> str: return "user_security_notification_duration" def valuespec(self) -> ValueSpec: - return Optional( - valuespec=Age( - display=["days", "minutes", "hours"], - label=_("Session timeout:"), - minvalue=900, - default_value=604800, - ), + return Dictionary( title=_("User security notification duration"), - label=_("Display time for user security messages"), help=_( "If a user has an email address associated with their account, " "the user will not be shown a security notification in their user " @@ -2736,8 +2729,36 @@ def valuespec(self) -> ValueSpec: "an undismissable message in their user tab for the duration " "defined by this setting." ), + elements=[ + ( + "max_duration", + Age( + display=["days", "minutes", "hours"], + label=_("Session timeout:"), + default_value=604800, + title=_("Display time for user security messages"), + validate=self._validate_min, + ), + ), + ( + "update_existing_duration", + Checkbox( + title=_("Update existing security notifications"), + label=_("Retroactively apply max duration to existing notifications"), + help=_( + "Update existing security notifications to use the new max duration." + ), + default_value=False, + ), + ), + ], + optional_keys=[], ) + def _validate_min(self, value, varprefix): + if value < 900: + raise MKUserError(varprefix, _("The minimum duration may not be less than 15 minutes")) + class ConfigVariableDefaultUserProfile(ConfigVariable): def group(self) -> type[ConfigVariableGroup]: