fix(security): Make OIDC session TTL configurable (#1280)

* fix(security): Increase session cookie from 1h to 8h

* fix(security): Make OIDC session TTL configurable

* revert accidental change

security/oidc_test.go

@@ -4,11 +4,12 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 )
 
-func TestOIDCConfig_isValid(t *testing.T) {
+func TestOIDCConfig_ValidateAndSetDefaults(t *testing.T) {
 	c := &OIDCConfig{
 		IssuerURL:       "https://sso.gatus.io/",
 		RedirectURL:     "http://localhost:80/authorization-code/callback",
@@ -16,10 +17,14 @@ func TestOIDCConfig_isValid(t *testing.T) {
 		ClientSecret:    "client-secret",
 		Scopes:          []string{"openid"},
 		AllowedSubjects: []string{"user1@example.com"},
+		SessionTTL:      0, // Not set! ValidateAndSetDefaults should set it to DefaultOIDCSessionTTL
 	}
-	if !c.isValid() {
+	if !c.ValidateAndSetDefaults() {
 		t.Error("OIDCConfig should be valid")
 	}
+	if c.SessionTTL != DefaultOIDCSessionTTL {
+		t.Error("expected SessionTTL to be set to DefaultOIDCSessionTTL")
+	}
 }
 
 func TestOIDCConfig_callbackHandler(t *testing.T) {
@@ -68,3 +73,18 @@ func TestOIDCConfig_setSessionCookie(t *testing.T) {
 		t.Error("expected cookie to be set")
 	}
 }
+
+func TestOIDCConfig_setSessionCookieWithCustomTTL(t *testing.T) {
+	customTTL := 30 * time.Minute
+	c := &OIDCConfig{SessionTTL: customTTL}
+	responseRecorder := httptest.NewRecorder()
+	c.setSessionCookie(responseRecorder, &oidc.IDToken{Subject: "test@example.com"})
+	cookies := responseRecorder.Result().Cookies()
+	if len(cookies) == 0 {
+		t.Error("expected cookie to be set")
+	}
+	sessionCookie := cookies[0]
+	if sessionCookie.MaxAge != int(customTTL.Seconds()) {
+		t.Errorf("expected cookie MaxAge to be %d, but was %d", int(customTTL.Seconds()), sessionCookie.MaxAge)
+	}
+}