From 043c7523acd6af5288191b15f746fc360b73ab40 Mon Sep 17 00:00:00 2001
From: Byron Jones <glob@mozilla.com>
Date: Wed, 23 Sep 2015 11:54:41 +0800
Subject: Bug 1199087 - extend 2fa protection beyond login

---
 Bugzilla/Constants.pm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Bugzilla/Constants.pm')

diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
index 59796a076..2fd6a23b1 100644
--- a/Bugzilla/Constants.pm
+++ b/Bugzilla/Constants.pm
@@ -173,6 +173,7 @@ use Memoize;
     ON_ACTIVESTATE
 
     MAX_TOKEN_AGE
+    MAX_SHORT_TOKEN_HOURS
     MAX_LOGINCOOKIE_AGE
     MAX_SUDO_TOKEN_AGE
     MAX_LOGIN_ATTEMPTS
@@ -469,6 +470,8 @@ use constant TIMETRACKING_FIELDS =>
 
 # The maximum number of days a token will remain valid.
 use constant MAX_TOKEN_AGE => 3;
+# The maximum number of hours a short-lived token will remain valid.
+use constant MAX_SHORT_TOKEN_HOURS => 1;
 # How many days a logincookie will remain valid if not used.
 use constant MAX_LOGINCOOKIE_AGE => 7;
 # How many seconds (default is 6 hours) a sudo cookie remains valid.
-- 
cgit v1.2.3-24-g4f1b