From b0862bd15d2d48770d94cb5bb372f49239bb73cd Mon Sep 17 00:00:00 2001
From: Gerhard Schlager <mail@gerhard-schlager.at>
Date: Fri, 15 Feb 2019 21:11:44 +0100
Subject: [PATCH] FIX: Push notifications could fail with
 UnauthorizedRegistration

The webpush gem by default sets the expiration date of the JWT token to exactly 24 hours in the future. That's not really needed because the token isn't reused. And it might cause UnauthorizedRegistration if the server's clock isn't 100% correct, because the maximum allowed value is 24 hours.
---
 app/services/push_notification_pusher.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/services/push_notification_pusher.rb b/app/services/push_notification_pusher.rb
index 39155a771a3..a7d562f238f 100644
--- a/app/services/push_notification_pusher.rb
+++ b/app/services/push_notification_pusher.rb
@@ -1,6 +1,8 @@
 require_dependency 'webpush'
 
 class PushNotificationPusher
+  TOKEN_VALID_FOR_SECONDS ||= 5 * 60
+
   def self.push(user, payload)
     message = {
       title: I18n.t(
@@ -82,7 +84,8 @@ class PushNotificationPusher
         vapid: {
           subject: Discourse.base_url,
           public_key: SiteSetting.vapid_public_key,
-          private_key: SiteSetting.vapid_private_key
+          private_key: SiteSetting.vapid_private_key,
+          expiration: TOKEN_VALID_FOR_SECONDS
         }
       )
     rescue Webpush::ExpiredSubscription