diff --git a/CHANGES.md b/CHANGES.md index e1655b069..1eff76d71 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,6 +1,8 @@ + # Version 1.1.2 ## Changes - Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763) +- Fix session expiration, and expired session deletion [#4739](https://github.com/appwrite/appwrite/pull/4739) # Version 1.1.1 ## Bugs diff --git a/app/init.php b/app/init.php index 3d24ef81d..50624c21c 100644 --- a/app/init.php +++ b/app/init.php @@ -790,9 +790,11 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons Authorization::setDefaultStatus(true); Auth::setCookieName('a_session_' . $project->getId()); + $authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG; if (APP_MODE_ADMIN === $mode) { Auth::setCookieName('a_session_' . $console->getId()); + $authDuration = Auth::TOKEN_EXPIRATION_LOGIN_LONG; } $session = Auth::decodeSession( @@ -829,8 +831,6 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons $user = $dbForConsole->getDocument('users', Auth::$unique); } - $authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG; - if ( $user->isEmpty() // Check a document has been found in the DB || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration) diff --git a/app/tasks/maintenance.php b/app/tasks/maintenance.php index 96264a996..7199a338e 100644 --- a/app/tasks/maintenance.php +++ b/app/tasks/maintenance.php @@ -98,7 +98,6 @@ $cli { (new Delete()) ->setType(DELETE_TYPE_SESSIONS) - ->setDatetime(DateTime::addSeconds(new \DateTime(), -1 * Auth::TOKEN_EXPIRATION_LOGIN_LONG)) //TODO: Update to use project session expiration instead of default. ->trigger(); } diff --git a/app/workers/deletes.php b/app/workers/deletes.php index 364e64842..5dc7e8d73 100644 --- a/app/workers/deletes.php +++ b/app/workers/deletes.php @@ -1,5 +1,6 @@ deleteExpiredSessions($this->args['datetime']); + $this->deleteExpiredSessions(); break; case DELETE_TYPE_CERTIFICATES: @@ -105,7 +107,7 @@ class DeletesV1 extends Worker break; case DELETE_TYPE_USAGE: - $this->deleteUsageStats($this->args['dateTime1d'], $this->args['hourlyUsageRetentionDatetime']); + $this->deleteUsageStats($this->args['hourlyUsageRetentionDatetime']); break; case DELETE_TYPE_CACHE_BY_RESOURCE: @@ -214,7 +216,6 @@ class DeletesV1 extends Worker } /** - * @param string $datetime1d * @param string $hourlyUsageRetentionDatetime */ protected function deleteUsageStats(string $hourlyUsageRetentionDatetime) @@ -316,16 +317,20 @@ class DeletesV1 extends Worker }); } - /** - * @param string $datetime - */ - protected function deleteExpiredSessions(string $datetime): void + protected function deleteExpiredSessions(): void { - $this->deleteForProjectIds(function (string $projectId) use ($datetime) { + $consoleDB = $this->getConsoleDB(); + + $this->deleteForProjectIds(function (string $projectId) use ($consoleDB) { $dbForProject = $this->getProjectDB($projectId); + + $project = $consoleDB->getDocument('projects', $projectId); + $duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG; + $expired = DateTime::addSeconds(new \DateTime(), -1 * $duration); + // Delete Sessions $this->deleteByGroup('sessions', [ - Query::lessThan('expire', $datetime) + Query::lessThan('$createdAt', $expired) ], $dbForProject); }); }