CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-05-16 18:52:33 +12:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4739 from appwrite/fix-session-expiry

Browse source 
Fix session expiration
This commit is contained in:
Torsten Dittmann 2022-11-23 17:52:20 +01:00 committed by GitHub
parent 2a7fae54e0 0d0de17d15
commit 8406551cef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES.md
View file

@ -1,6 +1,8 @@
# Version 1.1.2 # Version 1.1.2
## Changes ## Changes
- Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763) - Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
- Fix session expiration, and expired session deletion [#4739](https://github.com/appwrite/appwrite/pull/4739)
# Version 1.1.1 # Version 1.1.1
## Bugs ## Bugs

4
app/init.php
View file

@ -790,9 +790,11 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
Authorization::setDefaultStatus(true); Authorization::setDefaultStatus(true);
Auth::setCookieName('a_session_' . $project->getId()); Auth::setCookieName('a_session_' . $project->getId());
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
if (APP_MODE_ADMIN === $mode) { if (APP_MODE_ADMIN === $mode) {
Auth::setCookieName('a_session_' . $console->getId()); Auth::setCookieName('a_session_' . $console->getId());
$authDuration = Auth::TOKEN_EXPIRATION_LOGIN_LONG;
} }
$session = Auth::decodeSession( $session = Auth::decodeSession(
@ -829,8 +831,6 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
$user = $dbForConsole->getDocument('users', Auth::$unique); $user = $dbForConsole->getDocument('users', Auth::$unique);
} }
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
if ( if (
$user->isEmpty() // Check a document has been found in the DB $user->isEmpty() // Check a document has been found in the DB
|| !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration) || !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration)

1
app/tasks/maintenance.php
View file

@ -98,7 +98,6 @@ $cli
{ {
(new Delete()) (new Delete())
->setType(DELETE_TYPE_SESSIONS) ->setType(DELETE_TYPE_SESSIONS)
->setDatetime(DateTime::addSeconds(new \DateTime(), -1 * Auth::TOKEN_EXPIRATION_LOGIN_LONG)) //TODO: Update to use project session expiration instead of default.
->trigger(); ->trigger();
} }

23
app/workers/deletes.php
View file

@ -1,5 +1,6 @@
<?php <?php
use Appwrite\Auth\Auth;
use Utopia\App; use Utopia\App;
use Utopia\Cache\Adapter\Filesystem; use Utopia\Cache\Adapter\Filesystem;
use Utopia\Cache\Cache; use Utopia\Cache\Cache;
@ -13,6 +14,7 @@ use Utopia\Abuse\Abuse;
use Utopia\Abuse\Adapters\TimeLimit; use Utopia\Abuse\Adapters\TimeLimit;
use Utopia\CLI\Console; use Utopia\CLI\Console;
use Utopia\Audit\Audit; use Utopia\Audit\Audit;
use Utopia\Database\DateTime;
require_once __DIR__ . '/../init.php'; require_once __DIR__ . '/../init.php';
@ -96,7 +98,7 @@ class DeletesV1 extends Worker
break; break;
case DELETE_TYPE_SESSIONS: case DELETE_TYPE_SESSIONS:
$this->deleteExpiredSessions($this->args['datetime']); $this->deleteExpiredSessions();
break; break;
case DELETE_TYPE_CERTIFICATES: case DELETE_TYPE_CERTIFICATES:
@ -105,7 +107,7 @@ class DeletesV1 extends Worker
break; break;
case DELETE_TYPE_USAGE: case DELETE_TYPE_USAGE:
$this->deleteUsageStats($this->args['dateTime1d'], $this->args['hourlyUsageRetentionDatetime']); $this->deleteUsageStats($this->args['hourlyUsageRetentionDatetime']);
break; break;
case DELETE_TYPE_CACHE_BY_RESOURCE: case DELETE_TYPE_CACHE_BY_RESOURCE:
@ -214,7 +216,6 @@ class DeletesV1 extends Worker
} }
/** /**
* @param string $datetime1d
* @param string $hourlyUsageRetentionDatetime * @param string $hourlyUsageRetentionDatetime
*/ */
protected function deleteUsageStats(string $hourlyUsageRetentionDatetime) protected function deleteUsageStats(string $hourlyUsageRetentionDatetime)
@ -316,16 +317,20 @@ class DeletesV1 extends Worker
}); });
} }
/** protected function deleteExpiredSessions(): void
* @param string $datetime
*/
protected function deleteExpiredSessions(string $datetime): void
{ {
$this->deleteForProjectIds(function (string $projectId) use ($datetime) { $consoleDB = $this->getConsoleDB();
$this->deleteForProjectIds(function (string $projectId) use ($consoleDB) {
$dbForProject = $this->getProjectDB($projectId); $dbForProject = $this->getProjectDB($projectId);
$project = $consoleDB->getDocument('projects', $projectId);
$duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
$expired = DateTime::addSeconds(new \DateTime(), -1 * $duration);
// Delete Sessions // Delete Sessions
$this->deleteByGroup('sessions', [ $this->deleteByGroup('sessions', [
Query::lessThan('expire', $datetime) Query::lessThan('$createdAt', $expired)
], $dbForProject); ], $dbForProject);
}); });
} }