Merge pull request #4739 from appwrite/fix-session-expiry
Fix session expiration
This commit is contained in:
commit
8406551cef
|
@ -1,6 +1,8 @@
|
||||||
|
|
||||||
# Version 1.1.2
|
# Version 1.1.2
|
||||||
## Changes
|
## Changes
|
||||||
- Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
|
- Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
|
||||||
|
- Fix session expiration, and expired session deletion [#4739](https://github.com/appwrite/appwrite/pull/4739)
|
||||||
|
|
||||||
# Version 1.1.1
|
# Version 1.1.1
|
||||||
## Bugs
|
## Bugs
|
||||||
|
|
|
@ -790,9 +790,11 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
|
||||||
Authorization::setDefaultStatus(true);
|
Authorization::setDefaultStatus(true);
|
||||||
|
|
||||||
Auth::setCookieName('a_session_' . $project->getId());
|
Auth::setCookieName('a_session_' . $project->getId());
|
||||||
|
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
||||||
|
|
||||||
if (APP_MODE_ADMIN === $mode) {
|
if (APP_MODE_ADMIN === $mode) {
|
||||||
Auth::setCookieName('a_session_' . $console->getId());
|
Auth::setCookieName('a_session_' . $console->getId());
|
||||||
|
$authDuration = Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
||||||
}
|
}
|
||||||
|
|
||||||
$session = Auth::decodeSession(
|
$session = Auth::decodeSession(
|
||||||
|
@ -829,8 +831,6 @@ App::setResource('user', function ($mode, $project, $console, $request, $respons
|
||||||
$user = $dbForConsole->getDocument('users', Auth::$unique);
|
$user = $dbForConsole->getDocument('users', Auth::$unique);
|
||||||
}
|
}
|
||||||
|
|
||||||
$authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
|
||||||
|
|
||||||
if (
|
if (
|
||||||
$user->isEmpty() // Check a document has been found in the DB
|
$user->isEmpty() // Check a document has been found in the DB
|
||||||
|| !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration)
|
|| !Auth::sessionVerify($user->getAttribute('sessions', []), Auth::$secret, $authDuration)
|
||||||
|
|
|
@ -98,7 +98,6 @@ $cli
|
||||||
{
|
{
|
||||||
(new Delete())
|
(new Delete())
|
||||||
->setType(DELETE_TYPE_SESSIONS)
|
->setType(DELETE_TYPE_SESSIONS)
|
||||||
->setDatetime(DateTime::addSeconds(new \DateTime(), -1 * Auth::TOKEN_EXPIRATION_LOGIN_LONG)) //TODO: Update to use project session expiration instead of default.
|
|
||||||
->trigger();
|
->trigger();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
use Appwrite\Auth\Auth;
|
||||||
use Utopia\App;
|
use Utopia\App;
|
||||||
use Utopia\Cache\Adapter\Filesystem;
|
use Utopia\Cache\Adapter\Filesystem;
|
||||||
use Utopia\Cache\Cache;
|
use Utopia\Cache\Cache;
|
||||||
|
@ -13,6 +14,7 @@ use Utopia\Abuse\Abuse;
|
||||||
use Utopia\Abuse\Adapters\TimeLimit;
|
use Utopia\Abuse\Adapters\TimeLimit;
|
||||||
use Utopia\CLI\Console;
|
use Utopia\CLI\Console;
|
||||||
use Utopia\Audit\Audit;
|
use Utopia\Audit\Audit;
|
||||||
|
use Utopia\Database\DateTime;
|
||||||
|
|
||||||
require_once __DIR__ . '/../init.php';
|
require_once __DIR__ . '/../init.php';
|
||||||
|
|
||||||
|
@ -96,7 +98,7 @@ class DeletesV1 extends Worker
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DELETE_TYPE_SESSIONS:
|
case DELETE_TYPE_SESSIONS:
|
||||||
$this->deleteExpiredSessions($this->args['datetime']);
|
$this->deleteExpiredSessions();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DELETE_TYPE_CERTIFICATES:
|
case DELETE_TYPE_CERTIFICATES:
|
||||||
|
@ -105,7 +107,7 @@ class DeletesV1 extends Worker
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DELETE_TYPE_USAGE:
|
case DELETE_TYPE_USAGE:
|
||||||
$this->deleteUsageStats($this->args['dateTime1d'], $this->args['hourlyUsageRetentionDatetime']);
|
$this->deleteUsageStats($this->args['hourlyUsageRetentionDatetime']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case DELETE_TYPE_CACHE_BY_RESOURCE:
|
case DELETE_TYPE_CACHE_BY_RESOURCE:
|
||||||
|
@ -214,7 +216,6 @@ class DeletesV1 extends Worker
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $datetime1d
|
|
||||||
* @param string $hourlyUsageRetentionDatetime
|
* @param string $hourlyUsageRetentionDatetime
|
||||||
*/
|
*/
|
||||||
protected function deleteUsageStats(string $hourlyUsageRetentionDatetime)
|
protected function deleteUsageStats(string $hourlyUsageRetentionDatetime)
|
||||||
|
@ -316,16 +317,20 @@ class DeletesV1 extends Worker
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
protected function deleteExpiredSessions(): void
|
||||||
* @param string $datetime
|
|
||||||
*/
|
|
||||||
protected function deleteExpiredSessions(string $datetime): void
|
|
||||||
{
|
{
|
||||||
$this->deleteForProjectIds(function (string $projectId) use ($datetime) {
|
$consoleDB = $this->getConsoleDB();
|
||||||
|
|
||||||
|
$this->deleteForProjectIds(function (string $projectId) use ($consoleDB) {
|
||||||
$dbForProject = $this->getProjectDB($projectId);
|
$dbForProject = $this->getProjectDB($projectId);
|
||||||
|
|
||||||
|
$project = $consoleDB->getDocument('projects', $projectId);
|
||||||
|
$duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
|
||||||
|
$expired = DateTime::addSeconds(new \DateTime(), -1 * $duration);
|
||||||
|
|
||||||
// Delete Sessions
|
// Delete Sessions
|
||||||
$this->deleteByGroup('sessions', [
|
$this->deleteByGroup('sessions', [
|
||||||
Query::lessThan('expire', $datetime)
|
Query::lessThan('$createdAt', $expired)
|
||||||
], $dbForProject);
|
], $dbForProject);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue