[ARVADOS] updated: 1.3.0-2957-g00e16fb98
Git user
git at public.arvados.org
Sat Aug 22 01:45:53 UTC 2020
Summary of changes:
lib/config/export.go | 1 -
.../api/lib/tasks/manage_long_lived_tokens.rake | 61 ++++++++++++++++++++++
2 files changed, 61 insertions(+), 1 deletion(-)
create mode 100644 services/api/lib/tasks/manage_long_lived_tokens.rake
via 00e16fb980a0a234d5944ffb06c5614d19280921 (commit)
via 9ef2a81fb159c8b4aad625cd4a45fd89b21e3ac6 (commit)
from 614145d096375ae18c7020e8f9205eaa2a1d0d39 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 00e16fb980a0a234d5944ffb06c5614d19280921
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date: Fri Aug 21 22:44:49 2020 -0300
16678: Adds rake task to manage long lived tokens.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>
diff --git a/services/api/lib/tasks/manage_long_lived_tokens.rake b/services/api/lib/tasks/manage_long_lived_tokens.rake
new file mode 100644
index 000000000..7bcf315b0
--- /dev/null
+++ b/services/api/lib/tasks/manage_long_lived_tokens.rake
@@ -0,0 +1,61 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+# Tasks that can be useful when changing token expiration policies by assigning
+# a non-zero value to Login.TokenLifetime config.
+
+require 'set'
+require 'current_api_client'
+
+namespace :db do
+ desc "Apply expiration policy on long lived tokens"
+ task fix_long_lived_tokens: :environment do
+ if Rails.configuration.Login.TokenLifetime == 0
+ puts("No expiration policy set on Login.TokenLifetime.")
+ else
+ exp_date = Time.now + Rails.configuration.Login.TokenLifetime
+ puts("Setting token expiration to: #{exp_date}")
+ token_count = 0
+ ll_tokens.each do |auth|
+ if (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
+ CurrentApiClientHelper.act_as_system_user do
+ auth.update_attributes!(expires_at: exp_date)
+ end
+ token_count += 1
+ end
+ end
+ puts("#{token_count} tokens updated.")
+ end
+ end
+
+ desc "Show users with long lived tokens"
+ task check_long_lived_tokens: :environment do
+ user_ids = Set.new()
+ token_count = 0
+ ll_tokens.each do |auth|
+ if (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
+ user_ids.add(auth.user_id)
+ token_count += 1
+ end
+ end
+
+ if user_ids.size > 0
+ puts("Found #{token_count} long-lived tokens from users:")
+ user_ids.each do |uid|
+ u = User.find(uid)
+ puts("#{u.username},#{u.email},#{u.uuid}") if !u.nil?
+ end
+ else
+ puts("No long-lived tokens found.")
+ end
+ end
+
+ def ll_tokens
+ query = ApiClientAuthorization.where(expires_at: nil)
+ if Rails.configuration.Login.TokenLifetime > 0
+ query = query.or(ApiClientAuthorization.where("expires_at > ?", Time.now + Rails.configuration.Login.TokenLifetime))
+ end
+ query
+ end
+end
commit 9ef2a81fb159c8b4aad625cd4a45fd89b21e3ac6
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date: Fri Aug 21 18:51:51 2020 -0300
16678: Fixes mistake on previous merge.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>
diff --git a/lib/config/export.go b/lib/config/export.go
index 57bea78f0..76f00c765 100644
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -170,7 +170,6 @@ var whitelist = map[string]bool{
"Login.SSO.Enable": true,
"Login.SSO.ProviderAppID": false,
"Login.SSO.ProviderAppSecret": false,
- "Login.RemoteTokenRefresh": true,
"Login.TokenLifetime": false,
"Mail": true,
"Mail.EmailFrom": false,
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list