Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider expires_in when clear expired tokens with StaleRecordsCleaner #1690

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

Paultdx
Copy link
Contributor

@Paultdx Paultdx commented Feb 10, 2024

Presumably fixes #1688.
Consider expires_in when comparing with Time.current.

@@ -28,6 +28,7 @@ def clean_expired(ttl)
@base_scope
.where.not(expires_in: nil)
.where(table[:created_at].lt(Time.current - ttl))
.where(table[:created_at] + table[:expires_in].lt(Time.current))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't we have an issues with timezones? I believe we're storing UTC and should use the same value regardless of configured application timezone, WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I believe .where(table[:created_at].lt(Time.current - ttl)) does the same 🤔 By calculating ttl from configuration

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nbulaj it does the same only if you rely on the ttl from configuration. If in your app your are creating tokens with different expiration times you need to consider expires_in and perform calculations with it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @fredplante , you mean tokens created manually with some custom TTL, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nbulaj Yes, that's what I meant. For info, we had to create a custom task. Here is what we're doing (we use PG):

DoorkeeperExtensions::AccessToken
    .where(refresh_token: nil)
    .where.not(expires_in: nil)
    .where("? > (oauth_access_tokens.created_at + INTERVAL '1 second' * expires_in)", Time.current)
    .in_batches(&:delete_all)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

@nbulaj nbulaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Can we please rebase and update a changelog? 🙏

Thanks!

@Paultdx
Copy link
Contributor Author

Paultdx commented Nov 4, 2024

Hey @nbulaj @fredplante thanks for checking!
I am without a pc for an upcoming week, will update it as soon as I have access.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Cleanup job removes not expired tokens
3 participants