1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 # Tasks that can be useful when changing token expiration policies by assigning
6 # a non-zero value to Login.TokenLifetime config.
9 require 'current_api_client'
12 desc "Apply expiration policy on long lived tokens"
13 task fix_long_lived_tokens: :environment do
14 lifetime = Rails.configuration.API.MaxTokenLifetime
15 if lifetime.nil? or lifetime == 0
16 lifetime = Rails.configuration.Login.TokenLifetime
18 if lifetime.nil? or lifetime == 0
19 puts("No expiration policy set (API.MaxTokenLifetime nor Login.TokenLifetime is set), nothing to do.")
22 exp_date = Time.now + lifetime
23 puts("Setting token expiration to: #{exp_date}")
25 ll_tokens(lifetime).each do |auth|
27 printf("*** WARNING, found ApiClientAuthorization with invalid user: auth id: %d, user id: %d\n", auth.id, auth.user_id)
30 if (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
31 CurrentApiClientHelper.act_as_system_user do
32 auth.update_attributes!(expires_at: exp_date)
37 puts("#{token_count} tokens updated.")
40 desc "Show users with long lived tokens"
41 task check_long_lived_tokens: :environment do
42 lifetime = Rails.configuration.API.MaxTokenLifetime
43 if lifetime.nil? or lifetime == 0
44 lifetime = Rails.configuration.Login.TokenLifetime
46 if lifetime.nil? or lifetime == 0
47 puts("No expiration policy set (API.MaxTokenLifetime nor Login.TokenLifetime is set), nothing to do.")
52 ll_tokens(lifetime).each do |auth|
54 printf("*** WARNING, found ApiClientAuthorization with invalid user: auth id: %d, user id: %d\n", auth.id, auth.user_id)
57 if not auth.user.nil? and (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
58 user_ids.add(auth.user_id)
64 puts("Found #{token_count} long-lived tokens from users:")
65 user_ids.each do |uid|
67 puts("#{u.username},#{u.email},#{u.uuid}") if !u.nil?
70 puts("No long-lived tokens found.")
74 def ll_tokens(lifetime)
75 query = ApiClientAuthorization.where(expires_at: nil)
76 query = query.or(ApiClientAuthorization.where("expires_at > ?", Time.now + lifetime))