1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 # Tasks that can be useful when changing token expiration policies by assigning
6 # a non-zero value to Login.TokenLifetime config.
9 require 'current_api_client'
12 desc "Apply expiration policy on long lived tokens"
13 task fix_long_lived_tokens: :environment do
14 lifetime = Rails.configuration.API.MaxTokenLifetime
15 if lifetime.nil? or lifetime == 0
16 lifetime = Rails.configuration.Login.TokenLifetime
18 if lifetime.nil? or lifetime == 0
19 puts("No expiration policy set (API.MaxTokenLifetime nor Login.TokenLifetime is set), nothing to do.")
23 exp_date = Time.now + lifetime
24 puts("Setting token expiration to: #{exp_date}")
26 ll_tokens(lifetime).each do |auth|
28 printf("*** WARNING, found ApiClientAuthorization with invalid user: auth id: %d, user id: %d\n", auth.id, auth.user_id)
32 if (auth.user.uuid =~ /-tpzed-000000000000000/).nil? and (auth.user.uuid =~ /-tpzed-anonymouspublic/).nil?
33 CurrentApiClientHelper.act_as_system_user do
34 auth.update_attributes!(expires_at: exp_date)
39 puts("#{token_count} tokens updated.")
42 desc "Show users with long lived tokens"
43 task check_long_lived_tokens: :environment do
44 lifetime = Rails.configuration.API.MaxTokenLifetime
45 if lifetime.nil? or lifetime == 0
46 lifetime = Rails.configuration.Login.TokenLifetime
48 if lifetime.nil? or lifetime == 0
49 puts("No expiration policy set (API.MaxTokenLifetime nor Login.TokenLifetime is set), nothing to do.")
55 ll_tokens(lifetime).each do |auth|
57 printf("*** WARNING, found ApiClientAuthorization with invalid user: auth id: %d, user id: %d\n", auth.id, auth.user_id)
61 if not auth.user.nil? and (auth.user.uuid =~ /-tpzed-000000000000000/).nil? and (auth.user.uuid =~ /-tpzed-anonymouspublic/).nil?
62 user_ids.add(auth.user_id)
68 puts("Found #{token_count} long-lived tokens from users:")
69 user_ids.each do |uid|
71 puts("#{u.username},#{u.email},#{u.uuid}") if !u.nil?
74 puts("No long-lived tokens found.")
78 def ll_tokens(lifetime)
79 query = ApiClientAuthorization.where(expires_at: nil)
80 query = query.or(ApiClientAuthorization.where("expires_at > ?", Time.now + lifetime))