1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 # Tasks that can be useful when changing token expiration policies by assigning
6 # a non-zero value to Login.TokenLifetime config.
9 require 'current_api_client'
12 desc "Apply expiration policy on long lived tokens"
13 task fix_long_lived_tokens: :environment do
14 if Rails.configuration.Login.TokenLifetime == 0
15 puts("No expiration policy set on Login.TokenLifetime.")
17 exp_date = Time.now + Rails.configuration.Login.TokenLifetime
18 puts("Setting token expiration to: #{exp_date}")
20 ll_tokens.each do |auth|
21 if (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
22 CurrentApiClientHelper.act_as_system_user do
23 auth.update_attributes!(expires_at: exp_date)
28 puts("#{token_count} tokens updated.")
32 desc "Show users with long lived tokens"
33 task check_long_lived_tokens: :environment do
36 ll_tokens.each do |auth|
37 if (auth.user.uuid =~ /-tpzed-000000000000000/).nil?
38 user_ids.add(auth.user_id)
44 puts("Found #{token_count} long-lived tokens from users:")
45 user_ids.each do |uid|
47 puts("#{u.username},#{u.email},#{u.uuid}") if !u.nil?
50 puts("No long-lived tokens found.")
55 query = ApiClientAuthorization.where(expires_at: nil)
56 if Rails.configuration.Login.TokenLifetime > 0
57 query = query.or(ApiClientAuthorization.where("expires_at > ?", Time.now + Rails.configuration.Login.TokenLifetime))