FEATURE: notify admins about old credentials (#9918)

* FEATURE: notify admins about old credentials Security and API keys should be renewed periodically. This additional notification should help admins keep their Discourse safe and secure.
2025-02-25 18:55:32 -06:00 · 2020-06-01 13:49:27 +10:00
parent b0b37bf5a3
commit 9a6ef80739
4 changed files with 157 additions and 0 deletions
--- a/app/jobs/scheduled/old_keys_reminder.rb
+++ b/app/jobs/scheduled/old_keys_reminder.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Jobs
+  class OldKeysReminder < ::Jobs::Scheduled
+    every 1.month
+
+    OLD_CREDENTIALS_PERIOD = 2.years
+
+    def execute(_args)
+      return if SiteSetting.send_old_credential_reminder_days.to_i == 0
+      return if message_exists?
+      return if old_site_settings_keys.blank? && old_api_keys.blank?
+      PostCreator.create!(
+        Discourse.system_user,
+        title: title,
+        raw: body,
+        archetype: Archetype.private_message,
+        target_usernames: admins.map(&:username),
+        validate: false
+      )
+    end
+
+    private
+
+    def old_site_settings_keys
+      @old_site_settings_keys ||= SiteSetting.secret_settings.each_with_object([]) do |secret_name, old_keys|
+        site_setting = SiteSetting.find_by(name: secret_name)
+        next if site_setting&.value.blank?
+        next if site_setting.updated_at + OLD_CREDENTIALS_PERIOD > Time.zone.now
+        old_keys << site_setting
+      end.sort_by { |key| key.updated_at }
+    end
+
+    def old_api_keys
+      @old_api_keys ||= ApiKey.all.order(created_at: :asc).each_with_object([]) do |api_key, old_keys|
+        next if api_key.created_at + OLD_CREDENTIALS_PERIOD > Time.zone.now
+        old_keys << api_key
+      end
+    end
+
+    def admins
+      User.real.admins
+    end
+
+    def message_exists?
+      message = Topic.private_messages.with_deleted.find_by(title: title)
+      message && message.created_at + SiteSetting.send_old_credential_reminder_days.to_i.days > Time.zone.now
+    end
+
+    def title
+      I18n.t('old_keys_reminder.title')
+    end
+
+    def body
+      I18n.t('old_keys_reminder.body', keys: keys_list)
+    end
+
+    def keys_list
+      messages = old_site_settings_keys.map { |key| "#{key.name} - #{key.updated_at.to_date.to_s(:db)}" }
+      old_api_keys.each_with_object(messages) { |key, array| array << "#{[key.description, key.user&.username, key.created_at.to_date.to_s(:db)].compact.join(" - ")}" }
+      messages.join("\n")
+    end
+  end
+end