diff --git a/conf/defaults.ini b/conf/defaults.ini index 41b948e53af..d0fc1133fac 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -256,8 +256,8 @@ login_maximum_lifetime_days = 30 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. token_rotation_interval_minutes = 10 -# How often should expired auth tokens be deleted from the database. The default is 7 days. -expired_tokens_cleanup_interval_days = 7 +# How often should expired auth tokens be deleted from the database. The default is each hour. +expired_tokens_cleanup_interval_hours = 1 # Set to true to disable (hide) the login form, useful if you use OAuth disable_login_form = false diff --git a/conf/sample.ini b/conf/sample.ini index 831fa31253e..2ff37239abf 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -236,8 +236,8 @@ log_queries = # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. ;token_rotation_interval_minutes = 10 -# How often should expired auth tokens be deleted from the database. The default is 7 days. -;expired_tokens_cleanup_interval_days = 7 +# How often should expired auth tokens be deleted from the database. The default is each hour. +;expired_tokens_cleanup_interval_hours = 1 # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false ;disable_login_form = false diff --git a/docs/sources/auth/overview.md b/docs/sources/auth/overview.md index fba8da00a5e..0f563fbe8d5 100644 --- a/docs/sources/auth/overview.md +++ b/docs/sources/auth/overview.md @@ -64,8 +64,8 @@ login_maximum_lifetime_days = 30 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes. token_rotation_interval_minutes = 10 -# How often should expired auth tokens be deleted from the database. The default is 7 days. -expired_tokens_cleanup_interval_days = 7 +# How often should expired auth tokens be deleted from the database. The default is each hour. +expired_tokens_cleanup_interval_hours = 1 ``` ### Anonymous authentication diff --git a/pkg/services/auth/auth_token_test.go b/pkg/services/auth/auth_token_test.go index 3313af9f87f..964bd499a01 100644 --- a/pkg/services/auth/auth_token_test.go +++ b/pkg/services/auth/auth_token_test.go @@ -423,10 +423,10 @@ func createTestContext(t *testing.T) *testContext { tokenService := &UserAuthTokenService{ SQLStore: sqlstore, Cfg: &setting.Cfg{ - LoginMaxInactiveLifetimeDays: 7, - LoginMaxLifetimeDays: 30, - TokenRotationIntervalMinutes: 10, - ExpiredTokensCleanupIntervalDays: 1, + LoginMaxInactiveLifetimeDays: 7, + LoginMaxLifetimeDays: 30, + TokenRotationIntervalMinutes: 10, + ExpiredTokensCleanupIntervalHours: 1, }, log: log.New("test-logger"), } diff --git a/pkg/services/auth/token_cleanup.go b/pkg/services/auth/token_cleanup.go index d0e12c9c0e1..0d5cbdaca10 100644 --- a/pkg/services/auth/token_cleanup.go +++ b/pkg/services/auth/token_cleanup.go @@ -6,25 +6,29 @@ import ( ) func (srv *UserAuthTokenService) Run(ctx context.Context) error { - if srv.Cfg.ExpiredTokensCleanupIntervalDays <= 0 { - srv.log.Debug("cleanup of expired auth tokens are disabled") - return nil - } - - jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalDays) * 24 * time.Hour - srv.log.Debug("cleanup of expired auth tokens are enabled", "intervalDays", srv.Cfg.ExpiredTokensCleanupIntervalDays) - + jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalHours) * time.Hour ticker := time.NewTicker(jobInterval) maxInactiveLifetime := time.Duration(srv.Cfg.LoginMaxInactiveLifetimeDays) * 24 * time.Hour maxLifetime := time.Duration(srv.Cfg.LoginMaxLifetimeDays) * 24 * time.Hour + err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() { + srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime) + }) + if err != nil { + srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err) + } + for { select { case <-ticker.C: - srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() { + err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() { srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime) }) + if err != nil { + srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err) + } + case <-ctx.Done(): return ctx.Err() } diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go index 9f7d03bb472..43ac46e5ab8 100644 --- a/pkg/setting/setting.go +++ b/pkg/setting/setting.go @@ -233,11 +233,11 @@ type Cfg struct { EnterpriseLicensePath string // Auth - LoginCookieName string - LoginMaxInactiveLifetimeDays int - LoginMaxLifetimeDays int - TokenRotationIntervalMinutes int - ExpiredTokensCleanupIntervalDays int + LoginCookieName string + LoginMaxInactiveLifetimeDays int + LoginMaxLifetimeDays int + TokenRotationIntervalMinutes int + ExpiredTokensCleanupIntervalHours int } type CommandLineArgs struct { @@ -673,7 +673,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error { if cfg.TokenRotationIntervalMinutes < 2 { cfg.TokenRotationIntervalMinutes = 2 } - cfg.ExpiredTokensCleanupIntervalDays = auth.Key("expired_tokens_cleanup_interval_days").MustInt(7) + cfg.ExpiredTokensCleanupIntervalHours = auth.Key("expired_tokens_cleanup_interval_hours").MustInt(1) DisableLoginForm = auth.Key("disable_login_form").MustBool(false) DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)