From 8044818a4d095e029df0935c7707e959f1291d31 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 5 Aug 2021 23:25:40 +0200 Subject: [PATCH] core: add additional cleanup for authenticated sessions Signed-off-by: Jens Langhammer --- .../migrations/0026_alter_application_meta_icon.py | 4 ++++ authentik/core/models.py | 5 +++++ authentik/core/tasks.py | 14 +++++++++++++- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/authentik/core/migrations/0026_alter_application_meta_icon.py b/authentik/core/migrations/0026_alter_application_meta_icon.py index d2a0aed56..451afa01c 100644 --- a/authentik/core/migrations/0026_alter_application_meta_icon.py +++ b/authentik/core/migrations/0026_alter_application_meta_icon.py @@ -17,4 +17,8 @@ class Migration(migrations.Migration): default=None, max_length=500, null=True, upload_to="application-icons/" ), ), + migrations.AlterModelOptions( + name='authenticatedsession', + options={'verbose_name': 'Authenticated Session', 'verbose_name_plural': 'Authenticated Sessions'}, + ), ] diff --git a/authentik/core/models.py b/authentik/core/models.py index de6a99b19..4905e2965 100644 --- a/authentik/core/models.py +++ b/authentik/core/models.py @@ -519,3 +519,8 @@ class AuthenticatedSession(ExpiringModel): last_user_agent=request.META.get("HTTP_USER_AGENT", ""), expires=request.session.get_expiry_date(), ) + + class Meta: + + verbose_name = _("Authenticated Session") + verbose_name_plural = _("Authenticated Sessions") diff --git a/authentik/core/tasks.py b/authentik/core/tasks.py index 591880502..c2b824c52 100644 --- a/authentik/core/tasks.py +++ b/authentik/core/tasks.py @@ -7,12 +7,14 @@ from boto3.exceptions import Boto3Error from botocore.exceptions import BotoCoreError, ClientError from dbbackup.db.exceptions import CommandConnectorError from django.contrib.humanize.templatetags.humanize import naturaltime +from django.contrib.sessions.backends.cache import KEY_PREFIX from django.core import management +from django.core.cache import cache from django.utils.timezone import now from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME from structlog.stdlib import get_logger -from authentik.core.models import ExpiringModel +from authentik.core.models import AuthenticatedSession, ExpiringModel from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.lib.config import CONFIG from authentik.root.celery import CELERY_APP @@ -34,6 +36,16 @@ def clean_expired_models(self: MonitoredTask): amount = objects.count() LOGGER.debug("Expired models", model=cls, amount=amount) messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}") + # Special case + amount = 0 + for session in AuthenticatedSession.objects.all(): + cache_key = f"{KEY_PREFIX}{session.session_key}" + value = cache.get(cache_key) + if not value: + session.delete() + amount += 1 + LOGGER.debug("Expired sessions", model=AuthenticatedSession, amount=amount) + messages.append(f"Expired {amount} {AuthenticatedSession._meta.verbose_name_plural}") self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))