Commit a189cd18 by Will Browne Committed by GitHub

Users: Expire old user invites (#27361)

* expire with existng cleanup service

* expire with new temp user service

* make Drone happy :)

* add expiry status

* remove other approach

* cleanup

* add test for idempotency

* add migration from datetime to unix ts

* update cmd names

* change lifetime config to duration

* remove unnecessart formatting

* add comment

* update docs

* remove max bound and introduce min error

* simplify sql

* remove comment

* allow any outstanding to exist for at least 24 hours

* revert created ts change

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* add extra state check to cleanup step

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
parent 8e56dd02
...@@ -293,6 +293,9 @@ viewers_can_edit = false ...@@ -293,6 +293,9 @@ viewers_can_edit = false
# Editors can administrate dashboard, folders and teams they create # Editors can administrate dashboard, folders and teams they create
editors_can_admin = false editors_can_admin = false
# The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes).
user_invite_max_lifetime_duration = 24h
[auth] [auth]
# Login cookie name # Login cookie name
login_cookie_name = grafana_session login_cookie_name = grafana_session
......
...@@ -292,11 +292,14 @@ ...@@ -292,11 +292,14 @@
# Editors can administrate dashboard, folders and teams they create # Editors can administrate dashboard, folders and teams they create
;editors_can_admin = false ;editors_can_admin = false
# The duration in time a user invitation remains valid before expiring. This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week). Default is 24h (24 hours). The minimum supported duration is 15m (15 minutes).
;user_invite_max_lifetime_duration = 24h
[auth] [auth]
# Login cookie name # Login cookie name
;login_cookie_name = grafana_session ;login_cookie_name = grafana_session
# The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation # The maximum lifetime (duration) an authenticated user can be inactive before being required to login at next visit. Default is 7 days (7d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). The lifetime resets at each successful token rotation.
;login_maximum_inactive_lifetime_duration = ;login_maximum_inactive_lifetime_duration =
# The maximum lifetime (duration) an authenticated user can be logged in since login time before being required to login. Default is 30 days (30d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month). # The maximum lifetime (duration) an authenticated user can be logged in since login time before being required to login. Default is 30 days (30d). This setting should be expressed as a duration, e.g. 5m (minutes), 6h (hours), 10d (days), 2w (weeks), 1M (month).
......
...@@ -621,6 +621,12 @@ Default is `false`. ...@@ -621,6 +621,12 @@ Default is `false`.
Editors can administrate dashboards, folders and teams they create. Editors can administrate dashboards, folders and teams they create.
Default is `false`. Default is `false`.
### user_invite_max_lifetime_duration
The duration in time a user invitation remains valid before expiring.
This setting should be expressed as a duration. Examples: 6h (hours), 2d (days), 1w (week).
Default is `24h` (24 hours). The minimum supported duration is `15m` (15 minutes).
<hr> <hr>
## [auth] ## [auth]
......
...@@ -17,6 +17,7 @@ const ( ...@@ -17,6 +17,7 @@ const (
TmpUserInvitePending TempUserStatus = "InvitePending" TmpUserInvitePending TempUserStatus = "InvitePending"
TmpUserCompleted TempUserStatus = "Completed" TmpUserCompleted TempUserStatus = "Completed"
TmpUserRevoked TempUserStatus = "Revoked" TmpUserRevoked TempUserStatus = "Revoked"
TmpUserExpired TempUserStatus = "Expired"
) )
// TempUser holds data for org invites and unconfirmed sign ups // TempUser holds data for org invites and unconfirmed sign ups
...@@ -35,8 +36,8 @@ type TempUser struct { ...@@ -35,8 +36,8 @@ type TempUser struct {
Code string Code string
RemoteAddr string RemoteAddr string
Created time.Time Created int64
Updated time.Time Updated int64
} }
// --------------------- // ---------------------
...@@ -60,6 +61,12 @@ type UpdateTempUserStatusCommand struct { ...@@ -60,6 +61,12 @@ type UpdateTempUserStatusCommand struct {
Status TempUserStatus Status TempUserStatus
} }
type ExpireTempUsersCommand struct {
OlderThan time.Time
NumExpired int64
}
type UpdateTempUserWithEmailSentCommand struct { type UpdateTempUserWithEmailSentCommand struct {
Code string Code string
} }
......
...@@ -45,7 +45,7 @@ func (srv *CleanUpService) Run(ctx context.Context) error { ...@@ -45,7 +45,7 @@ func (srv *CleanUpService) Run(ctx context.Context) error {
srv.deleteExpiredSnapshots() srv.deleteExpiredSnapshots()
srv.deleteExpiredDashboardVersions() srv.deleteExpiredDashboardVersions()
srv.cleanUpOldAnnotations(ctxWithTimeout) srv.cleanUpOldAnnotations(ctxWithTimeout)
srv.expireOldUserInvites()
err := srv.ServerLockService.LockAndExecute(ctx, "delete old login attempts", err := srv.ServerLockService.LockAndExecute(ctx, "delete old login attempts",
time.Minute*10, func() { time.Minute*10, func() {
srv.deleteOldLoginAttempts() srv.deleteOldLoginAttempts()
...@@ -138,3 +138,16 @@ func (srv *CleanUpService) deleteOldLoginAttempts() { ...@@ -138,3 +138,16 @@ func (srv *CleanUpService) deleteOldLoginAttempts() {
srv.log.Debug("Deleted expired login attempts", "rows affected", cmd.DeletedRows) srv.log.Debug("Deleted expired login attempts", "rows affected", cmd.DeletedRows)
} }
} }
func (srv *CleanUpService) expireOldUserInvites() {
maxInviteLifetime := srv.Cfg.UserInviteMaxLifetime
cmd := models.ExpireTempUsersCommand{
OlderThan: time.Now().Add(-maxInviteLifetime),
}
if err := bus.Dispatch(&cmd); err != nil {
srv.log.Error("Problem expiring user invites", "error", err.Error())
} else {
srv.log.Debug("Expired user invites", "rows affected", cmd.NumExpired)
}
}
package migrations package migrations
import . "github.com/grafana/grafana/pkg/services/sqlstore/migrator" import (
"time"
. "github.com/grafana/grafana/pkg/services/sqlstore/migrator"
"xorm.io/xorm"
)
func addTempUserMigrations(mg *Migrator) { func addTempUserMigrations(mg *Migrator) {
tempUserV1 := Table{ tempUserV1 := Table{
...@@ -44,4 +49,65 @@ func addTempUserMigrations(mg *Migrator) { ...@@ -44,4 +49,65 @@ func addTempUserMigrations(mg *Migrator) {
{Name: "status", Type: DB_Varchar, Length: 20}, {Name: "status", Type: DB_Varchar, Length: 20},
{Name: "remote_addr", Type: DB_Varchar, Length: 255, Nullable: true}, {Name: "remote_addr", Type: DB_Varchar, Length: 255, Nullable: true},
})) }))
tempUserV2 := Table{
Name: "temp_user",
Columns: []*Column{
{Name: "id", Type: DB_BigInt, IsPrimaryKey: true, IsAutoIncrement: true},
{Name: "org_id", Type: DB_BigInt, Nullable: false},
{Name: "version", Type: DB_Int, Nullable: false},
{Name: "email", Type: DB_NVarchar, Length: 190},
{Name: "name", Type: DB_NVarchar, Length: 255, Nullable: true},
{Name: "role", Type: DB_NVarchar, Length: 20, Nullable: true},
{Name: "code", Type: DB_NVarchar, Length: 190},
{Name: "status", Type: DB_Varchar, Length: 20},
{Name: "invited_by_user_id", Type: DB_BigInt, Nullable: true},
{Name: "email_sent", Type: DB_Bool},
{Name: "email_sent_on", Type: DB_DateTime, Nullable: true},
{Name: "remote_addr", Type: DB_Varchar, Length: 255, Nullable: true},
{Name: "created", Type: DB_Int, Default: "0", Nullable: false},
{Name: "updated", Type: DB_Int, Default: "0", Nullable: false},
},
Indices: []*Index{
{Cols: []string{"email"}, Type: IndexType},
{Cols: []string{"org_id"}, Type: IndexType},
{Cols: []string{"code"}, Type: IndexType},
{Cols: []string{"status"}, Type: IndexType},
},
}
addTableReplaceMigrations(mg, tempUserV1, tempUserV2, 2, map[string]string{
"id": "id",
"org_id": "org_id",
"version": "version",
"email": "email",
"name": "name",
"role": "role",
"code": "code",
"status": "status",
"invited_by_user_id": "invited_by_user_id",
"email_sent": "email_sent",
"email_sent_on": "email_sent_on",
"remote_addr": "remote_addr",
})
// Ensure outstanding invites are given a valid lifetime post-migration
mg.AddMigration("Set created for temp users that will otherwise prematurely expire", &SetCreatedForOutstandingInvites{})
}
type SetCreatedForOutstandingInvites struct {
MigrationBase
}
func (m *SetCreatedForOutstandingInvites) Sql(dialect Dialect) string {
return "code migration"
}
func (m *SetCreatedForOutstandingInvites) Exec(sess *xorm.Session, mg *Migrator) error {
created := time.Now().Unix()
if _, err := sess.Exec("UPDATE "+mg.Dialect.Quote("temp_user")+
" SET created = ?, updated = ? WHERE created = '0' AND status in ('SignUpStarted', 'InvitePending')", created, created); err != nil {
return err
}
return nil
} }
...@@ -13,6 +13,7 @@ func init() { ...@@ -13,6 +13,7 @@ func init() {
bus.AddHandler("sql", UpdateTempUserStatus) bus.AddHandler("sql", UpdateTempUserStatus)
bus.AddHandler("sql", GetTempUserByCode) bus.AddHandler("sql", GetTempUserByCode)
bus.AddHandler("sql", UpdateTempUserWithEmailSent) bus.AddHandler("sql", UpdateTempUserWithEmailSent)
bus.AddHandler("sql", ExpireOldUserInvites)
} }
func UpdateTempUserStatus(cmd *models.UpdateTempUserStatusCommand) error { func UpdateTempUserStatus(cmd *models.UpdateTempUserStatusCommand) error {
...@@ -36,8 +37,8 @@ func CreateTempUser(cmd *models.CreateTempUserCommand) error { ...@@ -36,8 +37,8 @@ func CreateTempUser(cmd *models.CreateTempUserCommand) error {
RemoteAddr: cmd.RemoteAddr, RemoteAddr: cmd.RemoteAddr,
InvitedByUserId: cmd.InvitedByUserId, InvitedByUserId: cmd.InvitedByUserId,
EmailSentOn: time.Now(), EmailSentOn: time.Now(),
Created: time.Now(), Created: time.Now().Unix(),
Updated: time.Now(), Updated: time.Now().Unix(),
} }
if _, err := sess.Insert(user); err != nil { if _, err := sess.Insert(user); err != nil {
...@@ -132,3 +133,15 @@ func GetTempUserByCode(query *models.GetTempUserByCodeQuery) error { ...@@ -132,3 +133,15 @@ func GetTempUserByCode(query *models.GetTempUserByCodeQuery) error {
query.Result = &tempUser query.Result = &tempUser
return err return err
} }
func ExpireOldUserInvites(cmd *models.ExpireTempUsersCommand) error {
return inTransaction(func(sess *DBSession) error {
var rawSql = "UPDATE temp_user SET status = ?, updated = ? WHERE created <= ? AND status in (?, ?)"
if result, err := sess.Exec(rawSql, string(models.TmpUserExpired), time.Now().Unix(), cmd.OlderThan.Unix(), string(models.TmpUserSignUpStarted), string(models.TmpUserInvitePending)); err != nil {
return err
} else if cmd.NumExpired, err = result.RowsAffected(); err != nil {
return err
}
return nil
})
}
...@@ -53,8 +53,8 @@ func TestTempUserCommandsAndQueries(t *testing.T) { ...@@ -53,8 +53,8 @@ func TestTempUserCommandsAndQueries(t *testing.T) {
}) })
Convey("Should be able update email sent and email sent on", func() { Convey("Should be able update email sent and email sent on", func() {
cmd3 := models.UpdateTempUserWithEmailSentCommand{Code: cmd.Result.Code} cmd2 := models.UpdateTempUserWithEmailSentCommand{Code: cmd.Result.Code}
err := UpdateTempUserWithEmailSent(&cmd3) err := UpdateTempUserWithEmailSent(&cmd2)
So(err, ShouldBeNil) So(err, ShouldBeNil)
query := models.GetTempUsersQuery{OrgId: 2256, Status: models.TmpUserInvitePending} query := models.GetTempUsersQuery{OrgId: 2256, Status: models.TmpUserInvitePending}
...@@ -62,7 +62,21 @@ func TestTempUserCommandsAndQueries(t *testing.T) { ...@@ -62,7 +62,21 @@ func TestTempUserCommandsAndQueries(t *testing.T) {
So(err, ShouldBeNil) So(err, ShouldBeNil)
So(query.Result[0].EmailSent, ShouldBeTrue) So(query.Result[0].EmailSent, ShouldBeTrue)
So(query.Result[0].EmailSentOn, ShouldHappenOnOrAfter, (query.Result[0].Created)) So(query.Result[0].EmailSentOn.UTC(), ShouldHappenOnOrAfter, query.Result[0].Created.UTC())
})
Convey("Should be able expire temp user", func() {
cmd2 := models.ExpireTempUsersCommand{OlderThan: timeNow()}
err := ExpireOldUserInvites(&cmd2)
So(err, ShouldBeNil)
So(cmd2.NumExpired, ShouldEqual, 1)
Convey("Should do nothing when no temp users to expire", func() {
cmd2 = models.ExpireTempUsersCommand{OlderThan: timeNow()}
err := ExpireOldUserInvites(&cmd2)
So(err, ShouldBeNil)
So(cmd2.NumExpired, ShouldEqual, 0)
})
}) })
}) })
}) })
......
...@@ -5,6 +5,7 @@ package setting ...@@ -5,6 +5,7 @@ package setting
import ( import (
"bytes" "bytes"
"errors"
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
...@@ -311,6 +312,9 @@ type Cfg struct { ...@@ -311,6 +312,9 @@ type Cfg struct {
DateFormats DateFormats DateFormats DateFormats
// User
UserInviteMaxLifetime time.Duration
// Annotations // Annotations
AlertingAnnotationCleanupSetting AnnotationCleanupSettings AlertingAnnotationCleanupSetting AnnotationCleanupSettings
DashboardAnnotationCleanupSettings AnnotationCleanupSettings DashboardAnnotationCleanupSettings AnnotationCleanupSettings
...@@ -1078,6 +1082,17 @@ func readUserSettings(iniFile *ini.File, cfg *Cfg) error { ...@@ -1078,6 +1082,17 @@ func readUserSettings(iniFile *ini.File, cfg *Cfg) error {
ViewersCanEdit = users.Key("viewers_can_edit").MustBool(false) ViewersCanEdit = users.Key("viewers_can_edit").MustBool(false)
cfg.EditorsCanAdmin = users.Key("editors_can_admin").MustBool(false) cfg.EditorsCanAdmin = users.Key("editors_can_admin").MustBool(false)
userInviteMaxLifetimeVal := valueAsString(users, "user_invite_max_lifetime_duration", "24h")
userInviteMaxLifetimeDuration, err := gtime.ParseInterval(userInviteMaxLifetimeVal)
if err != nil {
return err
}
cfg.UserInviteMaxLifetime = userInviteMaxLifetimeDuration
if cfg.UserInviteMaxLifetime < time.Minute*15 {
return errors.New("the minimum supported value for the `user_invite_max_lifetime_duration` configuration is 15m (15 minutes)")
}
return nil return nil
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment