Open nmohoric opened 8 years ago
Hi @nmohoric
I already thought this topic so I'm interested. Have a few ideas about a possible implementation:
cleartokens
that remove expired codes/tokens from database.I think deleting from database will be better.
Greetings.
I definitely think that a django command is needed for this, exactly as is already the case for (sessions) "clearsessions". Actually, it seemed so obvious that I assumed such a command already existed. It's not difficult is it ? Would you merge it i implement it in management/commands/cleartokens.py ?
yes...? No .... ?
# Django
from django.core.management.base import BaseCommand
from django.utils import timezone
# Project
from oidc_provider.models import Token, Code
class Command(BaseCommand):
help = 'Remove expired entries for Token and Code'
def handle(self, *args, **options):
now = timezone.now()
old_tokens = Token.objects.filter(expires_at__lt=now)
old_codes = Code.objects.filter(expires_at__lt=now)
self.stdout.write(u'Removing %d old tokens and %d old codes.' % (
old_tokens.count(),
old_codes.count(),
))
# do it
old_tokens.delete()
old_codes.delete()
self.stdout.write(u'It remains %d tokens and %d codes.' % (
Token.objects.count(),
Code.objects.count(),
))
@orzel Hi! yes sorry. This feature is cool. But there is a problem. I want to create stats about token usage in the future. So this will remove those tokens, that are important info.
Example useful stat: Client A had 12k logins with different users in January 2017.
A client has requested that tokens/codes should no longer be usable if the same client has a newer one for that user, to allow for less possible attack vectors.
Before I begin implementing a solution I thought I would check here to see if: a) this would be something you would be interested in merging in and, if so, b) you had any preferences on implementation
I imagine the two possible solutions would be to set the old code/token to have expired long ago, or just delete it outright from the database.
Any feedback/suggestions/questions would be appreciated.