mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-26 23:40:57 +01:00
Add a garbage collector for MFA challenges
Summary: Depends on D19886. Ref T13222. Clean up MFA challenges after they expire. (There's maybe some argument to keeping these around for a little while for debugging/forensics, but I suspect it would never actually be valuable and figure we can cross that bridge if we come to it.) Test Plan: - Ran `bin/garbage collect --collector ...` and saw old MFA challenges collected. - Triggered a new challenge, GC'd again, saw it survive GC while still active. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19888
This commit is contained in:
parent
b8cbfda07c
commit
5e94343c7d
3 changed files with 33 additions and 0 deletions
|
@ -2188,6 +2188,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php',
|
||||
'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php',
|
||||
'PhabricatorAuthChallenge' => 'applications/auth/storage/PhabricatorAuthChallenge.php',
|
||||
'PhabricatorAuthChallengeGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php',
|
||||
'PhabricatorAuthChallengePHIDType' => 'applications/auth/phid/PhabricatorAuthChallengePHIDType.php',
|
||||
'PhabricatorAuthChallengeQuery' => 'applications/auth/query/PhabricatorAuthChallengeQuery.php',
|
||||
'PhabricatorAuthChangePasswordAction' => 'applications/auth/action/PhabricatorAuthChangePasswordAction.php',
|
||||
|
@ -7830,6 +7831,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorAuthDAO',
|
||||
'PhabricatorPolicyInterface',
|
||||
),
|
||||
'PhabricatorAuthChallengeGarbageCollector' => 'PhabricatorGarbageCollector',
|
||||
'PhabricatorAuthChallengePHIDType' => 'PhabricatorPHIDType',
|
||||
'PhabricatorAuthChallengeQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
||||
'PhabricatorAuthChangePasswordAction' => 'PhabricatorSystemAction',
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorAuthChallengeGarbageCollector
|
||||
extends PhabricatorGarbageCollector {
|
||||
|
||||
const COLLECTORCONST = 'auth.challenges';
|
||||
|
||||
public function getCollectorName() {
|
||||
return pht('Authentication Challenges');
|
||||
}
|
||||
|
||||
public function hasAutomaticPolicy() {
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function collectGarbage() {
|
||||
$challenge_table = new PhabricatorAuthChallenge();
|
||||
$conn = $challenge_table->establishConnection('w');
|
||||
|
||||
queryfx(
|
||||
$conn,
|
||||
'DELETE FROM %R WHERE challengeTTL < UNIX_TIMESTAMP() LIMIT 100',
|
||||
$challenge_table);
|
||||
|
||||
return ($conn->getAffectedRows() == 100);
|
||||
}
|
||||
|
||||
}
|
|
@ -25,6 +25,9 @@ final class PhabricatorAuthChallenge
|
|||
'key_issued' => array(
|
||||
'columns' => array('userPHID', 'challengeTTL'),
|
||||
),
|
||||
'key_collection' => array(
|
||||
'columns' => array('challengeTTL'),
|
||||
),
|
||||
),
|
||||
) + parent::getConfiguration();
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue