mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 08:42:41 +01:00
Add a garbage collector for MFA challenges
Summary: Depends on D19886. Ref T13222. Clean up MFA challenges after they expire. (There's maybe some argument to keeping these around for a little while for debugging/forensics, but I suspect it would never actually be valuable and figure we can cross that bridge if we come to it.) Test Plan: - Ran `bin/garbage collect --collector ...` and saw old MFA challenges collected. - Triggered a new challenge, GC'd again, saw it survive GC while still active. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19888
This commit is contained in:
parent
b8cbfda07c
commit
5e94343c7d
3 changed files with 33 additions and 0 deletions
|
@ -2188,6 +2188,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php',
|
'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php',
|
||||||
'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php',
|
'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php',
|
||||||
'PhabricatorAuthChallenge' => 'applications/auth/storage/PhabricatorAuthChallenge.php',
|
'PhabricatorAuthChallenge' => 'applications/auth/storage/PhabricatorAuthChallenge.php',
|
||||||
|
'PhabricatorAuthChallengeGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php',
|
||||||
'PhabricatorAuthChallengePHIDType' => 'applications/auth/phid/PhabricatorAuthChallengePHIDType.php',
|
'PhabricatorAuthChallengePHIDType' => 'applications/auth/phid/PhabricatorAuthChallengePHIDType.php',
|
||||||
'PhabricatorAuthChallengeQuery' => 'applications/auth/query/PhabricatorAuthChallengeQuery.php',
|
'PhabricatorAuthChallengeQuery' => 'applications/auth/query/PhabricatorAuthChallengeQuery.php',
|
||||||
'PhabricatorAuthChangePasswordAction' => 'applications/auth/action/PhabricatorAuthChangePasswordAction.php',
|
'PhabricatorAuthChangePasswordAction' => 'applications/auth/action/PhabricatorAuthChangePasswordAction.php',
|
||||||
|
@ -7830,6 +7831,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthDAO',
|
'PhabricatorAuthDAO',
|
||||||
'PhabricatorPolicyInterface',
|
'PhabricatorPolicyInterface',
|
||||||
),
|
),
|
||||||
|
'PhabricatorAuthChallengeGarbageCollector' => 'PhabricatorGarbageCollector',
|
||||||
'PhabricatorAuthChallengePHIDType' => 'PhabricatorPHIDType',
|
'PhabricatorAuthChallengePHIDType' => 'PhabricatorPHIDType',
|
||||||
'PhabricatorAuthChallengeQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
'PhabricatorAuthChallengeQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
||||||
'PhabricatorAuthChangePasswordAction' => 'PhabricatorSystemAction',
|
'PhabricatorAuthChangePasswordAction' => 'PhabricatorSystemAction',
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthChallengeGarbageCollector
|
||||||
|
extends PhabricatorGarbageCollector {
|
||||||
|
|
||||||
|
const COLLECTORCONST = 'auth.challenges';
|
||||||
|
|
||||||
|
public function getCollectorName() {
|
||||||
|
return pht('Authentication Challenges');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasAutomaticPolicy() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function collectGarbage() {
|
||||||
|
$challenge_table = new PhabricatorAuthChallenge();
|
||||||
|
$conn = $challenge_table->establishConnection('w');
|
||||||
|
|
||||||
|
queryfx(
|
||||||
|
$conn,
|
||||||
|
'DELETE FROM %R WHERE challengeTTL < UNIX_TIMESTAMP() LIMIT 100',
|
||||||
|
$challenge_table);
|
||||||
|
|
||||||
|
return ($conn->getAffectedRows() == 100);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -25,6 +25,9 @@ final class PhabricatorAuthChallenge
|
||||||
'key_issued' => array(
|
'key_issued' => array(
|
||||||
'columns' => array('userPHID', 'challengeTTL'),
|
'columns' => array('userPHID', 'challengeTTL'),
|
||||||
),
|
),
|
||||||
|
'key_collection' => array(
|
||||||
|
'columns' => array('challengeTTL'),
|
||||||
|
),
|
||||||
),
|
),
|
||||||
) + parent::getConfiguration();
|
) + parent::getConfiguration();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue