Skip to content

Commit

Permalink
Create reaper monitor for deleting inactive admins
Browse files Browse the repository at this point in the history
New column `last_signed_in` added to `admincredentials` table,
updated each time an admin signs in.

Configured to delete users with over 180 days since last login.
  • Loading branch information
attemoi committed Apr 5, 2024
1 parent abd3fef commit 5843ff6
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
"""Add last_signed_in column to admincredentials
Revision ID: be8ed331efcc
Revises: 4915a361b082
Create Date: 2024-04-04 11:34:33.755399+00:00
"""
import sqlalchemy as sa

from alembic import op

# revision identifiers, used by Alembic.
revision = "be8ed331efcc"
down_revision = "4915a361b082"
branch_labels = None
depends_on = None


def upgrade() -> None:
op.add_column(
"admincredentials",
sa.Column(
"last_signed_in",
sa.DateTime(),
server_default=sa.text("now()"),
nullable=False,
),
)


def downgrade() -> None:
op.drop_column("admincredentials", "last_signed_in")
2 changes: 2 additions & 0 deletions api/admin/controller/sign_in.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from __future__ import annotations

import logging
from datetime import datetime, timezone
from urllib.parse import urlsplit

import flask
Expand Down Expand Up @@ -101,6 +102,7 @@ def ekirjasto_auth_finish(self):
try:
credentials = get_one(self._db, AdminCredential, external_id=user_info.sub)
if credentials:
credentials.last_signed_in = datetime.now(timezone.utc)
admin = credentials.admin
else:
admin = self._create_admin_with_external_credentials(user_info)
Expand Down
2 changes: 2 additions & 0 deletions core/model/admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from itsdangerous import BadSignature, SignatureExpired, URLSafeTimedSerializer
from sqlalchemy import (
Column,
DateTime,
ForeignKey,
Index,
Integer,
Expand Down Expand Up @@ -346,6 +347,7 @@ class AdminCredential(Base):

id = Column(Integer, primary_key=True)
external_id = Column(Unicode, nullable=False)
last_signed_in = Column(DateTime, nullable=False, server_default=func.now())

admin_id = Column(
Integer, ForeignKey("admins.id", ondelete="CASCADE"), index=True, nullable=False
Expand Down
18 changes: 18 additions & 0 deletions core/monitor.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
get_one,
get_one_or_create,
)
from core.model.admin import Admin, AdminCredential
from core.model.configuration import ConfigurationSetting
from core.service.container import container_instance
from core.util.datetime_helpers import utc_now
Expand Down Expand Up @@ -1072,3 +1073,20 @@ class PatronNeighborhoodScrubber(ScrubberMonitor):


ReaperMonitor.REGISTRY.append(PatronNeighborhoodScrubber)


class EkirjastoInactiveAdminReaperMonitor(ReaperMonitor):
"""Reaper for cleaning up inactive externally authenticated admins"""

MODEL_CLASS = AdminCredential
TIMESTAMP_FIELD = "last_signed_in"
MAX_AGE = datetime.timedelta(days=180)

def delete(self, row: AdminCredential):
self._db.delete(row.admin)

def query(self):
return self._db.query(AdminCredential).join(Admin).filter(self.where_clause)


ReaperMonitor.REGISTRY.append(EkirjastoInactiveAdminReaperMonitor)

0 comments on commit 5843ff6

Please sign in to comment.