Bind web UI access tokens to sessions (#3940)
* Add overview of active sessions * Better display of browser/platform name * Improve how browser information is stored and displayed for sessions overview * Fix test * Fix #2347 - Bind web UI access token to session When you logout, session also destroys the access token, so it's no longer valid. If access token is destroyed some other way, the session is also destroyed, requiring a re-login. Fix #1681 - Add scheduler to remove revoked access tokens and grants * Fix testth-downstream
parent
b686b4350c
commit
ad531f90b1
@ -0,0 +1,11 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
require 'sidekiq-scheduler'
|
||||||
|
|
||||||
|
class Scheduler::DoorkeeperCleanupScheduler
|
||||||
|
include Sidekiq::Worker
|
||||||
|
|
||||||
|
def perform
|
||||||
|
Doorkeeper::AccessToken.where('revoked_at IS NOT NULL').where('revoked_at < NOW()').delete_all
|
||||||
|
Doorkeeper::AccessGrant.where('revoked_at IS NOT NULL').where('revoked_at < NOW()').delete_all
|
||||||
|
end
|
||||||
|
end
|
@ -0,0 +1,6 @@
|
|||||||
|
class AddAccessTokenIdToSessionActivations < ActiveRecord::Migration[5.1]
|
||||||
|
def change
|
||||||
|
add_column :session_activations, :access_token_id, :integer
|
||||||
|
add_foreign_key :session_activations, :oauth_access_tokens, column: :access_token_id, on_delete: :cascade
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in new issue