core: add additional cleanup for authenticated sessions

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 23:25:40 +02:00
parent 9703e32c1b
commit 8044818a4d
3 changed files with 22 additions and 1 deletions
--- a/authentik/core/migrations/0026_alter_application_meta_icon.py
+++ b/authentik/core/migrations/0026_alter_application_meta_icon.py
@ -17,4 +17,8 @@ class Migration(migrations.Migration):
                default=None, max_length=500, null=True, upload_to="application-icons/"
            ),
        ),
+        migrations.AlterModelOptions(
+            name='authenticatedsession',
+            options={'verbose_name': 'Authenticated Session', 'verbose_name_plural': 'Authenticated Sessions'},
+        ),
    ]
--- a/authentik/core/models.py
+++ b/authentik/core/models.py
@ -519,3 +519,8 @@ class AuthenticatedSession(ExpiringModel):
            last_user_agent=request.META.get("HTTP_USER_AGENT", ""),
            expires=request.session.get_expiry_date(),
        )
+
+    class Meta:
+
+        verbose_name = _("Authenticated Session")
+        verbose_name_plural = _("Authenticated Sessions")
--- a/authentik/core/tasks.py
+++ b/authentik/core/tasks.py
@ -7,12 +7,14 @@ from boto3.exceptions import Boto3Error
 from botocore.exceptions import BotoCoreError, ClientError
 from dbbackup.db.exceptions import CommandConnectorError
 from django.contrib.humanize.templatetags.humanize import naturaltime
+from django.contrib.sessions.backends.cache import KEY_PREFIX
 from django.core import management
+from django.core.cache import cache
 from django.utils.timezone import now
 from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
 from structlog.stdlib import get_logger

-from authentik.core.models import ExpiringModel
+from authentik.core.models import AuthenticatedSession, ExpiringModel
 from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus
 from authentik.lib.config import CONFIG
 from authentik.root.celery import CELERY_APP
@ -34,6 +36,16 @@ def clean_expired_models(self: MonitoredTask):
        amount = objects.count()
        LOGGER.debug("Expired models", model=cls, amount=amount)
        messages.append(f"Expired {amount} {cls._meta.verbose_name_plural}")
+    # Special case
+    amount = 0
+    for session in AuthenticatedSession.objects.all():
+        cache_key = f"{KEY_PREFIX}{session.session_key}"
+        value = cache.get(cache_key)
+        if not value:
+            session.delete()
+            amount += 1
+    LOGGER.debug("Expired sessions", model=AuthenticatedSession, amount=amount)
+    messages.append(f"Expired {amount} {AuthenticatedSession._meta.verbose_name_plural}")
    self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL, messages))