Re: [PR] KNOX-2961 - Knox SSO cookie Invalidation - Phase I [knox]

Mon, 02 Oct 2023 23:28:24 -0700 


smolnar82 commented on code in PR #797:
URL: https://github.com/apache/knox/pull/797#discussion_r1343562115


##########
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/JDBCTokenStateService.java:
##########
@@ -224,6 +224,19 @@ protected void evictExpiredTokens() {
     } catch (SQLException e) {
       log.errorRemovingTokensFromDatabase(e.getMessage(), e);
     }
+
+    //removing disabled KnoxSSO cookies since they are no longer needed
+    try {
+      final Set<String> disabledKnoxSsoCookies = 
tokenDatabase.getDisabledKnoxSsoCookies();
+      if (!disabledKnoxSsoCookies.isEmpty()) {
+        
log.removingDisabledKnoxSsoCookiesFromDatabase(disabledKnoxSsoCookies.size(),
+            String.join(", ", disabledKnoxSsoCookies.stream().map(tokenId -> 
Tokens.getTokenIDDisplayText(tokenId)).collect(Collectors.toSet())));
+        final int numOfRemovedDisabledKnoxSsoCookies = 
tokenDatabase.deleteDisabledKnoxSsoCookies();

Review Comment:
   I removed that method anyway.



##########
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/TokenStateDatabase.java:
##########
@@ -58,6 +58,9 @@ public class TokenStateDatabase {
   private static final String GET_TOKENS_CREATED_BY_USER_NAME_SQL = "SELECT 
kt.token_id, kt.issue_time, kt.expiration, kt.max_lifetime, ktm.md_name, 
ktm.md_value FROM " + TOKENS_TABLE_NAME
       + " kt, " + TOKEN_METADATA_TABLE_NAME + " ktm WHERE kt.token_id = 
ktm.token_id AND kt.token_id IN (SELECT token_id FROM " + 
TOKEN_METADATA_TABLE_NAME + " WHERE md_name = '" + TokenMetadata.CREATED_BY + 
"' AND md_value = ? )"
       + " ORDER BY kt.issue_time";
+  private static final String GET_DISABLED_SSO_COOKIE_TOKEN_IDS = "SELECT 
token_id FROM " + TOKEN_METADATA_TABLE_NAME + " meta1 WHERE meta1.md_name = 
'knoxSSOCookie' AND meta1.md_value = 'true' "
+      + "AND EXISTS (SELECT token_id FROM " + TOKEN_METADATA_TABLE_NAME + " 
meta2 WHERE meta1.token_id = meta2.token_id AND meta2.md_name = 'enabled' AND 
meta2.md_value = 'false')";
+  private static final String REMOVE_DISBLED_SSO_COOKIES_SQL = "DELETE FROM " 
+ TOKENS_TABLE_NAME + " WHERE token_id IN (" + 
GET_DISABLED_SSO_COOKIE_TOKEN_IDS + ")";

Review Comment:
   Removed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to