[idp] overload django cleanup management command to clean all cleanable models

2011-03-03 11:48:44 +01:00 · 2011-03-03 11:48:44 +01:00 · b8c006b9e1
parent 0b8bc506bc
commit b8c006b9e1
7 changed files with 90 additions and 1 deletions
--- a/authentic2/auth2_auth/models.py
+++ b/authentic2/auth2_auth/models.py
@ -1,5 +1,14 @@
+from datetime import date, timedelta
+
 from django.db import models
 from django.utils.translation import ugettext as _
+from django.conf import settings
+
+class AuthenticationEventManager(models.Manager):
+    def cleanup(self):
+        expire = getattr(settings, 'AUTHENTICATION_EVENT_EXPIRATION',
+                3600*24*7)
+        self.filter(when__lt=date.today()-timedelta(seconds=expire)).delete()

 class AuthenticationEvent(models.Model):
    '''Record authentication events whatever the source'''
@ -8,5 +17,8 @@ class AuthenticationEvent(models.Model):
    how = models.CharField(max_length = 10)
    nonce = models.CharField(max_length = 255)

+    objects = AuthenticationEventManager()
+
    def __unicode__(self):
-        return _('Authentication of %(who)s by %(how)s at %(when)s') % self.__dict__
+        return _('Authentication of %(who)s by %(how)s at %(when)s') % \
+            self.__dict__
--- a/authentic2/idp/idp_cas/models.py
+++ b/authentic2/idp/idp_cas/models.py
@ -9,6 +9,11 @@ class CasTicketManager(models.Manager):
        '''
        self.filter(expire__gte=datetime.now()).delete()

+    def cleanup(self):
+        # Keep them 4 minutes
+        expire = getattr(settings, 'CAS_TICKET_EXPIRATION', 240)
+        self.filter(when__lt=date.today()-timedelta(seconds=expire).delete()
+
 class CasTicket(models.Model):
    '''Session ticket with a CAS 1.0 or 2.0 consumer'''

--- a/authentic2/idp/idp_openid/models.py
+++ b/authentic2/idp/idp_openid/models.py
@ -84,11 +84,19 @@ class Association(models.Model):
                lifetime=association.lifetime,
                assoc_type=association.assoc_type).save()

+class NonceManager(models.Manager):
+    def cleanup(self):
+        expire = openid.store.nonce.SKEW
+        now = calendar.timegm(datetime.datetime.now().utctimetuple())
+        self.filter(timestamp__lt=now-expire).delete()
+
 class Nonce(models.Model):
    salt = models.CharField(max_length=40)
    server_url = models.CharField(max_length=2047)
    timestamp = models.IntegerField()

+    objects = NonceManager()
+
    class Meta:
        unique_together = ('server_url', 'salt')

--- a/authentic2/idp/management/init.py
+++ b/authentic2/idp/management/init.py
--- a/authentic2/idp/management/commands/init.py
+++ b/authentic2/idp/management/commands/init.py
--- a/authentic2/idp/management/commands/cleanup.py
+++ b/authentic2/idp/management/commands/cleanup.py
@ -0,0 +1,26 @@
+import datetime
+import sys
+
+from django.core.management.base import NoArgsCommand
+from django.db import models
+import django.core.management.commands.cleanup as cleanup
+
+class Command(NoArgsCommand):
+    help = """Can be run as a cronjob or directly to clean out old data from the \
+database. It calls the cleanup() method of manager classes."""
+
+    def cleanup(self):
+        all_models = [ ]
+        for app in models.get_apps():
+            all_models += [ m for m in models.get_models(app) ]
+        for model in all_models:
+            manager = getattr(model, 'objects', None)
+            if manager is None:
+                continue
+            cleanup = getattr(manager, 'cleanup', None)
+            if callable(cleanup):
+                manager.cleanup()
+
+    def handle_noargs(self, **options):
+        self.cleanup()
+        cleanup.Command().execute(**options)
--- a/authentic2/saml/models.py
+++ b/authentic2/saml/models.py
@ -4,6 +4,7 @@ import xml.etree.ElementTree as etree
 import hashlib
 import binascii
 import base64
+from datetime import datetime, timedelta

 import lasso
 from django.db import models
@ -13,6 +14,7 @@ from django.core.exceptions import ValidationError
 from django.core.files.storage import FileSystemStorage
 from django.utils.translation import ugettext as _
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
+from django.utils.importlib import import_module

 from fields import *

@ -353,6 +355,20 @@ class LibertyIdentityDump(models.Model):
    user = models.ForeignKey(User, unique = True)
    identity_dump = models.TextField(blank = True)

+class SessionLinkedManager(models.Manager):
+    def cleanup(self):
+        engine = import_module(settings.SESSION_ENGINE)
+        store = engine.SessionStore()
+        for o in self.all():
+            key = o.django_session_key
+            if not store.exists(key):
+                o.delete()
+            else:
+                session = engine.SessionStore(session_key=key)
+                if session.get_expiry_date() >= datetime.now():
+                    store.delete(key)
+                    o.delete()
+
 class LibertySessionDump(models.Model):
    '''Store lasso session object dump.

@ -361,6 +377,8 @@ class LibertySessionDump(models.Model):
    django_session_key = models.CharField(max_length = 40)
    session_dump = models.TextField(blank = True)

+    objects = SessionLinkedManager()
+
 class LibertyManageDump(models.Model):
    '''Store lasso manage dump

@ -369,6 +387,15 @@ class LibertyManageDump(models.Model):
    django_session_key = models.CharField(max_length = 40)
    manage_dump = models.TextField(blank = True)

+    objects = SessionLinkedManager()
+
+class LibertyArtifactManager(models.Manager):
+    def cleanup(self):
+        # keep artifacts 10 minutes
+        expire = getattr(settings, 'SAML2_ARTIFACT_EXPIRATION', 600)
+        before = datetime.now()-timedelta(seconds=expire)
+        self.filter(creation__lt=before).delete()
+
 class LibertyArtifact(models.Model):
    """Store an artifact and the associated XML content"""
    creation = models.DateTimeField(auto_now_add=True)
@ -377,12 +404,21 @@ class LibertyArtifact(models.Model):
    django_session_key = models.CharField(max_length = 40)
    provider_id = models.CharField(max_length = 80)

+    objects = LibertyArtifactManager()
+
 def nameid2kwargs(name_id):
    return { 'name_id_qualifier': name_id.nameQualifier,
        'name_id_sp_name_qualifier': name_id.spNameQualifier,
        'name_id_content': name_id.content,
        'name_id_format': name_id.format }

+class LibertyAssertionManager(models.Manager):
+    def cleanup(self):
+        # keep assertions 1 week
+        expire = getattr(settings, 'SAML2_ASSERTION_EXPIRATION', 3600*24*7)
+        before = datetime.now()-timedelta(seconds=expire)
+        self.filter(creation__lt=before).delete()
+
 class LibertyAssertion(models.Model):
    assertion_id = models.CharField(max_length = 50)
    provider_id = models.CharField(max_length = 80)
@ -448,6 +484,8 @@ class LibertySession(models.Model):
            verbose_name = _("SPNameQualifier"), null = True)
    creation = models.DateTimeField(auto_now_add=True)

+    objects = SessionLinkedManager()
+
    def __init__(self, *args, **kwargs):
        saml2_assertion = kwargs.pop('saml2_assertion', None)
        if saml2_assertion: