Fixes #681

oharsta · oharsta · commit 3775d2f0cd81 · 2026-03-25T09:47:05.000+01:00
diff --git a/server/src/main/java/invite/cron/ResourceCleaner.java b/server/src/main/java/invite/cron/ResourceCleaner.java
@@ -3,11 +3,12 @@
 
 import invite.audit.UserRoleAuditService;
 import invite.model.Role;
+import invite.model.Status;
 import invite.model.User;
 import invite.model.UserRole;
 import invite.model.UserRoleAudit;
 import invite.provision.ProvisioningService;
-import invite.provision.scim.OperationType;
+import invite.repository.InvitationRepository;
 import invite.repository.UserRepository;
 import invite.repository.UserRoleAuditRepository;
 import invite.repository.UserRoleRepository;
@@ -20,7 +21,6 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.sql.DataSource;
-import java.io.Serializable;
 import java.time.Instant;
 import java.time.Period;
 import java.util.List;
@@ -39,6 +39,8 @@ public class ResourceCleaner extends AbstractNodeLeader {
     private final UserRoleAuditService userRoleAuditService;
     private final int lastActivityDurationDays;
     private final int purgeAuditLogDays;
+    private final int purgeExpiredInvitationDays;
+    private final InvitationRepository invitationRepository;
 
 
     @Autowired
@@ -48,16 +50,21 @@ public ResourceCleaner(UserRepository userRepository,
                            DataSource dataSource,
                            UserRoleAuditRepository userRoleAuditRepository,
                            UserRoleAuditService userRoleAuditService,
+                           InvitationRepository invitationRepository,
                            @Value("${cron.last-activity-duration-days}") int lastActivityDurationDays,
-                           @Value("${cron.purge-audit-log-days}") int purgeAuditLogDays) {
+                           @Value("${cron.purge-audit-log-days}") int purgeAuditLogDays,
+                           @Value("${cron.purge-expired-invitations-days}") int purgeExpiredInvitationDays) {
         super(LOCK_NAME, dataSource);
         this.userRepository = userRepository;
         this.userRoleRepository = userRoleRepository;
         this.userRoleAuditRepository = userRoleAuditRepository;
         this.userRoleAuditService = userRoleAuditService;
         this.lastActivityDurationDays = lastActivityDurationDays;
         this.provisioningService = provisioningService;
-        this.purgeAuditLogDays = purgeAuditLogDays;    }
+        this.purgeAuditLogDays = purgeAuditLogDays;
+        this.purgeExpiredInvitationDays = purgeExpiredInvitationDays;
+        this.invitationRepository = invitationRepository;
+    }
 
     @Scheduled(cron = "${cron.user-cleaner-expression}")
     @Transactional
@@ -73,7 +80,8 @@ public Map<String, Object> doClean() {
                 "DeletedNonActiveUsers", users,
                 "DeletedOrphanUsers", orphans,
                 "DeletedExpiredUserRoles", userRoles,
-                "DeletedUserRoleAudits", cleanUserRoleAudit()
+                "DeletedUserRoleAudits", cleanUserRoleAudit(),
+                "DeletedExpiredInvitations", cleanExpiredInvitation()
         );
     }
 
@@ -132,4 +140,11 @@ private int cleanUserRoleAudit() {
         return userRoleAuditRepository.deleteByCreatedAtBefore(past);
     }
 
+    private int cleanExpiredInvitation() {
+        if (purgeExpiredInvitationDays == 0L) {
+            return 0;
+        }
+        Instant past = Instant.now().minus(Period.ofDays(purgeExpiredInvitationDays));
+        return invitationRepository.deleteByExpiryDateBefore(past);
+    }
 }
diff --git a/server/src/main/java/invite/repository/InvitationRepository.java b/server/src/main/java/invite/repository/InvitationRepository.java
@@ -15,6 +15,7 @@
 import org.springframework.data.jpa.repository.QueryRewriter;
 import org.springframework.stereotype.Repository;
 
+import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -133,7 +134,7 @@ OR MATCH (u.given_name, u.family_name, u.email, u.schac_home_organization) again
             INNER JOIN roles r ON r.id = ir.role_id
             WHERE i.status = ?1 AND r.id = ?2 AND
             (UPPER(i.email) LIKE ?3 or UPPER(u.schac_home_organization) LIKE ?3
-                     or UPPER(u.email) LIKE ?3)                              
+                     or UPPER(u.email) LIKE ?3)
             """,
             countQuery = """
                     SELECT count(*) FROM invitations i
@@ -142,7 +143,7 @@ SELECT count(*) FROM invitations i
                     LEFT JOIN users u ON u.id = i.inviter_id
                     WHERE status = ?1 and role_id = ?2 AND
                     (UPPER(i.email) LIKE ?3 or UPPER(u.schac_home_organization) LIKE ?3
-                     or UPPER(u.email) LIKE ?3)                              
+                     or UPPER(u.email) LIKE ?3)
                     """,
             queryRewriter = InvitationRepository.class,
             nativeQuery = true)
@@ -157,6 +158,8 @@ or UPPER(u.email) LIKE ?3)
             """, nativeQuery = true)
     List<Map<String, Object>> findRoles(List<Long> invitationIdentifiers);
 
+    int deleteByExpiryDateBefore(Instant cutoff);
+
     @Override
     default String rewrite(String query, Sort sort) {
         Sort.Order nameSort = sort.getOrderFor("name");
diff --git a/server/src/main/resources/application.yml b/server/src/main/resources/application.yml
@@ -88,6 +88,8 @@ cron:
   metadata-resolver-url: "classpath:/metadata/idps-metadata.xml"
   # A value of 0 means no logs will be deleted
   purge-audit-log-days: 365
+  # A value of 0 means no invitations will be deleted
+  purge-expired-invitations-days: 365
 
 myconext:
   uri: "https://login.test2.eduid.nl/myconext/api/invite/provision-eduid"
diff --git a/server/src/test/java/invite/cron/ResourceCleanerTest.java b/server/src/test/java/invite/cron/ResourceCleanerTest.java
@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import invite.AbstractTest;
+import invite.model.Invitation;
 import invite.model.User;
 import invite.model.UserRoleAudit;
 import lombok.SneakyThrows;
@@ -88,6 +89,19 @@ void cleanUserRoleAudits() {
         assertEquals(0, userRoleAuditRepository.count());
     }
 
+    @Test
+    void cleanExpiredInvitations() {
+        long count = invitationRepository.count();
+        Instant past = Instant.now().minus(400, ChronoUnit.DAYS);
+        Invitation invitation = invitationRepository.findByHash(GRAPH_INVITATION_HASH).get();
+            invitation.setExpiryDate(past);
+            invitationRepository.save(invitation);
+
+        resourceCleaner.clean();
+
+        assertEquals(count - 1, invitationRepository.count());
+    }
+
     @SneakyThrows
     @Test
     void lockAlreadyAcquired() {
diff --git a/server/src/test/java/invite/cron/ResourceCleanerUnitTest.java b/server/src/test/java/invite/cron/ResourceCleanerUnitTest.java
@@ -7,6 +7,7 @@
 import invite.model.UserRole;
 import invite.provision.ProvisioningService;
 import invite.provision.scim.OperationType;
+import invite.repository.InvitationRepository;
 import invite.repository.UserRepository;
 import invite.repository.UserRoleAuditRepository;
 import invite.repository.UserRoleRepository;
@@ -29,6 +30,7 @@ class ResourceCleanerUnitTest {
 
     private final UserRepository userRepository = mock(UserRepository.class);
     private final UserRoleRepository userRoleRepository = mock(UserRoleRepository.class);
+    private final InvitationRepository invitationRepository = mock(InvitationRepository.class);
     private final UserRoleAuditRepository userRoleAuditRepository = mock(UserRoleAuditRepository.class);
     private final ProvisioningService provisioningService = mock(ProvisioningService.class);
     private final UserRoleAuditService userRoleAuditService = new UserRoleAuditService(userRoleAuditRepository);
@@ -41,12 +43,15 @@ class ResourceCleanerUnitTest {
             dataSource,
             userRoleAuditRepository,
             userRoleAuditService,
+            invitationRepository,
+            5,
             5,
             5);
 
 
     @SneakyThrows
     @Test
+    @SuppressWarnings("raw")
     void cleanUsers() {
         List<User> users = List.of(new User(), new User());
         when(userRepository.findByLastActivityBefore(any(Instant.class)))
@@ -56,6 +61,7 @@ void cleanUsers() {
         when(userRoleRepository.findByEndDateBeforeAndExpiryNotifications(any(Instant.class), eq(1)))
                 .thenReturn(List.of(new UserRole("Inviter", new User(), new Role(), Authority.INVITER)));
         when(userRoleAuditRepository.deleteByCreatedAtBefore(any(Instant.class))).thenReturn(5);
+        when(invitationRepository.deleteByExpiryDateBefore(any(Instant.class))).thenReturn(3);
         doNothing().when(provisioningService).deleteUserRequest(any(User.class));
         doNothing().when(provisioningService).updateGroupRequest(any(UserRole.class), any(OperationType.class));
 
@@ -80,10 +86,11 @@ void cleanUsers() {
                 .updateGroupRequest(any(UserRole.class), eq(OperationType.remove));
 
         Map<String, Object> results = subject.doClean();
-        assertEquals(2, ((List) results.get("DeletedNonActiveUsers")).size());
-        assertEquals(2, ((List) results.get("DeletedOrphanUsers")).size());
-        assertEquals(1, ((List) results.get("DeletedExpiredUserRoles")).size());
+        assertEquals(2, ((List<?>) results.get("DeletedNonActiveUsers")).size());
+        assertEquals(2, ((List<?>) results.get("DeletedOrphanUsers")).size());
+        assertEquals(1, ((List<?>) results.get("DeletedExpiredUserRoles")).size());
         assertEquals(5, (int) results.get("DeletedUserRoleAudits"));
+        assertEquals(3, (int) results.get("DeletedExpiredInvitations"));
     }
 
 }
