Merge pull request #959 from gotify/expiry

Delete inactive clients/sessions

Author: jmattheis

api/application_test.go

@@ -78,6 +78,7 @@ func (s *ApplicationSuite) Test_CreateApplication_mapAllParameters() {
 		Name:        "custom_name",
 		Description: "description_text",
 		SortKey:     "a5",
+		CreatedAt:   testdb.Now,
 	}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	if app, err := s.db.GetApplicationByID(1); assert.NoError(s.T(), err) {
@@ -96,8 +97,9 @@ func (s *ApplicationSuite) Test_ensureApplicationHasCorrectJsonRepresentation()
 		Internal:    true,
 		LastUsed:    nil,
 		SortKey:     "a1",
+		CreatedAt:   testdb.Now,
 	}
-	test.JSONEquals(s.T(), actual, `{"id":1,"token":"Aasdasfgeeg","name":"myapp","description":"mydesc", "image": "asd", "internal":true, "defaultPriority":0, "lastUsed":null, "sortKey":"a1"}`)
+	test.JSONEquals(s.T(), actual, `{"id":1,"token":"Aasdasfgeeg","name":"myapp","description":"mydesc", "image": "asd", "internal":true, "defaultPriority":0, "createdAt":"2020-01-01T00:00:00Z", "lastUsed":null, "sortKey":"a1"}`)
 }
 
 func (s *ApplicationSuite) Test_CreateApplication_expectBadRequestOnEmptyName() {
@@ -129,19 +131,19 @@ func (s *ApplicationSuite) Test_CreateApplication_ignoresReadOnlyPropertiesInPar
 
 	s.a.CreateApplication(s.ctx)
 
-	expectedJSONValue, _ := json.Marshal(&model.Application{
+	expected := &model.Application{
 		ID:          1,
 		Token:       firstApplicationToken,
-		UserID:      5,
 		Name:        "name",
 		Description: "description",
 		Internal:    false,
 		Image:       "static/defaultapp.png",
 		SortKey:     "a5",
-	})
+		CreatedAt:   testdb.Now,
+	}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)
-	assert.Equal(s.T(), string(expectedJSONValue), s.recorder.Body.String())
+	test.BodyEquals(s.T(), expected, s.recorder)
 }
 
 func (s *ApplicationSuite) Test_DeleteApplication_expectNotFoundOnCurrentUserIsNotOwner() {
@@ -165,7 +167,7 @@ func (s *ApplicationSuite) Test_CreateApplication_onlyRequiredParameters() {
 	s.withFormData("name=custom_name")
 	s.a.CreateApplication(s.ctx)
 
-	expected := &model.Application{ID: 1, Token: firstApplicationToken, Name: "custom_name", UserID: 5, SortKey: "a0"}
+	expected := &model.Application{ID: 1, Token: firstApplicationToken, Name: "custom_name", UserID: 5, SortKey: "a0", CreatedAt: testdb.Now}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	if app, err := s.db.GetApplicationsByUser(5); assert.NoError(s.T(), err) {
 		assert.Contains(s.T(), app, expected)
@@ -181,12 +183,12 @@ func (s *ApplicationSuite) Test_CreateApplication_returnsApplicationWithID() {
 	s.a.CreateApplication(s.ctx)
 
 	expected := &model.Application{
-		ID:      1,
-		Token:   firstApplicationToken,
-		Name:    "custom_name",
-		Image:   "static/defaultapp.png",
-		UserID:  5,
-		SortKey: "a0",
+		ID:        1,
+		Token:     firstApplicationToken,
+		Name:      "custom_name",
+		Image:     "static/defaultapp.png",
+		SortKey:   "a0",
+		CreatedAt: testdb.Now,
 	}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	test.BodyEquals(s.T(), expected, s.recorder)
@@ -201,7 +203,7 @@ func (s *ApplicationSuite) Test_CreateApplication_withExistingToken() {
 
 	s.a.CreateApplication(s.ctx)
 
-	expected := &model.Application{ID: 2, Token: secondApplicationToken, Name: "custom_name", UserID: 5, SortKey: "a0"}
+	expected := &model.Application{ID: 2, Token: secondApplicationToken, Name: "custom_name", UserID: 5, SortKey: "a0", CreatedAt: testdb.Now}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	if app, err := s.db.GetApplicationsByUser(5); assert.NoError(s.T(), err) {
 		assert.Contains(s.T(), app, expected)
@@ -530,6 +532,7 @@ func (s *ApplicationSuite) Test_UpdateApplicationNameAndDescription_expectSucces
 		Name:        "new_name",
 		Description: "new_description_text",
 		SortKey:     "a0",
+		CreatedAt:   testdb.Now,
 	}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)
@@ -553,6 +556,7 @@ func (s *ApplicationSuite) Test_UpdateApplicationName_expectSuccess() {
 		Name:        "new_name",
 		Description: "",
 		SortKey:     "a0",
+		CreatedAt:   testdb.Now,
 	}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)
@@ -577,6 +581,7 @@ func (s *ApplicationSuite) Test_UpdateApplicationDefaultPriority_expectSuccess()
 		Description:     "",
 		DefaultPriority: 4,
 		SortKey:         "a0",
+		CreatedAt:       testdb.Now,
 	}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)

api/client.go

@@ -39,6 +39,11 @@ type ClientParams struct {
 	// required: true
 	// example: My Client
 	Name string `form:"name" query:"name" json:"name" binding:"required"`
+	// The number of seconds of inactivity after which the client is removed.
+	// 0 (or omitted) means the client never expires.
+	//
+	// example: 2592000
+	ExpiresAfterInactivitySeconds *uint `form:"expiresAfterInactivitySeconds" query:"expiresAfterInactivitySeconds" json:"expiresAfterInactivitySeconds"`
 }
 
 // UpdateClient updates a client by its id.
@@ -94,6 +99,9 @@ func (a *ClientAPI) UpdateClient(ctx *gin.Context) {
 			newValues := ClientParams{}
 			if err := ctx.Bind(&newValues); err == nil {
 				client.Name = newValues.Name
+				if newValues.ExpiresAfterInactivitySeconds != nil {
+					client.ExpiresAfterInactivitySeconds = *newValues.ExpiresAfterInactivitySeconds
+				}
 
 				if success := successOrAbort(ctx, 500, a.DB.UpdateClient(client)); !success {
 					return
@@ -147,6 +155,9 @@ func (a *ClientAPI) CreateClient(ctx *gin.Context) {
 			Token:  auth.GenerateNotExistingToken(generateClientToken, a.clientExists),
 			UserID: auth.GetUserID(ctx),
 		}
+		if clientParams.ExpiresAfterInactivitySeconds != nil {
+			client.ExpiresAfterInactivitySeconds = *clientParams.ExpiresAfterInactivitySeconds
+		}
 
 		if success := successOrAbort(ctx, 500, a.DB.CreateClient(&client)); !success {
 			return

api/client_test.go

@@ -59,8 +59,8 @@ func (s *ClientSuite) AfterTest(suiteName, testName string) {
 }
 
 func (s *ClientSuite) Test_ensureClientHasCorrectJsonRepresentation() {
-	actual := &model.Client{ID: 1, UserID: 2, Token: "Casdasfgeeg", Name: "myclient"}
-	test.JSONEquals(s.T(), actual, `{"id":1,"token":"Casdasfgeeg","name":"myclient","lastUsed":null}`)
+	actual := &model.Client{ID: 1, UserID: 2, Token: "Casdasfgeeg", Name: "myclient", CreatedAt: testdb.Now}
+	test.JSONEquals(s.T(), actual, `{"id":1,"token":"Casdasfgeeg","name":"myclient","createdAt":"2020-01-01T00:00:00Z","lastUsed":null,"expiresAfterInactivitySeconds":0}`)
 }
 
 func (s *ClientSuite) Test_CreateClient_mapAllParameters() {
@@ -71,7 +71,7 @@ func (s *ClientSuite) Test_CreateClient_mapAllParameters() {
 
 	s.a.CreateClient(s.ctx)
 
-	expected := &model.Client{ID: 1, Token: firstClientToken, UserID: 5, Name: "custom_name"}
+	expected := &model.Client{ID: 1, Token: firstClientToken, UserID: 5, Name: "custom_name", CreatedAt: testdb.Now}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	if clients, err := s.db.GetClientsByUser(5); assert.NoError(s.T(), err) {
 		assert.Contains(s.T(), clients, expected)
@@ -85,7 +85,7 @@ func (s *ClientSuite) Test_CreateClient_ignoresReadOnlyPropertiesInParams() {
 	s.withFormData("name=myclient&ID=45&Token=12341234&UserID=333")
 
 	s.a.CreateClient(s.ctx)
-	expected := &model.Client{ID: 1, UserID: 5, Token: firstClientToken, Name: "myclient"}
+	expected := &model.Client{ID: 1, UserID: 5, Token: firstClientToken, Name: "myclient", CreatedAt: testdb.Now}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	if clients, err := s.db.GetClientsByUser(5); assert.NoError(s.T(), err) {
@@ -129,7 +129,7 @@ func (s *ClientSuite) Test_CreateClient_returnsClientWithID() {
 
 	s.a.CreateClient(s.ctx)
 
-	expected := &model.Client{ID: 1, Token: firstClientToken, Name: "custom_name", UserID: 5}
+	expected := &model.Client{ID: 1, Token: firstClientToken, Name: "custom_name", CreatedAt: testdb.Now}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	test.BodyEquals(s.T(), expected, s.recorder)
 }
@@ -142,7 +142,7 @@ func (s *ClientSuite) Test_CreateClient_withExistingToken() {
 
 	s.a.CreateClient(s.ctx)
 
-	expected := &model.Client{ID: 2, Token: secondClientToken, Name: "custom_name", UserID: 5}
+	expected := &model.Client{ID: 2, Token: secondClientToken, Name: "custom_name", CreatedAt: testdb.Now}
 	assert.Equal(s.T(), 200, s.recorder.Code)
 	test.BodyEquals(s.T(), expected, s.recorder)
 }
@@ -189,6 +189,34 @@ func (s *ClientSuite) Test_DeleteClient() {
 	assert.True(s.T(), s.notified)
 }
 
+func (s *ClientSuite) Test_CreateClient_acceptsExpiresAfterInactivitySeconds() {
+	s.db.User(5)
+
+	test.WithUser(s.ctx, 5)
+	s.withFormData("name=custom_name&expiresAfterInactivitySeconds=3600")
+
+	s.a.CreateClient(s.ctx)
+
+	assert.Equal(s.T(), 200, s.recorder.Code)
+	if client, err := s.db.GetClientByID(1); assert.NoError(s.T(), err) {
+		assert.Equal(s.T(), uint(3600), client.ExpiresAfterInactivitySeconds)
+	}
+}
+
+func (s *ClientSuite) Test_UpdateClient_updatesExpiresAfterInactivitySeconds() {
+	s.db.User(5).NewClientWithToken(1, firstClientToken)
+
+	test.WithUser(s.ctx, 5)
+	s.withFormData("name=firefox&expiresAfterInactivitySeconds=7200")
+	s.ctx.Params = gin.Params{{Key: "id", Value: "1"}}
+	s.a.UpdateClient(s.ctx)
+
+	assert.Equal(s.T(), 200, s.recorder.Code)
+	if client, err := s.db.GetClientByID(1); assert.NoError(s.T(), err) {
+		assert.Equal(s.T(), uint(7200), client.ExpiresAfterInactivitySeconds)
+	}
+}
+
 func (s *ClientSuite) Test_UpdateClient_expectSuccess() {
 	s.db.User(5).NewClientWithToken(1, firstClientToken)
 
@@ -198,10 +226,11 @@ func (s *ClientSuite) Test_UpdateClient_expectSuccess() {
 	s.a.UpdateClient(s.ctx)
 
 	expected := &model.Client{
-		ID:     1,
-		Token:  firstClientToken,
-		UserID: 5,
-		Name:   "firefox",
+		ID:        1,
+		Token:     firstClientToken,
+		UserID:    5,
+		Name:      "firefox",
+		CreatedAt: testdb.Now,
 	}
 
 	assert.Equal(s.T(), 200, s.recorder.Code)

api/oidc.go

@@ -424,10 +424,11 @@ func (a *OIDCAPI) resolveUser(info *oidc.UserInfo) (*model.User, int, error) {
 func (a *OIDCAPI) createClient(name string, userID uint) (*model.Client, error) {
 	elevatedUntil := time.Now().Add(model.DefaultElevationDuration)
 	client := &model.Client{
-		Name:          name,
-		Token:         auth.GenerateNotExistingToken(generateClientToken, func(t string) bool { c, _ := a.DB.GetClientByToken(t); return c != nil }),
-		UserID:        userID,
-		ElevatedUntil: &elevatedUntil,
+		Name:                          name,
+		Token:                         auth.GenerateNotExistingToken(generateClientToken, func(t string) bool { c, _ := a.DB.GetClientByToken(t); return c != nil }),
+		UserID:                        userID,
+		ElevatedUntil:                 &elevatedUntil,
+		ExpiresAfterInactivitySeconds: auth.CookieMaxAge,
 	}
 	return client, a.DB.CreateClient(client)
 }

api/oidc_test.go

@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/gotify/server/v2/auth"
 	"github.com/gotify/server/v2/decaymap"
 	"github.com/gotify/server/v2/mode"
 	"github.com/gotify/server/v2/test"
@@ -153,6 +154,7 @@ func (s *OIDCSuite) Test_CreateClient() {
 	assert.Equal(s.T(), "MyPhone", client.Name)
 	assert.Equal(s.T(), "Ctesttoken00001", client.Token)
 	assert.Equal(s.T(), uint(1), client.UserID)
+	assert.Equal(s.T(), uint(auth.CookieMaxAge), client.ExpiresAfterInactivitySeconds)
 
 	dbClient, err := s.db.GetClientByToken("Ctesttoken00001")
 	assert.NoError(s.T(), err)

api/plugin.go

@@ -72,6 +72,7 @@ func (c *PluginAPI) GetPlugins(ctx *gin.Context) {
 			info := c.Manager.PluginInfo(conf.ModulePath)
 			result = append(result, model.PluginConfExternal{
 				ID:           conf.ID,
+				CreatedAt:    conf.CreatedAt,
 				Name:         info.String(),
 				Token:        conf.Token,
 				ModulePath:   conf.ModulePath,

api/session.go

@@ -77,10 +77,11 @@ func (a *SessionAPI) Login(ctx *gin.Context) {
 
 	elevatedUntil := time.Now().Add(model.DefaultElevationDuration)
 	client := model.Client{
-		Name:          clientParams.Name,
-		Token:         auth.GenerateNotExistingToken(generateClientToken, a.clientExists),
-		UserID:        user.ID,
-		ElevatedUntil: &elevatedUntil,
+		Name:                          clientParams.Name,
+		Token:                         auth.GenerateNotExistingToken(generateClientToken, a.clientExists),
+		UserID:                        user.ID,
+		ElevatedUntil:                 &elevatedUntil,
+		ExpiresAfterInactivitySeconds: auth.CookieMaxAge,
 	}
 	if success := successOrAbort(ctx, 500, a.DB.CreateClient(&client)); !success {
 		return
@@ -92,6 +93,7 @@ func (a *SessionAPI) Login(ctx *gin.Context) {
 		ID:            user.ID,
 		Name:          user.Name,
 		Admin:         user.Admin,
+		CreatedAt:     user.CreatedAt,
 		ClientID:      client.ID,
 		ElevatedUntil: client.ElevatedUntil,
 	})

api/session_test.go

@@ -90,6 +90,7 @@ func (s *SessionSuite) Test_Login_Success() {
 	assert.NoError(s.T(), err)
 	assert.Len(s.T(), clients, 1)
 	assert.Equal(s.T(), "test-browser", clients[0].Name)
+	assert.Equal(s.T(), uint(auth.CookieMaxAge), clients[0].ExpiresAfterInactivitySeconds)
 }
 
 func (s *SessionSuite) Test_Login_WrongPassword() {

api/user.go

@@ -132,9 +132,10 @@ func (a *UserAPI) GetCurrentUser(ctx *gin.Context) {
 		return
 	}
 	result := &model.CurrentUserExternal{
-		ID:    user.ID,
-		Name:  user.Name,
-		Admin: user.Admin,
+		ID:        user.ID,
+		Name:      user.Name,
+		Admin:     user.Admin,
+		CreatedAt: user.CreatedAt,
 	}
 	client := auth.GetClient(ctx)
 	if client != nil {
@@ -460,10 +461,11 @@ func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
 					return
 				}
 				internal := &model.User{
-					ID:    oldUser.ID,
-					Name:  user.Name,
-					Admin: user.Admin,
-					Pass:  oldUser.Pass,
+					ID:        oldUser.ID,
+					Name:      user.Name,
+					Admin:     user.Admin,
+					Pass:      oldUser.Pass,
+					CreatedAt: oldUser.CreatedAt,
 				}
 				if user.Pass != "" {
 					internal.Pass = password.CreatePassword(user.Pass, a.PasswordStrength)
@@ -481,8 +483,9 @@ func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
 
 func toExternalUser(internal *model.User) *model.UserExternal {
 	return &model.UserExternal{
-		Name:  internal.Name,
-		Admin: internal.Admin,
-		ID:    internal.ID,
+		Name:      internal.Name,
+		Admin:     internal.Admin,
+		ID:        internal.ID,
+		CreatedAt: internal.CreatedAt,
 	}
 }

api/user_test.go

@@ -176,7 +176,7 @@ func (s *UserSuite) Test_CreateUser() {
 	s.a.CreateUser(s.ctx)
 
 	assert.Equal(s.T(), 200, s.recorder.Code)
-	user := &model.UserExternal{ID: 2, Name: "tom", Admin: true}
+	user := &model.UserExternal{ID: 2, Name: "tom", Admin: true, CreatedAt: testdb.Now}
 	test.BodyEquals(s.T(), user, s.recorder)
 
 	if created, err := s.db.GetUserByName("tom"); assert.NoError(s.T(), err) {
@@ -439,5 +439,5 @@ func (s *UserSuite) noLogin() {
 }
 
 func externalOf(user *model.User) *model.UserExternal {
-	return &model.UserExternal{Name: user.Name, Admin: user.Admin, ID: user.ID}
+	return &model.UserExternal{Name: user.Name, Admin: user.Admin, ID: user.ID, CreatedAt: user.CreatedAt}
 }