Change AccessTokensVacuum to also delete expired tokens (mastodon#24868)

11ways · Jul 7, 2023 · 3860033 · 3860033
1 parent 24bfef1
commit 3860033
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/app/lib/vacuum/access_tokens_vacuum.rb b/app/lib/vacuum/access_tokens_vacuum.rb
@@ -9,10 +9,12 @@ def perform
   private
 
   def vacuum_revoked_access_tokens!
-    Doorkeeper::AccessToken.where.not(revoked_at: nil).where('revoked_at < NOW()').delete_all
+    Doorkeeper::AccessToken.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all
+    Doorkeeper::AccessToken.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all
   end
 
   def vacuum_revoked_access_grants!
-    Doorkeeper::AccessGrant.where.not(revoked_at: nil).where('revoked_at < NOW()').delete_all
+    Doorkeeper::AccessGrant.where.not(expires_in: nil).where('created_at + make_interval(secs => expires_in) < NOW()').in_batches.delete_all
+    Doorkeeper::AccessGrant.where.not(revoked_at: nil).where('revoked_at < NOW()').in_batches.delete_all
   end
 end
diff --git a/spec/lib/vacuum/access_tokens_vacuum_spec.rb b/spec/lib/vacuum/access_tokens_vacuum_spec.rb
@@ -7,9 +7,11 @@
 
   describe '#perform' do
     let!(:revoked_access_token) { Fabricate(:access_token, revoked_at: 1.minute.ago) }
+    let!(:expired_access_token) { Fabricate(:access_token, expires_in: 59.minutes.to_i, created_at: 1.hour.ago) }
     let!(:active_access_token) { Fabricate(:access_token) }
 
     let!(:revoked_access_grant) { Fabricate(:access_grant, revoked_at: 1.minute.ago) }
+    let!(:expired_access_grant) { Fabricate(:access_grant, expires_in: 59.minutes.to_i, created_at: 1.hour.ago) }
     let!(:active_access_grant) { Fabricate(:access_grant) }
 
     before do
@@ -20,10 +22,18 @@
       expect { revoked_access_token.reload }.to raise_error ActiveRecord::RecordNotFound
     end
 
+    it 'deletes expired access tokens' do
+      expect { expired_access_token.reload }.to raise_error ActiveRecord::RecordNotFound
+    end
+
     it 'deletes revoked access grants' do
       expect { revoked_access_grant.reload }.to raise_error ActiveRecord::RecordNotFound
     end
 
+    it 'deletes expired access grants' do
+      expect { expired_access_grant.reload }.to raise_error ActiveRecord::RecordNotFound
+    end
+
     it 'does not delete active access tokens' do
       expect { active_access_token.reload }.to_not raise_error
     end