Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: listing sessions query #2958

Merged
merged 7 commits into from Dec 20, 2022
Merged

fix: listing sessions query #2958

merged 7 commits into from Dec 20, 2022

Conversation

kelkarajay
Copy link
Contributor

@kelkarajay kelkarajay commented Dec 15, 2022
edited

Changes

  • Where clause added to also check session expiry timestamp to return correct list
  • Fixed to query identity only once
  • Remove marshalling mutation

Related issue(s)

#2930

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@kelkarajay kelkarajay self-assigned this Dec 15, 2022
@kelkarajay kelkarajay marked this pull request as ready for review December 15, 2022 18:06
@kelkarajay kelkarajay changed the title feat: add persister clause based on active check param fix: listing sessions query Dec 15, 2022
aeneasr
aeneasr requested changes Dec 17, 2022
View reviewed changes
persistence/sql/persister_session.go Show resolved Hide resolved
persistence/sql/persister_session.go Outdated
@@ -78,6 +79,12 @@ func (p *Persister) ListSessions(ctx context.Context, active *bool, paginatorOpt
q := c.Where("nid = ?", nid)
if active != nil {
q = q.Where("active = ?", *active)

if *active {
q.Where("expires_at >= ?", time.Now())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
q.Where("expires_at >= ?", time.Now())
q.Where("expires_at >= ?", time.Now().UTC())

persistence/sql/persister_session.go Outdated
if *active {
q.Where("expires_at >= ?", time.Now())
} else {
q.Where("expires_at < ?", time.Now())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
q.Where("expires_at < ?", time.Now())
q.Where("expires_at < ?", time.Now().UTC())

persistence/sql/persister_session.go Outdated
@@ -128,12 +135,23 @@ func (p *Persister) ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, a
nid := p.NetworkID(ctx)

if err := p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
i, err := p.GetIdentity(ctx, iID)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're now no longer respecting the expand property and instead fetch the identity always. I don't think that's intended? Please move it back to where it was, but of course outside of the loop to prevent unneccessary queries


 		if expandables.Has(session.ExpandSessionIdentity) {
 			i, err := p.GetIdentity(ctx, iID)
 			// ...
 			for _, s := range s {

persistence/sql/persister_session.go Outdated
Comment on lines 151 to 153
q.Where("expires_at >= ?", time.Now())
} else {
q.Where("expires_at < ?", time.Now())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At some point we realized that all DB timestamps need to be UTC

Suggested change
q.Where("expires_at >= ?", time.Now())
} else {
q.Where("expires_at < ?", time.Now())
q.Where("expires_at >= ?", time.Now().UTC())
} else {
q.Where("expires_at < ?", time.Now().UTC())

session/session.go
@@ -153,17 +153,6 @@ func (s Session) TableName(ctx context.Context) string {
return "sessions"
}

func (s Session) MarshalJSON() ([]byte, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a cleaner solution than setting the field upon loading it from the database, because expiry is time based, and we always want the "freshest" value for Active. Also a bit confused as to why no tests are failing if this is removed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was removed because it alters the value of list items based on Identity state after the listing query has run.

As in, a request for ?active=true yields active session records but then this code block alters the value. This may result in result set with active: false due to s.Active && s.ExpiresAt.After(time.Now()) && (s.Identity == nil || s.Identity.IsActive()), which will confuse the API consumer. To try and solve this problem, I've made corrections to the query in eddece5

session/session.go
Comment on lines -160 to -164
result, err := json.Marshal(sl(s))
if err != nil {
return nil, err
}
return result, nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could just be:

return json.Marshal(sl(s))

@codecov
Copy link

codecov bot commented Dec 17, 2022
edited

Codecov Report

Merging #2958 (52ee63c) into master (e11ba52) will decrease coverage by 0.00%.
The diff coverage is 98.91%.

@@            Coverage Diff             @@
##           master    #2958      +/-   ##
==========================================
- Coverage   76.16%   76.16%   -0.01%     
==========================================
  Files         310      309       -1     
  Lines       19110    19054      -56     
==========================================
- Hits        14555    14512      -43     
+ Misses       3425     3417       -8     
+ Partials     1130     1125       -5
Impacted Files Coverage Δ
session/session.go 77.68% <ø> (+0.34%) ⬆️
persistence/sql/persister_session.go 83.82% <86.66%> (+0.64%) ⬆️
session/test/persistence.go 99.05% <100.00%> (-0.01%) ⬇️
credentialmigrate/migrate.go 75.00% <0.00%> (ø)
selfservice/strategy/webauthn/nodes.go 100.00% <0.00%> (ø)
identity/credentials_webauthn.go
x/keys.go
identity/credentials_lookup.go
selfservice/strategy/lookup/credentials.go 100.00% <0.00%> (ø)
... and 3 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@kelkarajay
Copy link
Contributor Author

Re-organized listing tests to do seed data setup once and run against that

@aeneasr aeneasr merged commit 3e06c99 into master Dec 20, 2022
@aeneasr aeneasr deleted the fix/identity-listing branch December 20, 2022 07:48
peturgeorgievv pushed a commit to senteca/kratos-fork that referenced this pull request Jun 30, 2023
fix: listing sessions query (ory#2958)
67346e6 
Closes ory#2930
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

@zepatrik zepatrik Awaiting requested review from zepatrik zepatrik is a code owner

Assignees

@kelkarajay kelkarajay

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kelkarajay @aeneasr