(ctx context.Context, notAfter time.Time, limit, batchSize int)
| 529 | } |
| 530 | |
| 531 | func (p *Persister) FlushInactiveLoginConsentRequests(ctx context.Context, notAfter time.Time, limit, batchSize int) (err error) { |
| 532 | ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FlushInactiveLoginConsentRequests") |
| 533 | defer otelx.End(span, &err) |
| 534 | |
| 535 | // The value of notAfter should be the minimum between input parameter and request max expire based on its configured age |
| 536 | requestMaxExpire := time.Now().Add(-p.r.Config().ConsentRequestMaxAge(ctx)) |
| 537 | if requestMaxExpire.Before(notAfter) { |
| 538 | notAfter = requestMaxExpire |
| 539 | } |
| 540 | |
| 541 | challenges := make([]string, 0, limit) |
| 542 | // Select up to [limit] flows that can be safely deleted, i.e. flows that meet |
| 543 | // the following criteria: |
| 544 | // - flow.state is anything between FlowStateLoginInitialized and FlowStateConsentUnused (unhandled) |
| 545 | // - flow.login_error has valid error (login rejected) |
| 546 | // - flow.consent_error has valid error (consent rejected) |
| 547 | // AND timed-out |
| 548 | // - flow.requested_at < minimum of ttl.login_consent_request and notAfter |
| 549 | q := p.Connection(ctx).RawQuery(` |
| 550 | SELECT login_challenge |
| 551 | FROM hydra_oauth2_flow |
| 552 | WHERE ( |
| 553 | (state != ? AND state IS NOT NULL) |
| 554 | OR (login_error IS NOT NULL AND login_error <> '{}' AND login_error <> '') |
| 555 | OR (consent_error IS NOT NULL AND consent_error <> '{}' AND consent_error <> '') |
| 556 | ) |
| 557 | AND requested_at < ? |
| 558 | AND nid = ? |
| 559 | ORDER BY login_challenge |
| 560 | LIMIT ?`, |
| 561 | flow.FlowStateConsentUsed, notAfter, p.NetworkID(ctx), limit) |
| 562 | |
| 563 | if err := q.All(&challenges); err != nil { |
| 564 | return errors.WithStack(err) |
| 565 | } |
| 566 | |
| 567 | // Delete in batch consent requests and their references in cascade |
| 568 | for i := 0; i < len(challenges); i += batchSize { |
| 569 | j := min(i+batchSize, len(challenges)) |
| 570 | |
| 571 | q := p.Connection(ctx).RawQuery( |
| 572 | "DELETE FROM hydra_oauth2_flow WHERE login_challenge in (?) AND nid = ?", |
| 573 | challenges[i:j], |
| 574 | p.NetworkID(ctx), |
| 575 | ) |
| 576 | |
| 577 | if err := q.Exec(); err != nil { |
| 578 | return sqlcon.HandleError(err) |
| 579 | } |
| 580 | } |
| 581 | |
| 582 | return nil |
| 583 | } |
| 584 | |
| 585 | func (p *Persister) mySQLConfirmLoginSession(ctx context.Context, session *flow.LoginSession) error { |
| 586 | return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error { |
nothing calls this directly
no test coverage detected