Awx: OAuth2 manage commands don't delete all tokens

Created on 15 Mar 2019  路  10Comments  路  Source: ansible/awx
ISSUE TYPE
  • Bug Report
COMPONENT NAME

  • API
SUMMARY

Refresh tokens aren't being cleaned up by the cleartokens command after being revoked.

The awx-manage cleartokens command does not delete revoked refresh_tokens, letting them pile up in the database.

Possible Solutions
A. Get a patch in for DOT 1.1.3 and see if they can release a patch release. (this is fixed in 1.2.0, but that requires => django 2.0)
B. Monkey-patch the clear_expired() method in DOT, which is called by cleartokens

ENVIRONMENT
  • AWX version: devel
STEPS TO REPRODUCE
  1. Create an Application
  2. Create an Application token (api/v2/applications/1/tokens/)
  3. run awx-manage revoke_oauth2_tokens (deletes access_token)
  4. run awx-manage revoke_oauth2_tokens --all (deletes refresh_token)
  5. run `awx-manage cleartokens
EXPECTED RESULTS

expired access_tokens and expired refresh_tokens should be deleted.

ACTUAL RESULTS

revoked refresh_tokens are not actually deleted. (they are in DOT 1.2.0, but not in 1.1.3, which we use)

api medium needs_devel bug
Source
picture rooftopcellist

All 10 comments

@rooftopcellist was this actually seen in production?

awithrow9 picture awithrow9 on 22 Mar 2019

@awithrow9 This was seen by @gamuniz on a tower install.

rooftopcellist picture rooftopcellist on 22 Mar 2019

Rephrase: was the fact that they are not deleted an issue that is causing pain, or just something we noticed in passing?

wenottingham picture wenottingham on 22 Mar 2019

@rooftopcellist @awithrow9 they reported issues with token but i dont think this needs to be worked on now

gamuniz picture gamuniz on 22 Mar 2019

punting to later where we can do django2.2LTS+django-oauth-toolkit-whatever and it magically(?) works?

wenottingham picture wenottingham on 22 Mar 2019
👍1

wfm

gamuniz picture gamuniz on 22 Mar 2019

related to issue #4710

this is how to fix it https://github.com/ansible/awx/issues/4710#issuecomment-537233492

fosterseth picture fosterseth on 1 Oct 2019
👍1

Would a change like this make sense?

https://github.com/ansible/awx/issues/4710#issuecomment-537504340

ryanpetrello picture ryanpetrello on 2 Oct 2019

@rooftopcellist @fosterseth is this ready for state:needs_test ?

ryanpetrello picture ryanpetrello on 4 Oct 2019
  • Create an Application
  • Create an Application token (api/v2/applications/1/tokens/)
  • run awx-manage revoke_oauth2_tokens (deletes access_token)
  • run awx-manage revoke_oauth2_tokens --all (deletes refresh_token)
  • run `awx-manage cleartokens

Did above steps and saw that all tokens were revoked and then cleaned up. Closing as fixed.

kdelee picture kdelee on 10 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cs35-owncloud picture cs35-owncloud  路  3Comments
agaffney picture agaffney  路  3Comments
pebbledavec picture pebbledavec  路  3Comments
mwiora picture mwiora  路  3Comments
IshwarKanse picture IshwarKanse  路  3Comments