run token cleanup job when grafana starts, then each hour

conf/defaults.ini

@@ -256,8 +256,8 @@ login_maximum_lifetime_days = 30
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 token_rotation_interval_minutes = 10
 
-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+expired_tokens_cleanup_interval_hours = 1
 
 # Set to true to disable (hide) the login form, useful if you use OAuth
 disable_login_form = false

conf/sample.ini

@@ -236,8 +236,8 @@ log_queries =
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 ;token_rotation_interval_minutes = 10
 
-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-;expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+;expired_tokens_cleanup_interval_hours = 1
 
 # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
 ;disable_login_form = false

docs/sources/auth/overview.md

@@ -64,8 +64,8 @@ login_maximum_lifetime_days = 30
 # How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
 token_rotation_interval_minutes = 10
 
-# How often should expired auth tokens be deleted from the database. The default is 7 days.
-expired_tokens_cleanup_interval_days = 7
+# How often should expired auth tokens be deleted from the database. The default is each hour.
+expired_tokens_cleanup_interval_hours = 1
 ```
 
 ### Anonymous authentication

pkg/services/auth/auth_token_test.go

@@ -423,10 +423,10 @@ func createTestContext(t *testing.T) *testContext {
 	tokenService := &UserAuthTokenService{
 		SQLStore: sqlstore,
 		Cfg: &setting.Cfg{
-			LoginMaxInactiveLifetimeDays:     7,
-			LoginMaxLifetimeDays:             30,
-			TokenRotationIntervalMinutes:     10,
-			ExpiredTokensCleanupIntervalDays: 1,
+			LoginMaxInactiveLifetimeDays:      7,
+			LoginMaxLifetimeDays:              30,
+			TokenRotationIntervalMinutes:      10,
+			ExpiredTokensCleanupIntervalHours: 1,
 		},
 		log: log.New("test-logger"),
 	}

pkg/services/auth/token_cleanup.go

@@ -6,25 +6,29 @@ import (
 )
 
 func (srv *UserAuthTokenService) Run(ctx context.Context) error {
-	if srv.Cfg.ExpiredTokensCleanupIntervalDays <= 0 {
-		srv.log.Debug("cleanup of expired auth tokens are disabled")
-		return nil
-	}
-
-	jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalDays) * 24 * time.Hour
-	srv.log.Debug("cleanup of expired auth tokens are enabled", "intervalDays", srv.Cfg.ExpiredTokensCleanupIntervalDays)
-
+	jobInterval := time.Duration(srv.Cfg.ExpiredTokensCleanupIntervalHours) * time.Hour
 	ticker := time.NewTicker(jobInterval)
 	maxInactiveLifetime := time.Duration(srv.Cfg.LoginMaxInactiveLifetimeDays) * 24 * time.Hour
 	maxLifetime := time.Duration(srv.Cfg.LoginMaxLifetimeDays) * 24 * time.Hour
 
+	err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
+		srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
+	})
+	if err != nil {
+		srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
+	}
+
 	for {
 		select {
 		case <-ticker.C:
-			srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
+			err := srv.ServerLockService.LockAndExecute(ctx, "cleanup expired auth tokens", time.Hour*12, func() {
 				srv.deleteExpiredTokens(maxInactiveLifetime, maxLifetime)
 			})
 
+			if err != nil {
+				srv.log.Error("failed to lock and execite cleanup of expired auth token", "erro", err)
+			}
+
 		case <-ctx.Done():
 			return ctx.Err()
 		}

pkg/setting/setting.go

@@ -233,11 +233,11 @@ type Cfg struct {
 	EnterpriseLicensePath            string
 
 	// Auth
-	LoginCookieName                  string
-	LoginMaxInactiveLifetimeDays     int
-	LoginMaxLifetimeDays             int
-	TokenRotationIntervalMinutes     int
-	ExpiredTokensCleanupIntervalDays int
+	LoginCookieName                   string
+	LoginMaxInactiveLifetimeDays      int
+	LoginMaxLifetimeDays              int
+	TokenRotationIntervalMinutes      int
+	ExpiredTokensCleanupIntervalHours int
 }
 
 type CommandLineArgs struct {
@@ -673,7 +673,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 	if cfg.TokenRotationIntervalMinutes < 2 {
 		cfg.TokenRotationIntervalMinutes = 2
 	}
-	cfg.ExpiredTokensCleanupIntervalDays = auth.Key("expired_tokens_cleanup_interval_days").MustInt(7)
+	cfg.ExpiredTokensCleanupIntervalHours = auth.Key("expired_tokens_cleanup_interval_hours").MustInt(1)
 
 	DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
 	DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)