Merge pull request #218 from willtp87/7.x_authentication_tokens

better docs, implemented cron to remove expired authentication
12 years ago · b92b71567f
3 changed files with 28 additions and 0 deletions
--- a/8
+++ b/8
@ -38,6 +38,14 @@ INSTALLATION
 CONFIGURATION
 -------------

+The islandora_drupal_filter passes the username of 'anonymous' through to 
+Fedora for unauthenticated Drupal Users.  A user with the name of 'anonymous'
+may have XACML policies applied to them that are meant to be applied to Drupal
+users that are not logged in or vice-versa.  This is a potential security issue
+that can be plugged by creating a user named 'anonymous' and restricting access
+to the account.
+
+Drupal's cron will can be ran to remove expired authentication tokens.

 CUSTOMIZATION
 -------------
--- a/includes/islandora_authtokens.inc
+++ b/includes/islandora_authtokens.inc
@ -110,3 +110,13 @@ function islandora_validate_object_token($pid, $dsid, $token) {
    return FALSE;
  }
 }
+
+/**
+ * Will remove any expired authentication tokens.
+ */
+function islandora_remove_expired_tokens() {
+  $time = time();
+  db_delete("islandora_authtokens")
+    ->condition('time', $time - TOKEN_TIMEOUT, '<')
+    ->execute();
+}
--- a/islandora.module
+++ b/islandora.module
@ -872,3 +872,13 @@ function islandora_post_delete_datastream(FedoraObject $object, $datastream_id)
    module_invoke_all($hook, $object, $datastream_id);
  }
 }
+
+/**
+ * Implements hook_cron()
+ * 
+ * Removes expired authentication tokens.
+ */
+function islandora_cron() {
+  module_load_include('inc', 'islandora', 'includes/islandora_authtokens');
+  islandora_remove_expired_tokens();
+}