diff --git a/README b/README index 1a3479e8..c9784a95 100644 --- a/README +++ b/README @@ -38,6 +38,14 @@ INSTALLATION CONFIGURATION ------------- +The islandora_drupal_filter passes the username of 'anonymous' through to +Fedora for unauthenticated Drupal Users. A user with the name of 'anonymous' +may have XACML policies applied to them that are meant to be applied to Drupal +users that are not logged in or vice-versa. This is a potential security issue +that can be plugged by creating a user named 'anonymous' and restricting access +to the account. + +Drupal's cron will can be ran to remove expired authentication tokens. CUSTOMIZATION ------------- diff --git a/includes/islandora_authtokens.inc b/includes/islandora_authtokens.inc index 44b02578..f7861a0b 100644 --- a/includes/islandora_authtokens.inc +++ b/includes/islandora_authtokens.inc @@ -110,3 +110,13 @@ function islandora_validate_object_token($pid, $dsid, $token) { return FALSE; } } + +/** + * Will remove any expired authentication tokens. + */ +function islandora_remove_expired_tokens() { + $time = time(); + db_delete("islandora_authtokens") + ->condition('time', $time - TOKEN_TIMEOUT, '<') + ->execute(); +} diff --git a/islandora.module b/islandora.module index 388b2895..a67efcf3 100644 --- a/islandora.module +++ b/islandora.module @@ -872,3 +872,13 @@ function islandora_post_delete_datastream(FedoraObject $object, $datastream_id) module_invoke_all($hook, $object, $datastream_id); } } + +/** + * Implements hook_cron() + * + * Removes expired authentication tokens. + */ +function islandora_cron() { + module_load_include('inc', 'islandora', 'includes/islandora_authtokens'); + islandora_remove_expired_tokens(); +}