-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reap singleUse actors #996
Comments
Is there any other record that a single-use actor has been created? If not, could they be important for audit purposes? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
singleUse
actors are for internal use:singleUse
actor is created and assigned thepwreset
role. A 24-hour session is created for the actor, and the session's token is sent over email as part of a password reset URL.singleUse
actor is created and assigned theformview
role in order to provide Enketo temporary access to the form. A 15-minute session is created for the actor.singleUse
actors. Google Drive backups have been removed.In some cases,
singleUse
actors are deleted:pwreset
assignment is used to change a password, the actor is then "consumed" (Actors.consume()
).singleUse
actors created for Google Drive backups should be deleted now that that functionality has been removed.However, I think that in other cases,
singleUse
actors are not deleted:singleUse
actor is never deleted.formview
assignment are never deleted.Looking at the QA server, I see:
pwreset
assignmentformview
assignment. A larger number makes sense given that every form will be associated with at least oneformview
actor. (It could be more than one if a request to Enketo fails.)singleUse
actors that are not deleted, yet do not have an assignment. In all cases, theirdisplayName
contains "Enketo sync token". I assume these correspond to deleted forms.singleUse
actors correspond to Google Drive backups. That's expected.Given that these
singleUse
actors are tightly coupled with a single session, I think we should consider deleting them when we reap sessions (lib/task/reap-sessions.js). Specifically, if a session is expired, and the session was for asingleUse
actor, then delete both the session and the actor.We could also consider writing a migration to delete existing
singleUse
actors that are unneeded. To me, that seems lower-priority but still worthwhile.The text was updated successfully, but these errors were encountered: