MAGETWO-61867: API token does not expire after a time limit

Author: Alex Paliarush

app/code/Magento/Integration/Cron/CleanExpiredTokens.php

@@ -46,11 +46,11 @@ public function __construct(
     public function execute()
     {
         $this->tokenResourceModel->deleteExpiredTokens(
-            $this->oauthHelper->getAdminTokenExpirationPeriod(),
+            $this->oauthHelper->getAdminTokenLifetime(),
             [UserContextInterface::USER_TYPE_ADMIN]
         );
         $this->tokenResourceModel->deleteExpiredTokens(
-            $this->oauthHelper->getCustomerTokenExpirationPeriod(),
+            $this->oauthHelper->getCustomerTokenLifetime(),
             [UserContextInterface::USER_TYPE_CUSTOMER]
         );
     }

app/code/Magento/Integration/Helper/Oauth/Data.php

@@ -63,10 +63,7 @@ public function __construct(\Magento\Framework\App\Config\ScopeConfigInterface $
     public function isCleanupProbability()
     {
         // Safe get cleanup probability value from system configuration
-        $configValue = (int)$this->_scopeConfig->getValue(
-            self::XML_PATH_CLEANUP_PROBABILITY,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
+        $configValue = (int)$this->_scopeConfig->getValue(self::XML_PATH_CLEANUP_PROBABILITY);
         return $configValue > 0 ? 1 == \Magento\Framework\Math\Random::getRandomNumber(1, $configValue) : false;
     }
 
@@ -77,10 +74,7 @@ public function isCleanupProbability()
      */
     public function getCleanupExpirationPeriod()
     {
-        $minutes = (int)$this->_scopeConfig->getValue(
-            self::XML_PATH_CLEANUP_EXPIRATION_PERIOD,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
+        $minutes = (int)$this->_scopeConfig->getValue(self::XML_PATH_CLEANUP_EXPIRATION_PERIOD);
         return $minutes > 0 ? $minutes : self::CLEANUP_EXPIRATION_PERIOD_DEFAULT;
     }
 
@@ -91,10 +85,7 @@ public function getCleanupExpirationPeriod()
      */
     public function getConsumerExpirationPeriod()
     {
-        $seconds = (int)$this->_scopeConfig->getValue(
-            self::XML_PATH_CONSUMER_EXPIRATION_PERIOD,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
+        $seconds = (int)$this->_scopeConfig->getValue(self::XML_PATH_CONSUMER_EXPIRATION_PERIOD);
         return $seconds > 0 ? $seconds : self::CONSUMER_EXPIRATION_PERIOD_DEFAULT;
     }
 
@@ -105,10 +96,7 @@ public function getConsumerExpirationPeriod()
      */
     public function getConsumerPostMaxRedirects()
     {
-        $redirects = (int)$this->_scopeConfig->getValue(
-            self::XML_PATH_CONSUMER_POST_MAXREDIRECTS,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
+        $redirects = (int)$this->_scopeConfig->getValue(self::XML_PATH_CONSUMER_POST_MAXREDIRECTS);
         return $redirects > 0 ? $redirects : 0;
     }
 
@@ -119,38 +107,29 @@ public function getConsumerPostMaxRedirects()
      */
     public function getConsumerPostTimeout()
     {
-        $seconds = (int)$this->_scopeConfig->getValue(
-            self::XML_PATH_CONSUMER_POST_TIMEOUT,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
+        $seconds = (int)$this->_scopeConfig->getValue(self::XML_PATH_CONSUMER_POST_TIMEOUT);
         return $seconds > 0 ? $seconds : self::CONSUMER_POST_TIMEOUT_DEFAULT;
     }
 
     /**
-     * Get expiration period for customer tokens from config.
+     * Get customer token lifetime from config.
      *
-     * @return int minutes
+     * @return int hours
      */
-    public function getCustomerTokenExpirationPeriod()
+    public function getCustomerTokenLifetime()
     {
-        $minutes = (int)$this->_scopeConfig->getValue(
-            'oauth/access_token_expiration_period/customer',
-            \Magento\Store\Model\ScopeInterface::SCOPE_WEBSITE
-        );
-        return $minutes > 0 ? $minutes : 0;
+        $hours = (int)$this->_scopeConfig->getValue('oauth/access_token_expiration_period/customer');
+        return $hours > 0 ? $hours : 0;
     }
 
     /**
-     * Get expiration period for admin tokens from config.
+     * Get customer token lifetime from config.
      *
-     * @return int minutes
+     * @return int hours
      */
-    public function getAdminTokenExpirationPeriod()
+    public function getAdminTokenLifetime()
     {
-        $minutes = (int)$this->_scopeConfig->getValue(
-            'oauth/access_token_expiration_period/admin',
-            \Magento\Store\Model\ScopeInterface::SCOPE_WEBSITE
-        );
-        return $minutes > 0 ? $minutes : 0;
+        $hours = (int)$this->_scopeConfig->getValue('oauth/access_token_expiration_period/admin');
+        return $hours > 0 ? $hours : 0;
     }
 }

app/code/Magento/Integration/Model/ResourceModel/Oauth/Token.php

@@ -107,19 +107,19 @@ public function deleteOldEntries($minutes)
     /**
      * Delete expired tokens for the specified user types
      *
-     * @param int $minutes expiration period
+     * @param int $hours token lifetime
      * @param int[] $userTypes @see \Magento\Authorization\Model\UserContextInterface
      * @return int number of deleted tokens
      */
-    public function deleteExpiredTokens($minutes, $userTypes)
+    public function deleteExpiredTokens($hours, $userTypes)
     {
-        if ($minutes > 0) {
+        if ($hours > 0) {
             $connection = $this->getConnection();
 
             $userTypeCondition = $connection->quoteInto('user_type IN (?)', $userTypes);
             $createdAtCondition = $connection->quoteInto(
                 'created_at <= ?',
-                $this->_dateTime->formatDate($this->date->gmtTimestamp() - $minutes * 60)
+                $this->_dateTime->formatDate($this->date->gmtTimestamp() - $hours * 60 * 60)
             );
             return $connection->delete(
                 $this->getMainTable(),

app/code/Magento/Integration/etc/adminhtml/system.xml

@@ -11,6 +11,17 @@
             <label>OAuth</label>
             <tab>service</tab>
             <resource>Magento_Integration::config_oauth</resource>
+            <group id="access_token_expiration_period" translate="label" type="text" sortOrder="100" showInDefault="1" showInWebsite="0" showInStore="0">
+                <label>Access Token Expiration</label>
+                <field id="customer" translate="label" type="text" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0" canRestore="1">
+                    <label>Customer Token Lifetime (hours)</label>
+                    <comment>We will disable this feature if the value is empty.</comment>
+                </field>
+                <field id="admin" translate="label" type="text" sortOrder="60" showInDefault="1" showInWebsite="0" showInStore="0" canRestore="1">
+                    <label>Admin Token Lifetime (hours)</label>
+                    <comment>We will disable this feature if the value is empty.</comment>
+                </field>
+            </group>
             <group id="cleanup" translate="label" type="text" sortOrder="300" showInDefault="1" showInWebsite="0" showInStore="0">
                 <label>Cleanup Settings</label>
                 <field id="cleanup_probability" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0" canRestore="1">
@@ -37,17 +48,6 @@
                     <comment>Timeout for OAuth consumer credentials Post request within X seconds.</comment>
                 </field>
             </group>
-            <group id="access_token_expiration_period" translate="label" type="text" sortOrder="600" showInDefault="1" showInWebsite="0" showInStore="0">
-                <label>Access Tokens Expiration Period</label>
-                <field id="customer" translate="label" type="text" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0" canRestore="1">
-                    <label>Customer Tokens</label>
-                    <comment>Customer access tokens will expire after X minutes after generation. Specify 0 to disable expiration (not recommended)</comment>
-                </field>
-                <field id="admin" translate="label" type="text" sortOrder="60" showInDefault="1" showInWebsite="0" showInStore="0" canRestore="1">
-                    <label>Admin Tokens</label>
-                    <comment>Admin access tokens will expire after X minutes after generation. Specify 0 to disable expiration (not recommended)</comment>
-                </field>
-            </group>
         </section>
     </system>
 </config>

app/code/Magento/Integration/etc/config.xml

@@ -22,8 +22,8 @@
                 <timeout>1800</timeout>
             </authentication_lock>
             <access_token_expiration_period>
-                <customer>259200</customer>
-                <admin>43200</admin>
+                <customer>1</customer>
+                <admin>4</admin>
             </access_token_expiration_period>
         </oauth>
     </default>

app/code/Magento/Integration/etc/crontab.xml

@@ -11,7 +11,7 @@
             <schedule>* * * * *</schedule>
         </job>
         <job name="expired_tokens_cleanup" instance="Magento\Integration\Cron\CleanExpiredTokens" method="execute">
-            <schedule>* * * * *</schedule>
+            <schedule>0 * * * *</schedule>
         </job>
     </group>
 </config>