When a push expires, the password (payload) is deleted immediately from the database. What remains is the push record with its metadata (expire settings) and the audit logs for this push.

The following background tasks help in expiring pushes and deleting old records that are no longer needed.

Terminology

Push - one record in the Push table and its related audit log. This includes the payload and the metadata about the push such as expiration settings.

Payload - The sensitive data posted by the user. e.g. The password, text, file(s) and reference note.

Periodic Expiration & Cleanup

Password Pusher bundles background tasks that can be run periodically on your instance to:

  1. run through all unexpired pushes, validate and conditionally expire them
  2. delete expired and anonymous records

Running the Background Tasks

Running via the Administration Dashboard

The built-in Administration Dashboard has a “Background Jobs” area.

From this page, you can run background jobs manually. If using the pwpush-worker container, this happens automatically. Work in this area is still being done.

Running Manually

Note: The ability to manually run these jobs as described below may be removed in the near future as the new jobs have been moved to a background job framework that is easier to access, manage and automate. If this does happen, I’ll provide alternative instructions to manually run jobs if it’s needed.

These tasks live in lib/tasks/pwpush.rake and can be run as follows:

/opt/PasswordPusher/bin/pwpush daily_expiration
/opt/PasswordPusher/bin/pwpush delete_expired_and_anonymous

Heroku Example:

heroku run --app=mypwp pwpush daily_expiration
heroku run --app=mypwp pwpush delete_expired_and_anonymous

Notes

  • These tasks will delete unnecessary data from your Password Pusher instance. You should make a backup of your data as a precaution before running these tasks. I run these tasks daily on pwpush.com so they are tested and reliable.

  • When a user requests to see a secret URL of an unexpired push, the application first validates if that password should be expired by re-validating the expiration settings. If the push is past it’s expiration, the push payload is deleted from the database and the user gets the “This secret link has expired” message. The daily_expiration task serves to expire passwords preemptively which saves on some CPU and database calls ahead of time.

  • The secret URLs for deleted records will still show the “This Secret Link Has Expired” message as that is the default even when the secret URL is not found. This is done for two reasons:

    1. To hide the fact if a push ever existed at a certain secret URL
    2. We don’t want data for expired anonymous pushes so we delete it and show the “This Secret Link Has Expired” message as default so that old secret URLs will still be correct with the expiration message.

  • Pushes that are owned by logged in users are never deleted (although their payload may have been) by these tasks so that audit logs can be maintained.

  • More strategy and reasoning is available in the task definitions to further explain the how and why it works this way

Maintenance Mode

Maintenance mode is a mode in which the application refuses to serve pages and instead displays a maintenance page for all request paths.

This is useful if you have to perform maintenance on your instance or if you would like to block access for a certain amount of time.

Enabling & Disabling

To enable, proceed to step 4 here and run the following command:

./bin/rake maintenance:start

and to end the maintenance:

./bin/rake maintenance:end

More Info

This functionality is implemented using the turnout2024 gem. More features, options and commands are available on that page.

Updated: