wip

src/internet_identity/internet_identity.did

@@ -171,8 +171,6 @@ type InternetIdentityStats = record {
     };
     archive_info: ArchiveInfo;
     canister_creation_cycles_cost: nat64;
-    max_num_latest_delegation_origins: nat64;
-    latest_delegation_origins: vec FrontendHostname
 };
 
 // Configuration parameters related to the archive.

src/internet_identity/src/delegation.rs

@@ -2,7 +2,6 @@ use crate::activity_stats::event_stats::{
     update_event_based_stats, Event, EventData, PrepareDelegationEvent,
 };
 use crate::ii_domain::IIDomain;
-use crate::state::persistent_state_mut;
 use crate::{hash, state, update_root_hash, DAY_NS, MINUTE_NS};
 use candid::Principal;
 use canister_sig_util::signature_map::SignatureMap;
@@ -70,21 +69,18 @@ fn delegation_bookkeeping(
                 session_duration_ns,
             }),
         });
-        if ii_domain.is_some() {
-            update_latest_delegation_origins(frontend);
-        }
     }
 }
 
 /// Filter out derivation origins that most likely point to development setups.
-/// This is not bullet proof but given the data we collected so far it should be good for now.
+/// This is not bulletproof but given the data we collected so far it should be good for now.
 fn is_dev_frontend(frontend: &FrontendHostname) -> bool {
     if frontend.starts_with("http://") || frontend.contains("localhost") {
         // we don't care about insecure origins or localhost
         return true;
     }
 
-    // lets check for local IP addresses
+    // let's check for local IP addresses
     if let Some(hostname) = frontend
         .strip_prefix("https://")
         .and_then(|s| s.split(':').next())
@@ -98,35 +94,6 @@ fn is_dev_frontend(frontend: &FrontendHostname) -> bool {
     false
 }
 
-/// Add the current front-end to the list of latest used front-end origins.
-fn update_latest_delegation_origins(frontend: FrontendHostname) {
-    let now_ns = time();
-
-    persistent_state_mut(|persistent_state| {
-        let latest_delegation_origins = &mut persistent_state.latest_delegation_origins;
-
-        if let Some(timestamp_ns) = latest_delegation_origins.get_mut(&frontend) {
-            *timestamp_ns = now_ns;
-        } else {
-            latest_delegation_origins.insert(frontend, now_ns);
-        };
-
-        // drop entries older than 30 days
-        latest_delegation_origins.retain(|_, timestamp_ns| now_ns - *timestamp_ns < 30 * DAY_NS);
-
-        // if we still have too many entries, drop the oldest
-        if latest_delegation_origins.len() as u64
-            > persistent_state.max_num_latest_delegation_origins
-        {
-            // if this case is hit often (i.e. we routinely have more than 1000 entries), we should
-            // consider using a more efficient data structure
-            let mut values: Vec<_> = latest_delegation_origins.clone().into_iter().collect();
-            values.sort_by(|(_, timestamp_1), (_, timestamp_2)| timestamp_1.cmp(timestamp_2));
-            latest_delegation_origins.remove(&values[0].0);
-        };
-    });
-}
-
 pub fn get_delegation(
     anchor_number: AnchorNumber,
     frontend: FrontendHostname,

src/internet_identity/src/http/metrics.rs

@@ -229,12 +229,6 @@ fn persistent_state_metrics(
             .value(&[("type", "other")], counter.other_counter as f64)?;
         Ok(())
     })?;
-
-    w.encode_gauge(
-        "internet_identity_max_num_latest_delegation_origins",
-        persistent_state.max_num_latest_delegation_origins as f64,
-        "The maximum number of latest delegation origins that were used with II bound devices.",
-    )?;
     Ok(())
 }
 

src/internet_identity/src/main.rs

@@ -336,24 +336,12 @@ fn stats() -> InternetIdentityStats {
     let canister_creation_cycles_cost =
         state::persistent_state(|persistent_state| persistent_state.canister_creation_cycles_cost);
 
-    let (latest_delegation_origins, max_num_latest_delegation_origins) =
-        state::persistent_state(|persistent_state| {
-            let origins = persistent_state
-                .latest_delegation_origins
-                .keys()
-                .cloned()
-                .collect();
-            (origins, persistent_state.max_num_latest_delegation_origins)
-        });
-
     state::storage_borrow(|storage| InternetIdentityStats {
         assigned_user_number_range: storage.assigned_anchor_number_range(),
         users_registered: storage.anchor_count() as u64,
         archive_info,
         canister_creation_cycles_cost,
         storage_layout_version: storage.version(),
-        max_num_latest_delegation_origins,
-        latest_delegation_origins,
     })
 }
 
@@ -426,11 +414,6 @@ fn apply_install_arg(maybe_arg: Option<InternetIdentityInit>) {
                 persistent_state.registration_rate_limit = rate_limit;
             })
         }
-        if let Some(limit) = arg.max_num_latest_delegation_origins {
-            state::persistent_state_mut(|persistent_state| {
-                persistent_state.max_num_latest_delegation_origins = limit;
-            })
-        }
         if let Some(limit) = arg.max_inflight_captchas {
             state::persistent_state_mut(|persistent_state| {
                 persistent_state.max_inflight_captchas = limit;

src/internet_identity/src/state.rs

@@ -20,9 +20,6 @@ use std::time::Duration;
 
 mod temp_keys;
 
-/// Default value for max number of delegation origins to store in the list of latest used delegation origins
-pub const DEFAULT_MAX_DELEGATION_ORIGINS: u64 = 1000;
-
 /// Default value for max number of inflight captchas.
 pub const DEFAULT_MAX_INFLIGHT_CAPTCHAS: u64 = 500;
 
@@ -96,10 +93,6 @@ pub struct PersistentState {
     pub domain_active_anchor_stats: ActivityStats<DomainActiveAnchorCounter>,
     // Daily and monthly active authentication methods on the II domains.
     pub active_authn_method_stats: ActivityStats<AuthnMethodCounter>,
-    // Hashmap of last used delegation origins
-    pub latest_delegation_origins: HashMap<FrontendHostname, Timestamp>,
-    // Maximum number of latest delegation origins to store
-    pub max_num_latest_delegation_origins: u64,
     // Maximum number of inflight captchas
     pub max_inflight_captchas: u64,
 }
@@ -114,8 +107,6 @@ impl Default for PersistentState {
             active_anchor_stats: ActivityStats::new(time),
             domain_active_anchor_stats: ActivityStats::new(time),
             active_authn_method_stats: ActivityStats::new(time),
-            latest_delegation_origins: HashMap::new(),
-            max_num_latest_delegation_origins: DEFAULT_MAX_DELEGATION_ORIGINS,
             max_inflight_captchas: DEFAULT_MAX_INFLIGHT_CAPTCHAS,
         }
     }

src/internet_identity/src/storage/storable_persistent_state.rs

@@ -21,7 +21,9 @@ pub struct StorablePersistentState {
     active_anchor_stats: ActivityStats<ActiveAnchorCounter>,
     domain_active_anchor_stats: ActivityStats<DomainActiveAnchorCounter>,
     active_authn_method_stats: ActivityStats<AuthnMethodCounter>,
+    // unused, kept for stable memory compatibility
     latest_delegation_origins: HashMap<FrontendHostname, Timestamp>,
+    // unused, kept for stable memory compatibility
     max_num_latest_delegation_origins: u64,
     max_inflight_captchas: u64,
 }
@@ -53,8 +55,8 @@ impl From<PersistentState> for StorablePersistentState {
             active_anchor_stats: s.active_anchor_stats,
             domain_active_anchor_stats: s.domain_active_anchor_stats,
             active_authn_method_stats: s.active_authn_method_stats,
-            latest_delegation_origins: s.latest_delegation_origins,
-            max_num_latest_delegation_origins: s.max_num_latest_delegation_origins,
+            latest_delegation_origins: Default::default(),
+            max_num_latest_delegation_origins: 0,
             max_inflight_captchas: s.max_inflight_captchas,
         }
     }
@@ -69,8 +71,6 @@ impl From<StorablePersistentState> for PersistentState {
             active_anchor_stats: s.active_anchor_stats,
             domain_active_anchor_stats: s.domain_active_anchor_stats,
             active_authn_method_stats: s.active_authn_method_stats,
-            latest_delegation_origins: s.latest_delegation_origins,
-            max_num_latest_delegation_origins: s.max_num_latest_delegation_origins,
             max_inflight_captchas: s.max_inflight_captchas,
         }
     }
@@ -79,7 +79,7 @@ impl From<StorablePersistentState> for PersistentState {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::state::{DEFAULT_MAX_DELEGATION_ORIGINS, DEFAULT_MAX_INFLIGHT_CAPTCHAS};
+    use crate::state::{DEFAULT_MAX_INFLIGHT_CAPTCHAS};
     use std::time::Duration;
 
     #[test]
@@ -106,7 +106,7 @@ mod tests {
             domain_active_anchor_stats: ActivityStats::new(test_time),
             active_authn_method_stats: ActivityStats::new(test_time),
             latest_delegation_origins: HashMap::new(),
-            max_num_latest_delegation_origins: DEFAULT_MAX_DELEGATION_ORIGINS,
+            max_num_latest_delegation_origins: 0,
             max_inflight_captchas: DEFAULT_MAX_INFLIGHT_CAPTCHAS,
         };
 
@@ -122,8 +122,6 @@ mod tests {
             active_anchor_stats: ActivityStats::new(test_time),
             domain_active_anchor_stats: ActivityStats::new(test_time),
             active_authn_method_stats: ActivityStats::new(test_time),
-            latest_delegation_origins: HashMap::new(),
-            max_num_latest_delegation_origins: DEFAULT_MAX_DELEGATION_ORIGINS,
             max_inflight_captchas: DEFAULT_MAX_INFLIGHT_CAPTCHAS,
         };
         assert_eq!(PersistentState::default(), expected_defaults);

src/internet_identity/tests/integration/main.rs

@@ -9,7 +9,6 @@ mod anchor_management;
 mod archive_integration;
 mod delegation;
 mod http;
-mod latest_delegation_origins;
 mod rollback;
 mod stable_memory;
 mod upgrade;

src/internet_identity_interface/src/internet_identity/types.rs

@@ -207,8 +207,6 @@ pub struct InternetIdentityStats {
     pub archive_info: ArchiveInfo,
     pub canister_creation_cycles_cost: u64,
     pub storage_layout_version: u8,
-    pub max_num_latest_delegation_origins: u64,
-    pub latest_delegation_origins: Vec<FrontendHostname>,
 }
 
 /// Information about the archive.