From 76a7600e2e8ee239c2f7dd19e8b3d1e86f7c5362 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Fri, 18 Sep 2020 12:34:43 +0200 Subject: [PATCH] Allow configuring the activity update interval of token On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma --- config/config.sample.php | 12 ++++++++++++ .../Authentication/Token/PublicKeyTokenProvider.php | 6 +++++- .../Token/PublicKeyTokenProviderTest.php | 6 ++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/config/config.sample.php b/config/config.sample.php index 61d7130660..2710fbf5fd 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -269,6 +269,18 @@ $CONFIG = [ */ 'token_auth_enforced' => false, +/** + * The interval at which token activity should be updated. + * Increasing this value means that the last activty on the security page gets + * more outdated. + * + * Tokens are still checked every 5 minutes for validity + * max value: 300 + * + * Defaults to ``300`` + */ +'token_auth_activity_update' => 60, + /** * Whether the bruteforce protection shipped with Nextcloud should be enabled or not. * diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index cd2fca5dec..a6498ca992 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -215,9 +215,13 @@ class PublicKeyTokenProvider implements IProvider { if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException("Invalid token type"); } + + $activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60); + $activityInterval = min(max($activityInterval, 0), 300); + /** @var DefaultToken $token */ $now = $this->time->getTime(); - if ($token->getLastActivity() < ($now - 60)) { + if ($token->getLastActivity() < ($now - $activityInterval)) { // Update token only once per minute $token->setLastActivity($now); $this->mapper->update($token); diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index c16ee7b818..a815025a50 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase { public function testUpdateTokenDebounce() { $tk = new PublicKeyToken(); + + $this->config->method('getSystemValueInt') + ->willReturnCallback(function ($value, $default) { + return $default; + }); + $tk->setLastActivity($this->time - 30); $this->mapper->expects($this->never()) ->method('update')