Merge pull request #17463 from nextcloud/enh/token/cache

Cache the public key tokens
This commit is contained in:
Roeland Jago Douma 2019-10-08 20:52:24 +02:00 committed by GitHub
commit 77d16990a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 42 additions and 5 deletions

View File

@ -27,6 +27,7 @@ use OC\Authentication\Exceptions\ExpiredTokenException;
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Exceptions\WipeTokenException;
use OC\Cache\CappedMemoryCache;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IConfig;
@ -49,6 +50,9 @@ class PublicKeyTokenProvider implements IProvider {
/** @var ITimeFactory $time */
private $time;
/** @var CappedMemoryCache */
private $cache;
public function __construct(PublicKeyTokenMapper $mapper,
ICrypto $crypto,
IConfig $config,
@ -59,6 +63,8 @@ class PublicKeyTokenProvider implements IProvider {
$this->config = $config;
$this->logger = $logger;
$this->time = $time;
$this->cache = new CappedMemoryCache();
}
/**
@ -72,17 +78,26 @@ class PublicKeyTokenProvider implements IProvider {
int $type = IToken::TEMPORARY_TOKEN,
int $remember = IToken::DO_NOT_REMEMBER): IToken {
$dbToken = $this->newToken($token, $uid, $loginName, $password, $name, $type, $remember);
$this->mapper->insert($dbToken);
// Add the token to the cache
$this->cache[$dbToken->getToken()] = $dbToken;
return $dbToken;
}
public function getToken(string $tokenId): IToken {
try {
$token = $this->mapper->getToken($this->hashToken($tokenId));
} catch (DoesNotExistException $ex) {
throw new InvalidTokenException();
$tokenHash = $this->hashToken($tokenId);
if (isset($this->cache[$tokenHash])) {
$token = $this->cache[$tokenHash];
} else {
try {
$token = $this->mapper->getToken($this->hashToken($tokenId));
$this->cache[$token->getToken()] = $token;
} catch (DoesNotExistException $ex) {
throw new InvalidTokenException();
}
}
if ((int)$token->getExpires() !== 0 && $token->getExpires() < $this->time->getTime()) {
@ -115,6 +130,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function renewSessionToken(string $oldSessionId, string $sessionId) {
$this->cache->clear();
$token = $this->getToken($oldSessionId);
if (!($token instanceof PublicKeyToken)) {
@ -141,14 +158,20 @@ class PublicKeyTokenProvider implements IProvider {
}
public function invalidateToken(string $token) {
$this->cache->clear();
$this->mapper->invalidate($this->hashToken($token));
}
public function invalidateTokenById(string $uid, int $id) {
$this->cache->clear();
$this->mapper->deleteById($uid, $id);
}
public function invalidateOldTokens() {
$this->cache->clear();
$olderThan = $this->time->getTime() - (int) $this->config->getSystemValue('session_lifetime', 60 * 60 * 24);
$this->logger->debug('Invalidating session tokens older than ' . date('c', $olderThan), ['app' => 'cron']);
$this->mapper->invalidateOld($olderThan, IToken::DO_NOT_REMEMBER);
@ -158,6 +181,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function updateToken(IToken $token) {
$this->cache->clear();
if (!($token instanceof PublicKeyToken)) {
throw new InvalidTokenException();
}
@ -165,6 +190,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function updateTokenActivity(IToken $token) {
$this->cache->clear();
if (!($token instanceof PublicKeyToken)) {
throw new InvalidTokenException();
}
@ -198,6 +225,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function setPassword(IToken $token, string $tokenId, string $password) {
$this->cache->clear();
if (!($token instanceof PublicKeyToken)) {
throw new InvalidTokenException();
}
@ -215,6 +244,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function rotate(IToken $token, string $oldTokenId, string $newTokenId): IToken {
$this->cache->clear();
if (!($token instanceof PublicKeyToken)) {
throw new InvalidTokenException();
}
@ -274,6 +305,8 @@ class PublicKeyTokenProvider implements IProvider {
* @throws \RuntimeException when OpenSSL reports a problem
*/
public function convertToken(DefaultToken $defaultToken, string $token, $password): PublicKeyToken {
$this->cache->clear();
$pkToken = $this->newToken(
$token,
$defaultToken->getUID(),
@ -344,6 +377,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function markPasswordInvalid(IToken $token, string $tokenId) {
$this->cache->clear();
if (!($token instanceof PublicKeyToken)) {
throw new InvalidTokenException();
}
@ -353,6 +388,8 @@ class PublicKeyTokenProvider implements IProvider {
}
public function updatePasswords(string $uid, string $password) {
$this->cache->clear();
if (!$this->mapper->hasExpiredTokens($uid)) {
// Nothing to do here
return;