From e0bc29d90720a60a9d6de4bde8f4c4da05bbc696 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 18 Sep 2020 12:34:43 +0200
Subject: [PATCH] Allow configuring the activity update interval of token

On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 config/config.sample.php                             | 12 ++++++++++++
 .../Authentication/Token/PublicKeyTokenProvider.php  |  6 +++++-
 .../Token/PublicKeyTokenProviderTest.php             |  6 ++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index 61d7130660..2710fbf5fd 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -269,6 +269,18 @@ $CONFIG = [
  */
 'token_auth_enforced' => false,
 
+/**
+ * The interval at which token activity should be updated.
+ * Increasing this value means that the last activty on the security page gets
+ * more outdated.
+ *
+ * Tokens are still checked every 5 minutes for validity
+ * max value: 300
+ *
+ * Defaults to ``300``
+ */
+'token_auth_activity_update' => 60,
+
 /**
  * Whether the bruteforce protection shipped with Nextcloud should be enabled or not.
  *
diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index cd2fca5dec..a6498ca992 100644
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -215,9 +215,13 @@ class PublicKeyTokenProvider implements IProvider {
 		if (!($token instanceof PublicKeyToken)) {
 			throw new InvalidTokenException("Invalid token type");
 		}
+
+		$activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60);
+		$activityInterval = min(max($activityInterval, 0), 300);
+
 		/** @var DefaultToken $token */
 		$now = $this->time->getTime();
-		if ($token->getLastActivity() < ($now - 60)) {
+		if ($token->getLastActivity() < ($now - $activityInterval)) {
 			// Update token only once per minute
 			$token->setLastActivity($now);
 			$this->mapper->update($token);
diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
index c16ee7b818..a815025a50 100644
--- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
+++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
@@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase {
 
 	public function testUpdateTokenDebounce() {
 		$tk = new PublicKeyToken();
+
+		$this->config->method('getSystemValueInt')
+			->willReturnCallback(function ($value, $default) {
+				return $default;
+			});
+
 		$tk->setLastActivity($this->time - 30);
 		$this->mapper->expects($this->never())
 			->method('update')