Allow configuring the activity update interval of token

On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

diff --git a/config/config.sample.php b/config/config.sample.php
index 61d7130660d205dcae31f2dd47a677b345db887d..2710fbf5fdb5b6018bada6dc3e5a871563558fb3 100644 (file)
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -269,6 +269,18 @@ $CONFIG = [
  */
 'token_auth_enforced' => false,
 
+/**
+ * The interval at which token activity should be updated.
+ * Increasing this value means that the last activty on the security page gets
+ * more outdated.
+ *
+ * Tokens are still checked every 5 minutes for validity
+ * max value: 300
+ *
+ * Defaults to ``300``
+ */
+'token_auth_activity_update' => 60,
+
 /**
  * Whether the bruteforce protection shipped with Nextcloud should be enabled or not.
  *

diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
index cd2fca5dec80d6907670080a06e53753745427d0..a6498ca99232ee4662f5f5e2bc7dbe93dede7570 100644 (file)
--- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php
+++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php
@@ -215,9 +215,13 @@ class PublicKeyTokenProvider implements IProvider {
                if (!($token instanceof PublicKeyToken)) {
                        throw new InvalidTokenException("Invalid token type");
                }
+
+               $activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60);
+               $activityInterval = min(max($activityInterval, 0), 300);
+
                /** @var DefaultToken $token */
                $now = $this->time->getTime();
-               if ($token->getLastActivity() < ($now - 60)) {
+               if ($token->getLastActivity() < ($now - $activityInterval)) {
                        // Update token only once per minute
                        $token->setLastActivity($now);
                        $this->mapper->update($token);

diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
index c16ee7b818e4b60adce78e8e59e37e02b5b9ee25..a815025a50929865fcd0145f38967f44b66b9481 100644 (file)
--- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
+++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php
@@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase {
 
        public function testUpdateTokenDebounce() {
                $tk = new PublicKeyToken();
+
+               $this->config->method('getSystemValueInt')
+                       ->willReturnCallback(function ($value, $default) {
+                               return $default;
+                       });
+
                $tk->setLastActivity($this->time - 30);
                $this->mapper->expects($this->never())
                        ->method('update')