diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-10-08 11:52:45 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-08 11:52:45 +0200 |
| commit | 84a58957d558fbacb348af6910db263b05370ee2 (patch) | |
| tree | 052ab19186a07ed8f24f8f057f39e1212f357f21 | |
| parent | 759f47cba364566ebbf77ca3c662a253232f9d7d (diff) | |
| parent | 93756602541232a6154d9a96c725180d173672eb (diff) | |
| download | nextcloud-server-84a58957d558fbacb348af6910db263b05370ee2.tar.gz nextcloud-server-84a58957d558fbacb348af6910db263b05370ee2.zip | |
Merge pull request #23214 from nextcloud/backport/22937/stable19
[stable19] Allow configuring the activity update interval of token
| -rw-r--r-- | config/config.sample.php | 12 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 6 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php | 6 |
3 files changed, 23 insertions, 1 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index c099b81bd7c..16216bb75c6 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -270,6 +270,18 @@ $CONFIG = [ 'token_auth_enforced' => false, /** + * The interval at which token activity should be updated. + * Increasing this value means that the last activty on the security page gets + * more outdated. + * + * Tokens are still checked every 5 minutes for validity + * max value: 300 + * + * Defaults to ``300`` + */ +'token_auth_activity_update' => 60, + +/** * Whether the bruteforce protection shipped with Nextcloud should be enabled or not. * * Disabling this is discouraged for security reasons. diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index 17d6a351c8e..43d708c268a 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -214,9 +214,13 @@ class PublicKeyTokenProvider implements IProvider { if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException(); } + + $activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60); + $activityInterval = min(max($activityInterval, 0), 300); + /** @var DefaultToken $token */ $now = $this->time->getTime(); - if ($token->getLastActivity() < ($now - 60)) { + if ($token->getLastActivity() < ($now - $activityInterval)) { // Update token only once per minute $token->setLastActivity($now); $this->mapper->update($token); diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index 43ae0e9542c..eaffa905b9a 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase { public function testUpdateTokenDebounce() { $tk = new PublicKeyToken(); + + $this->config->method('getSystemValueInt') + ->willReturnCallback(function ($value, $default) { + return $default; + }); + $tk->setLastActivity($this->time - 30); $this->mapper->expects($this->never()) ->method('update') |