Add index on 'last_activity'

add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import

7 files changed, 42 insertions, 8 deletions

diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php
index 45e33e832b1..8a25ad9bb98 100644
--- a/core/Controller/TokenController.php
+++ b/core/Controller/TokenController.php
@@ -24,6 +24,7 @@ namespace OC\Core\Controller;
 
 use OC\AppFramework\Http;
 use OC\Authentication\Token\DefaultTokenProvider;
+use OC\Authentication\Token\IToken;
 use OC\User\Manager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\Response;
@@ -49,7 +50,7 @@ class TokenController extends Controller {
 	 * @param ISecureRandom $crypto
 	 */
 	public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider,
-			ISecureRandom $crypto) {
+		ISecureRandom $crypto) {
 		parent::__construct($appName, $request);
 		$this->userManager = $userManager;
 		$this->tokenProvider = $tokenProvider;
@@ -73,7 +74,7 @@ class TokenController extends Controller {
 			return new Response([], Http::STATUS_UNAUTHORIZED);
 		}
 		$token = $this->secureRandom->generate(128);
-		$this->tokenProvider->generateToken($token, $user, $password, $name);
+		$this->tokenProvider->generateToken($token, $user, $password, $name, IToken::PERMANENT_TOKEN);
 		return [
 			'token' => $token,
 		];
diff --git a/db_structure.xml b/db_structure.xml
index dcbf426e5b8..b78abe2974c 100644
--- a/db_structure.xml
+++ b/db_structure.xml
@@ -1080,6 +1080,15 @@
 			</field>
 
 			<field>
+				<name>type</name>
+				<type>integer</type>
+				<default>0</default>
+				<notnull>true</notnull>
+				<unsigned>true</unsigned>
+				<length>2</length>
+			</field>
+
+			<field>
 				<name>last_activity</name>
 				<type>integer</type>
 				<default>0</default>
@@ -1097,6 +1106,14 @@
 				</field>
 			</index>
 
+			<index>
+				<name>authtoken_last_activity_index</name>
+				<field>
+					<name>last_activity</name>
+					<sorting>ascending</sorting>
+				</field>
+			</index>
+
 		</declaration>
 	</table>
 
diff --git a/lib/private/Authentication/Token/DefaultToken.php b/lib/private/Authentication/Token/DefaultToken.php
index 6b859d7d063..78b5c2d6116 100644
--- a/lib/private/Authentication/Token/DefaultToken.php
+++ b/lib/private/Authentication/Token/DefaultToken.php
@@ -49,6 +49,11 @@ class DefaultToken extends Entity implements IToken {
 	/**
 	 * @var int
 	 */
+	protected $type;
+
+	/**
+	 * @var int
+	 */
 	protected $lastActivity;
 
 	public function getId() {
diff --git a/lib/private/Authentication/Token/DefaultTokenMapper.php b/lib/private/Authentication/Token/DefaultTokenMapper.php
index d54d2489399..f4d979183e6 100644
--- a/lib/private/Authentication/Token/DefaultTokenMapper.php
+++ b/lib/private/Authentication/Token/DefaultTokenMapper.php
@@ -50,9 +50,11 @@ class DefaultTokenMapper extends Mapper {
 	 */
 	public function invalidateOld($olderThan) {
 		$sql = 'DELETE FROM `' . $this->getTableName() . '` '
-			. 'WHERE `last_activity` < ?';
+			. 'WHERE `last_activity` < ? '
+			. 'AND `type` = ?';
 		$this->execute($sql, [
-			$olderThan
+			$olderThan,
+			IToken::TEMPORARY_TOKEN,
 		]);
 	}
 
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php
index b3564e0e81b..a4e44f3c5d2 100644
--- a/lib/private/Authentication/Token/DefaultTokenProvider.php
+++ b/lib/private/Authentication/Token/DefaultTokenProvider.php
@@ -61,14 +61,16 @@ class DefaultTokenProvider implements IProvider {
 	 * @param string $token
 	 * @param string $uid
 	 * @param string $password
+	 * @apram int $type token type
 	 * @return DefaultToken
 	 */
-	public function generateToken($token, $uid, $password, $name) {
+	public function generateToken($token, $uid, $password, $name, $type = IToken::TEMPORARY_TOKEN) {
 		$dbToken = new DefaultToken();
 		$dbToken->setUid($uid);
 		$dbToken->setPassword($this->encryptPassword($password, $token));
 		$dbToken->setName($name);
 		$dbToken->setToken($this->hashToken($token));
+		$dbToken->setType($type);
 		$dbToken->setLastActivity(time());
 
 		$this->mapper->insert($dbToken);
diff --git a/lib/private/Authentication/Token/IToken.php b/lib/private/Authentication/Token/IToken.php
index 10b54c0d2a8..549a1f98268 100644
--- a/lib/private/Authentication/Token/IToken.php
+++ b/lib/private/Authentication/Token/IToken.php
@@ -27,6 +27,9 @@ namespace OC\Authentication\Token;
  */
 interface IToken {
 
+	const TEMPORARY_TOKEN = 0;
+	const PERMANENT_TOKEN = 1;
+
 	/**
 	 * Get the token ID
 	 *
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 5d869a04ca2..976a2627735 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -38,7 +38,6 @@ use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\DefaultTokenProvider;
 use OC\Authentication\Token\IProvider;
 use OC\Hooks\Emitter;
-use OC\Session\Session;
 use OC_User;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCP\IRequest;
@@ -73,7 +72,7 @@ class Session implements IUserSession, Emitter {
 	private $manager;
 
 	/*
-	 * @var Session $session
+	 * @var ISession $session
 	 */
 	private $session;
 
@@ -219,7 +218,12 @@ class Session implements IUserSession, Emitter {
 		}
 
 		// Session is valid, so the token can be refreshed
-		$this->tokenProvider->updateToken($token);
+		// To save unnecessary DB queries, this is only done once a minute
+		$lastTokenUpdate = $this->session->get('last_token_update') ? : 0;
+		if ($lastTokenUpdate < (time () - 60)) {
+			$this->tokenProvider->updateToken($token);
+			$this->session->set('last_token_update', time());
+		}
 
 		return true;
 	}