diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-09-18 12:34:43 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-10-04 09:31:41 +0200 |
| commit | 76a7600e2e8ee239c2f7dd19e8b3d1e86f7c5362 (patch) | |
| tree | f7220f0796998a1f7b19cb0e5192b0f28dd5fc35 | |
| parent | eba83d22bbcf45caf400704b8794acce180c5ba9 (diff) | |
| download | nextcloud-server-76a7600e2e8ee239c2f7dd19e8b3d1e86f7c5362.tar.gz nextcloud-server-76a7600e2e8ee239c2f7dd19e8b3d1e86f7c5362.zip | |
Allow configuring the activity update interval of token
On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| -rw-r--r-- | config/config.sample.php | 12 | ||||
| -rw-r--r-- | lib/private/Authentication/Token/PublicKeyTokenProvider.php | 6 | ||||
| -rw-r--r-- | tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php | 6 |
3 files changed, 23 insertions, 1 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 61d7130660d..2710fbf5fdb 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -270,6 +270,18 @@ $CONFIG = [ 'token_auth_enforced' => false, /** + * The interval at which token activity should be updated. + * Increasing this value means that the last activty on the security page gets + * more outdated. + * + * Tokens are still checked every 5 minutes for validity + * max value: 300 + * + * Defaults to ``300`` + */ +'token_auth_activity_update' => 60, + +/** * Whether the bruteforce protection shipped with Nextcloud should be enabled or not. * * Disabling this is discouraged for security reasons. diff --git a/lib/private/Authentication/Token/PublicKeyTokenProvider.php b/lib/private/Authentication/Token/PublicKeyTokenProvider.php index cd2fca5dec8..a6498ca9923 100644 --- a/lib/private/Authentication/Token/PublicKeyTokenProvider.php +++ b/lib/private/Authentication/Token/PublicKeyTokenProvider.php @@ -215,9 +215,13 @@ class PublicKeyTokenProvider implements IProvider { if (!($token instanceof PublicKeyToken)) { throw new InvalidTokenException("Invalid token type"); } + + $activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60); + $activityInterval = min(max($activityInterval, 0), 300); + /** @var DefaultToken $token */ $now = $this->time->getTime(); - if ($token->getLastActivity() < ($now - 60)) { + if ($token->getLastActivity() < ($now - $activityInterval)) { // Update token only once per minute $token->setLastActivity($now); $this->mapper->update($token); diff --git a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php index c16ee7b818e..a815025a509 100644 --- a/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php +++ b/tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php @@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase { public function testUpdateTokenDebounce() { $tk = new PublicKeyToken(); + + $this->config->method('getSystemValueInt') + ->willReturnCallback(function ($value, $default) { + return $default; + }); + $tk->setLastActivity($this->time - 30); $this->mapper->expects($this->never()) ->method('update') |