Merge pull request #22937 from nextcloud/enh/allow_configuring_token_auth_activity_interval

Allow configuring the activity update interval of token

config/config.sample.php

@@ -269,6 +269,18 @@ $CONFIG = [
  */
 'token_auth_enforced' => false,
 
+/**
+ * The interval at which token activity should be updated.
+ * Increasing this value means that the last activty on the security page gets
+ * more outdated.
+ *
+ * Tokens are still checked every 5 minutes for validity
+ * max value: 300
+ *
+ * Defaults to ``300``
+ */
+'token_auth_activity_update' => 60,
+
 /**
  * Whether the bruteforce protection shipped with Nextcloud should be enabled or not.
  *

lib/private/Authentication/Token/PublicKeyTokenProvider.php

@@ -215,9 +215,13 @@ class PublicKeyTokenProvider implements IProvider {
 		if (!($token instanceof PublicKeyToken)) {
 			throw new InvalidTokenException("Invalid token type");
 		}
+
+		$activityInterval = $this->config->getSystemValueInt('token_auth_activity_update', 60);
+		$activityInterval = min(max($activityInterval, 0), 300);
+
 		/** @var DefaultToken $token */
 		$now = $this->time->getTime();
-		if ($token->getLastActivity() < ($now - 60)) {
+		if ($token->getLastActivity() < ($now - $activityInterval)) {
 			// Update token only once per minute
 			$token->setLastActivity($now);
 			$this->mapper->update($token);

tests/lib/Authentication/Token/PublicKeyTokenProviderTest.php

@@ -112,6 +112,12 @@ class PublicKeyTokenProviderTest extends TestCase {
 
 	public function testUpdateTokenDebounce() {
 		$tk = new PublicKeyToken();
+
+		$this->config->method('getSystemValueInt')
+			->willReturnCallback(function ($value, $default) {
+				return $default;
+			});
+
 		$tk->setLastActivity($this->time - 30);
 		$this->mapper->expects($this->never())
 			->method('update')