mirror
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Limit force refresh OAuth tokens

This commit is contained in:
M66B 2022-07-20 20:34:05 +02:00
parent 425fe9fca2
commit 4b79f6bbee
2 changed files with 35 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/src/main/java/eu/faircode/email/GmailState.java
View File

@ -60,17 +60,27 @@ public class GmailState {
return acquired + TOKEN_LIFETIME;
}
void refresh(@NonNull Context context, @NonNull String user, boolean expire)
void refresh(@NonNull Context context, String id, @NonNull String user, boolean forceRefresh)
throws AuthenticatorException, OperationCanceledException, IOException {
long now = new Date().getTime();
Long expiration = getAccessTokenExpirationTime();
if (expiration != null && expiration - ServiceAuthenticator.MIN_EXPIRE_INTERVAL > now)
expire = false;
boolean needsRefresh = (expiration != null && expiration < now);
if (expire)
if (!needsRefresh && forceRefresh &&
expiration != null &&
expiration - ServiceAuthenticator.MIN_FORCE_REFRESH_INTERVAL < now)
needsRefresh = true;
EntityLog.log(context, EntityLog.Type.Debug, "Token user=" + id + ":" + user +
" expiration=" + (expiration == null ? null : new Date(expiration)) +
" need=" + needsRefresh +
" force=" + forceRefresh);
if (needsRefresh)
try {
if (token != null) {
EntityLog.log(context, "Invalidating token user=" + user);
EntityLog.log(context, "Invalidating token user=" + id + ":" + user);
AccountManager am = AccountManager.get(context);
am.invalidateAuthToken(TYPE_GOOGLE, token);
}
@ -82,9 +92,9 @@ public class GmailState {
Account account = getAccount(context, user.replace("recent:", ""));
if (account == null)
throw new AuthenticatorException("Account not found for " + user);
throw new AuthenticatorException("Account not found for " + id + ":" + user);
EntityLog.log(context, "Getting token user=" + user);
EntityLog.log(context, "Getting token user=" + id + ":" + user);
AccountManager am = AccountManager.get(context);
String newToken = am.blockingGetAuthToken(
account,
@ -97,7 +107,7 @@ public class GmailState {
}
if (token == null)
throw new AuthenticatorException("No token for " + user);
throw new AuthenticatorException("No token for " + id + ":" + user);
}
static Account getAccount(Context context, String user) {

28
app/src/main/java/eu/faircode/email/ServiceAuthenticator.java
View File

@ -55,7 +55,7 @@ public class ServiceAuthenticator extends Authenticator {
static final int AUTH_TYPE_GMAIL = 2;
static final int AUTH_TYPE_OAUTH = 3;
static final long MIN_EXPIRE_INTERVAL = 15 * 60 * 1000L;
static final long MIN_FORCE_REFRESH_INTERVAL = 15 * 60 * 1000L;
ServiceAuthenticator(
Context context,
@ -88,10 +88,10 @@ public class ServiceAuthenticator extends Authenticator {
return new PasswordAuthentication(user, token);
}
String refreshToken(boolean expire) throws AuthenticatorException, OperationCanceledException, IOException, JSONException, MessagingException {
String refreshToken(boolean forceRefresh) throws AuthenticatorException, OperationCanceledException, IOException, JSONException, MessagingException {
if (auth == AUTH_TYPE_GMAIL) {
GmailState authState = GmailState.jsonDeserialize(password);
authState.refresh(context, user, expire);
authState.refresh(context, "android", user, forceRefresh);
Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null)
EntityLog.log(context, user + " token expiration=" + new Date(expiration));
@ -106,7 +106,7 @@ public class ServiceAuthenticator extends Authenticator {
return authState.getAccessToken();
} else if (auth == AUTH_TYPE_OAUTH && provider != null) {
AuthState authState = AuthState.jsonDeserialize(password);
OAuthRefresh(context, provider, authState, expire);
OAuthRefresh(context, provider, user, authState, forceRefresh);
Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null)
EntityLog.log(context, user + " token expiration=" + new Date(expiration));
@ -142,7 +142,7 @@ public class ServiceAuthenticator extends Authenticator {
void onPasswordChanged(Context context, String newPassword);
}
private static void OAuthRefresh(Context context, String id, AuthState authState, boolean expire)
private static void OAuthRefresh(Context context, String id, String user, AuthState authState, boolean forceRefresh)
throws MessagingException {
try {
if ("gmail".equals(id) && !BuildConfig.DEBUG)
@ -150,12 +150,18 @@ public class ServiceAuthenticator extends Authenticator {
long now = new Date().getTime();
Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null && expiration - MIN_EXPIRE_INTERVAL > now)
expire = false;
boolean needsRefresh = (expiration != null && expiration < now);
if (expire)
if (!needsRefresh && forceRefresh &&
expiration != null &&
expiration - ServiceAuthenticator.MIN_FORCE_REFRESH_INTERVAL < now)
authState.setNeedsTokenRefresh(true);
EntityLog.log(context, EntityLog.Type.Debug, "Token user=" + id + ":" + user +
" expiration=" + (expiration == null ? null : new Date(expiration)) +
" need=" + needsRefresh + "/" + authState.getNeedsTokenRefresh() +
" force=" + forceRefresh);
ClientAuthentication clientAuth;
EmailProvider provider = EmailProvider.getProvider(context, id);
if (provider.oauth.clientSecret == null)
@ -166,7 +172,7 @@ public class ServiceAuthenticator extends Authenticator {
ErrorHolder holder = new ErrorHolder();
Semaphore semaphore = new Semaphore(0);
Log.i("OAuth refresh id=" + id);
Log.i("OAuth refresh user=" + id + ":" + user);
AuthorizationService authService = new AuthorizationService(context);
authState.performActionWithFreshTokens(
authService,
@ -181,12 +187,12 @@ public class ServiceAuthenticator extends Authenticator {
});
semaphore.acquire();
Log.i("OAuth refreshed id=" + id);
Log.i("OAuth refreshed user=" + id + ":" + user);
if (holder.error != null)
throw holder.error;
} catch (Exception ex) {
throw new MessagingException("OAuth refresh id=" + id, ex);
throw new MessagingException("OAuth refresh id=" + id + ":" + user, ex);
}
}