mirror
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Limit force refresh OAuth tokens

This commit is contained in:
M66B 2022-07-20 20:34:05 +02:00
parent 425fe9fca2
commit 4b79f6bbee
2 changed files with 35 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/src/main/java/eu/faircode/email/GmailState.java
View File

@ -60,17 +60,27 @@ public class GmailState {
return acquired + TOKEN_LIFETIME; return acquired + TOKEN_LIFETIME;
} }
void refresh(@NonNull Context context, @NonNull String user, boolean expire) void refresh(@NonNull Context context, String id, @NonNull String user, boolean forceRefresh)
throws AuthenticatorException, OperationCanceledException, IOException { throws AuthenticatorException, OperationCanceledException, IOException {
long now = new Date().getTime(); long now = new Date().getTime();
Long expiration = getAccessTokenExpirationTime(); Long expiration = getAccessTokenExpirationTime();
if (expiration != null && expiration - ServiceAuthenticator.MIN_EXPIRE_INTERVAL > now) boolean needsRefresh = (expiration != null && expiration < now);
expire = false;
if (expire) if (!needsRefresh && forceRefresh &&
expiration != null &&
expiration - ServiceAuthenticator.MIN_FORCE_REFRESH_INTERVAL < now)
needsRefresh = true;
EntityLog.log(context, EntityLog.Type.Debug, "Token user=" + id + ":" + user +
" expiration=" + (expiration == null ? null : new Date(expiration)) +
" need=" + needsRefresh +
" force=" + forceRefresh);
if (needsRefresh)
try { try {
if (token != null) { if (token != null) {
EntityLog.log(context, "Invalidating token user=" + user); EntityLog.log(context, "Invalidating token user=" + id + ":" + user);
AccountManager am = AccountManager.get(context); AccountManager am = AccountManager.get(context);
am.invalidateAuthToken(TYPE_GOOGLE, token); am.invalidateAuthToken(TYPE_GOOGLE, token);
} }
@ -82,9 +92,9 @@ public class GmailState {
Account account = getAccount(context, user.replace("recent:", "")); Account account = getAccount(context, user.replace("recent:", ""));
if (account == null) if (account == null)
throw new AuthenticatorException("Account not found for " + user); throw new AuthenticatorException("Account not found for " + id + ":" + user);
EntityLog.log(context, "Getting token user=" + user); EntityLog.log(context, "Getting token user=" + id + ":" + user);
AccountManager am = AccountManager.get(context); AccountManager am = AccountManager.get(context);
String newToken = am.blockingGetAuthToken( String newToken = am.blockingGetAuthToken(
account, account,
@ -97,7 +107,7 @@ public class GmailState {
} }
if (token == null) if (token == null)
throw new AuthenticatorException("No token for " + user); throw new AuthenticatorException("No token for " + id + ":" + user);
} }
static Account getAccount(Context context, String user) { static Account getAccount(Context context, String user) {

28
app/src/main/java/eu/faircode/email/ServiceAuthenticator.java
View File

@ -55,7 +55,7 @@ public class ServiceAuthenticator extends Authenticator {
static final int AUTH_TYPE_GMAIL = 2; static final int AUTH_TYPE_GMAIL = 2;
static final int AUTH_TYPE_OAUTH = 3; static final int AUTH_TYPE_OAUTH = 3;
static final long MIN_EXPIRE_INTERVAL = 15 * 60 * 1000L; static final long MIN_FORCE_REFRESH_INTERVAL = 15 * 60 * 1000L;
ServiceAuthenticator( ServiceAuthenticator(
Context context, Context context,
@ -88,10 +88,10 @@ public class ServiceAuthenticator extends Authenticator {
return new PasswordAuthentication(user, token); return new PasswordAuthentication(user, token);
} }
String refreshToken(boolean expire) throws AuthenticatorException, OperationCanceledException, IOException, JSONException, MessagingException { String refreshToken(boolean forceRefresh) throws AuthenticatorException, OperationCanceledException, IOException, JSONException, MessagingException {
if (auth == AUTH_TYPE_GMAIL) { if (auth == AUTH_TYPE_GMAIL) {
GmailState authState = GmailState.jsonDeserialize(password); GmailState authState = GmailState.jsonDeserialize(password);
authState.refresh(context, user, expire); authState.refresh(context, "android", user, forceRefresh);
Long expiration = authState.getAccessTokenExpirationTime(); Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null) if (expiration != null)
EntityLog.log(context, user + " token expiration=" + new Date(expiration)); EntityLog.log(context, user + " token expiration=" + new Date(expiration));
@ -106,7 +106,7 @@ public class ServiceAuthenticator extends Authenticator {
return authState.getAccessToken(); return authState.getAccessToken();
} else if (auth == AUTH_TYPE_OAUTH && provider != null) { } else if (auth == AUTH_TYPE_OAUTH && provider != null) {
AuthState authState = AuthState.jsonDeserialize(password); AuthState authState = AuthState.jsonDeserialize(password);
OAuthRefresh(context, provider, authState, expire); OAuthRefresh(context, provider, user, authState, forceRefresh);
Long expiration = authState.getAccessTokenExpirationTime(); Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null) if (expiration != null)
EntityLog.log(context, user + " token expiration=" + new Date(expiration)); EntityLog.log(context, user + " token expiration=" + new Date(expiration));
@ -142,7 +142,7 @@ public class ServiceAuthenticator extends Authenticator {
void onPasswordChanged(Context context, String newPassword); void onPasswordChanged(Context context, String newPassword);
} }
private static void OAuthRefresh(Context context, String id, AuthState authState, boolean expire) private static void OAuthRefresh(Context context, String id, String user, AuthState authState, boolean forceRefresh)
throws MessagingException { throws MessagingException {
try { try {
if ("gmail".equals(id) && !BuildConfig.DEBUG) if ("gmail".equals(id) && !BuildConfig.DEBUG)
@ -150,12 +150,18 @@ public class ServiceAuthenticator extends Authenticator {
long now = new Date().getTime(); long now = new Date().getTime();
Long expiration = authState.getAccessTokenExpirationTime(); Long expiration = authState.getAccessTokenExpirationTime();
if (expiration != null && expiration - MIN_EXPIRE_INTERVAL > now) boolean needsRefresh = (expiration != null && expiration < now);
expire = false;
if (expire) if (!needsRefresh && forceRefresh &&
expiration != null &&
expiration - ServiceAuthenticator.MIN_FORCE_REFRESH_INTERVAL < now)
authState.setNeedsTokenRefresh(true); authState.setNeedsTokenRefresh(true);
EntityLog.log(context, EntityLog.Type.Debug, "Token user=" + id + ":" + user +
" expiration=" + (expiration == null ? null : new Date(expiration)) +
" need=" + needsRefresh + "/" + authState.getNeedsTokenRefresh() +
" force=" + forceRefresh);
ClientAuthentication clientAuth; ClientAuthentication clientAuth;
EmailProvider provider = EmailProvider.getProvider(context, id); EmailProvider provider = EmailProvider.getProvider(context, id);
if (provider.oauth.clientSecret == null) if (provider.oauth.clientSecret == null)
@ -166,7 +172,7 @@ public class ServiceAuthenticator extends Authenticator {
ErrorHolder holder = new ErrorHolder(); ErrorHolder holder = new ErrorHolder();
Semaphore semaphore = new Semaphore(0); Semaphore semaphore = new Semaphore(0);
Log.i("OAuth refresh id=" + id); Log.i("OAuth refresh user=" + id + ":" + user);
AuthorizationService authService = new AuthorizationService(context); AuthorizationService authService = new AuthorizationService(context);
authState.performActionWithFreshTokens( authState.performActionWithFreshTokens(
authService, authService,
@ -181,12 +187,12 @@ public class ServiceAuthenticator extends Authenticator {
}); });
semaphore.acquire(); semaphore.acquire();
Log.i("OAuth refreshed id=" + id); Log.i("OAuth refreshed user=" + id + ":" + user);
if (holder.error != null) if (holder.error != null)
throw holder.error; throw holder.error;
} catch (Exception ex) { } catch (Exception ex) {
throw new MessagingException("OAuth refresh id=" + id, ex); throw new MessagingException("OAuth refresh id=" + id + ":" + user, ex);
} }
} }