FR: Make the credential test time configurable

[cornelinux]

In
https://github.com/owncloud/core/blob/master/lib/private/User/Session.php#L609
the owncloud core checks every 5 minutes, if the user still has the same credentials or is not locked.

This is bad for different reasons:

• In case of LDAP this will create load on the LDAP server every 5 minutes.
• In case you are using OTP with the backend (we are using an LDAP proxy, which allows bind requests with a one time password) this will result in being logged out after five minutes, since the password is not the same anymore.

Request

Please make this value configurable so that:

• it can be turned off
• it can be set to a much higher number like 8 hours.

[PVince81]

Makes sense. Do you have time to submit a PR ?

The value should be written in "oc_appconfig" under the "core" app I think.
Let me know if you need hints about how to access the config or so.

[cornelinux]

How much sense would this make? What would be the possible timeframe for this patch? (This is better to get an idea about my necessary efforts will fit)
I heard from @felixboehm there would be "other changes" to the ldap users.

Kind regards
Cornelius

[cornelinux]

Where would I configure the value in the UI?
Of course I could start with a hidden feature and need the admin to change this in the database :-)

[PVince81]

Hmmm good points.

I think this setting isn't specific for LDAP and applies to any other user backends. So far I think it does this for all backends even the ones that don't make sense because the password cannot change remotely.

Not sure if this setting is useful enough to expose to the UI so maybe start with having it hidden ? An admin can always use occ commands to get/set oc_appconfig values so we could just document that for now.

I don't see any timeframe for this as this is not currently a priority, so whenever you have time would be fine. That is unless someone else from the community wants to jump in and do it earlier.

[cornelinux]

I unterstand I could simply use

  last_check_timeout = intval($this->config->getAppValue('last_check_timeout', 5));
  if ($lastCheck > ($now - 60 * last_check_timeout)) {

and in the table oc_appconfig set something like

 | core                  | last_check_timeout                           | 480                                      |

to get only 8 hours.

Looks simple enough...

[cornelinux]

@PVince81 last question: To which branch should the pull request go to have it in 10.0.3 :-)

[phil-davis]

Original PRs always go to master. Then backporting can be discussed as appropriate.

[cornelinux]

thx!