From 6afe0a2b11d3847ae7148b8a41741619b849e12d Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Wed, 20 Jul 2022 10:19:58 +0200
Subject: [PATCH] Enforce minimum token refresh rate

---
 app/src/main/java/eu/faircode/email/GmailState.java    |  6 +++++-
 .../java/eu/faircode/email/ServiceAuthenticator.java   | 10 ++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/GmailState.java b/app/src/main/java/eu/faircode/email/GmailState.java
index 1fef8e0c90..93b338b986 100644
--- a/app/src/main/java/eu/faircode/email/GmailState.java
+++ b/app/src/main/java/eu/faircode/email/GmailState.java
@@ -62,14 +62,18 @@ public class GmailState {
 
     void refresh(@NonNull Context context, @NonNull String user, boolean expire, long keep_alive)
             throws AuthenticatorException, OperationCanceledException, IOException {
+        long now = new Date().getTime();
         Long expiration = getAccessTokenExpirationTime();
-        if (expiration != null && expiration - keep_alive < new Date().getTime()) {
+        if (expiration != null && expiration - keep_alive < now) {
             EntityLog.log(context, "Force invalidation" +
                     " expiration=" + new Date(expiration) +
                     " keep-alive=" + (keep_alive / 60 / 1000) + "m");
             expire = true;
         }
 
+        if (expiration != null && expiration - ServiceAuthenticator.MIN_EXPIRE_INTERVAL > now)
+            expire = false;
+
         if (expire)
             try {
                 if (token != null) {
diff --git a/app/src/main/java/eu/faircode/email/ServiceAuthenticator.java b/app/src/main/java/eu/faircode/email/ServiceAuthenticator.java
index 29724f4049..b655f1519e 100644
--- a/app/src/main/java/eu/faircode/email/ServiceAuthenticator.java
+++ b/app/src/main/java/eu/faircode/email/ServiceAuthenticator.java
@@ -56,6 +56,8 @@ public class ServiceAuthenticator extends Authenticator {
     static final int AUTH_TYPE_GMAIL = 2;
     static final int AUTH_TYPE_OAUTH = 3;
 
+    static final long MIN_EXPIRE_INTERVAL = 15 * 60 * 1000L;
+
     ServiceAuthenticator(
             Context context,
             int auth, String provider, int keep_alive,
@@ -150,14 +152,18 @@ public class ServiceAuthenticator extends Authenticator {
     private static void OAuthRefresh(Context context, String id, AuthState authState, boolean expire, long keep_alive)
             throws MessagingException {
         try {
+            long now = new Date().getTime();
             Long expiration = authState.getAccessTokenExpirationTime();
-            if (expiration != null && expiration - keep_alive < new Date().getTime()) {
+            if (expiration != null && expiration - keep_alive < now) {
                 EntityLog.log(context, "OAuth force refresh" +
                         " expiration=" + new Date(expiration) +
                         " keep_alive=" + (keep_alive / 60 / 1000) + "m");
-                authState.setNeedsTokenRefresh(true);
+                expire = true;
             }
 
+            if (expiration != null && expiration - MIN_EXPIRE_INTERVAL > now)
+                expire = false;
+
             if (expire)
                 authState.setNeedsTokenRefresh(true);