Exposed leeway setting in the JWT library

appinfo/application.php

@@ -102,6 +102,8 @@ public function register(IRegistrationContext $context): void {
         if (!class_exists('\\Firebase\\JWT\\JWT')) {
             require_once __DIR__ . "/../3rdparty/jwt/JWT.php";
         }
+	// Set the leeway for the JWT library in case the system clock is a second off
+        \Firebase\JWT\JWT::$leeway = $this->appConfig->GetJwtLeeway();
 
         $context->registerService("L10N", function (ContainerInterface $c) {
             return $c->get("ServerContainer")->getL10N($c->get("AppName"));

controller/settingscontroller.php

@@ -130,7 +130,8 @@ public function index() {
             "tagsEnabled" => \OC::$server->getAppManager()->isEnabledForUser("systemtags"),
             "reviewDisplay" => $this->config->GetCustomizationReviewDisplay(),
             "theme" => $this->config->GetCustomizationTheme(),
-            "templates" => $this->GetGlobalTemplates()
+            "templates" => $this->GetGlobalTemplates(),
+            "jwtLeeway" => $this->config->GetJwtLeeway()
         ];
         return new TemplateResponse($this->appName, "settings", $data, "blank");
     }
@@ -152,7 +153,8 @@ public function SaveAddress($documentserver,
                                     $storageUrl,
                                     $verifyPeerOff,
                                     $secret,
-                                    $demo
+                                    $demo,
+                                    $jwtLeeway
                                     ) {
         $error = null;
         if (!$this->config->SelectDemo($demo === true)) {
@@ -163,6 +165,7 @@ public function SaveAddress($documentserver,
             $this->config->SetVerifyPeerOff($verifyPeerOff);
             $this->config->SetDocumentServerInternalUrl($documentserverInternal);
             $this->config->SetDocumentServerSecret($secret);
+            $this->config->SetJwtLeeway($jwtLeeway);
         }
         $this->config->SetStorageUrl($storageUrl);
 
@@ -182,6 +185,7 @@ public function SaveAddress($documentserver,
             "documentserverInternal" => $this->config->GetDocumentServerInternalUrl(true),
             "storageUrl" => $this->config->GetStorageUrl(),
             "secret" => $this->config->GetDocumentServerSecret(true),
+            "jwtLeeway" => $this->config->GetJwtLeeway(),
             "error" => $error,
             "version" => $version,
             ];

js/settings.js

@@ -141,6 +141,7 @@
             var onlyofficeStorageUrl = ($("#onlyofficeStorageUrl:visible").val() || "").trim();
             var onlyofficeVerifyPeerOff = $("#onlyofficeVerifyPeerOff").prop("checked");
             var onlyofficeSecret = ($("#onlyofficeSecret:visible").val() || "").trim();
+            var onlyofficeJwtLeeway = ($("#onlyofficeJwtLeeway").val() || "0").trim();
             var demo = $("#onlyofficeDemo").prop("checked");
 
             $.ajax({
@@ -152,6 +153,7 @@
                     storageUrl: onlyofficeStorageUrl,
                     verifyPeerOff: onlyofficeVerifyPeerOff,
                     secret: onlyofficeSecret,
+                    jwtLeeway: onlyofficeJwtLeeway,
                     demo: demo
                 },
                 success: function onSuccess(response) {
@@ -161,6 +163,7 @@
                         $("#onlyofficeInternalUrl").val(response.documentserverInternal);
                         $("#onlyofficeStorageUrl").val(response.storageUrl);
                         $("#onlyofficeSecret").val(response.secret);
+                        $("#onlyofficeJwtLeeway").val(response.jwtLeeway);
 
                         $(".section-onlyoffice-common, .section-onlyoffice-templates, .section-onlyoffice-watermark").toggleClass("onlyoffice-hide", (!response.documentserver.length && !demo) || !!response.error.length);
 

lib/appconfig.php

@@ -88,6 +88,13 @@ class AppConfig {
      */
     private $_cryptSecret = "secret";
 
+    /**
+     * The config key for the allowable leeway in Jwt checks
+     *
+     * @var string
+     */
+    private $_jwtLeeway = "JwtLeeway";
+
     /**
      * The config key for the default formats
      *
@@ -571,6 +578,27 @@ public function GetDocumentServerSecret($origin = false) {
         return $secret;
     }
 
+    /**
+     * Save the Jwt Leeway to the application configuration
+     *
+     * @param string $jwtLeeway - number of seconds the docs/nextcloud clock can be off
+     */
+    public function SetJwtLeeway($jwtLeeway) {
+        $this->logger->debug("Setting JwtLeeway to: " . json_encode($jwtLeeway), ["app" => $this->appName]);
+        $this->config->setAppValue($this->appName, $this->_jwtLeeway, $jwtLeeway);
+    }
+
+    /**
+     * Get the Jwt Leeway
+     *
+     * @return string
+     */
+    public function GetJwtLeeway() {
+        $jwtLeeway = $this->config->getAppValue($this->appName, $this->_jwtLeeway, "0");
+        $this->logger->debug("JwtLeeqy: " . json_encode($jwtLeeway), ["app" => $this->appName]);
+        return $jwtLeeway;
+    }
+
     /**
      * Get the secret key from the application configuration
      *

templates/settings.php

@@ -67,6 +67,9 @@
 
             <p class="onlyoffice-header"><?php p($l->t("Server address for internal requests from ONLYOFFICE Docs")) ?></p>
             <p><input id="onlyofficeStorageUrl" value="<?php p($_["storageUrl"]) ?>" placeholder="<?php p($_["currentServer"]) ?>" type="text"></p>
+
+            <p class="onlyoffice-header"><?php p($l->t("Amount of leeway in system clocks between nextcloud and ONLYOFFICE Docs (in seconds)")) ?></p>
+            <p><input id="onlyofficeJwtLeeway" value="<?php p($_["jwtLeeway"]) ?>" placeholder="0" type="text"></p>
         </div>
     </div>