summary refs log tree commit diff
path: root/synapse/groups/attestations.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2017-10-27 11:57:27 +0100
committerErik Johnston <erik@matrix.org>2017-10-27 11:57:27 +0100
commitca571b0ec3674cd477e9da5f8e9d20c4dfcaf58b (patch)
tree6fd821e23dee30920e61801009120a52cef217ed /synapse/groups/attestations.py
parentMerge branch 'release-v0.24.1' of github.com:matrix-org/synapse (diff)
downloadsynapse-ca571b0ec3674cd477e9da5f8e9d20c4dfcaf58b.tar.xz
Add jitter to validity period of attestations
This helps ensure that the renewals of attestations are spread out more
evenly.
Diffstat (limited to '')
-rw-r--r--synapse/groups/attestations.py13
1 files changed, 12 insertions, 1 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py
index b751cf5e43..fc5f92121e 100644
--- a/synapse/groups/attestations.py
+++ b/synapse/groups/attestations.py
@@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import random
+
 from twisted.internet import defer
 
 from synapse.api.errors import SynapseError
@@ -25,6 +27,11 @@ from signedjson.sign import sign_json
 # Default validity duration for new attestations we create
 DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
 
+# We add some jitter to the validity duration of attestations so that if we
+# add lots of users at once we don't need to renew them all at once.
+# The jitter is a multiplier picked randomly between the first and second number
+DEFAULT_ATTESTATION_JITTER = (0.9, 1.3)
+
 # Start trying to update our attestations when they come this close to expiring
 UPDATE_ATTESTATION_TIME_MS = 1 * 24 * 60 * 60 * 1000
 
@@ -73,10 +80,14 @@ class GroupAttestationSigning(object):
         """Create an attestation for the group_id and user_id with default
         validity length.
         """
+        validity_period = DEFAULT_ATTESTATION_LENGTH_MS
+        validity_period *= random.uniform(*DEFAULT_ATTESTATION_JITTER)
+        valid_until_ms = int(self.clock.time_msec() + validity_period)
+
         return sign_json({
             "group_id": group_id,
             "user_id": user_id,
-            "valid_until_ms": self.clock.time_msec() + DEFAULT_ATTESTATION_LENGTH_MS,
+            "valid_until_ms": valid_until_ms,
         }, self.server_name, self.signing_key)