accounts/api/modules/authserver/models/RefreshTokenForm.php

<?php
declare(strict_types=1);

namespace api\modules\authserver\models;

use api\components\Tokens\TokenReader;
use api\models\base\ApiForm;
use api\modules\authserver\exceptions\ForbiddenOperationException;
use api\modules\authserver\validators\AccessTokenValidator;
use api\modules\authserver\validators\RequiredValidator;
use api\rbac\Permissions as P;
use common\models\Account;
use common\models\MinecraftAccessKey;
use common\models\OauthClient;
use common\models\OauthSession;
use Webmozart\Assert\Assert;
use Yii;

class RefreshTokenForm extends ApiForm {

    /**
     * @var string
     */
    public $accessToken;

    /**
     * @var string
     */
    public $clientToken;

    /**
     * @var string|bool
     */
    public $requestUser;

    public function rules(): array {
        return [
            [['accessToken', 'clientToken'], RequiredValidator::class],
            [['accessToken'], AccessTokenValidator::class, 'verifyExpiration' => false],
            [['requestUser'], 'boolean'],
        ];
    }

    /**
     * @return AuthenticateData
     * @throws \api\modules\authserver\exceptions\IllegalArgumentException
     * @throws \api\modules\authserver\exceptions\ForbiddenOperationException
     */
    public function refresh(): AuthenticateData {
        $this->validate();
        $account = null;
        if (mb_strlen($this->accessToken) === 36) {
            /** @var MinecraftAccessKey $token */
            $token = MinecraftAccessKey::findOne([
                'access_token' => $this->accessToken,
                'client_token' => $this->clientToken,
            ]);
            if ($token !== null) {
                $account = $token->account;
            }
        } else {
            $token = Yii::$app->tokens->parse($this->accessToken);
            $tokenReader = new TokenReader($token);
            if ($tokenReader->getMinecraftClientToken() !== $this->clientToken) {
                throw new ForbiddenOperationException('Invalid token.');
            }

            $account = Account::findOne(['id' => $tokenReader->getAccountId()]);
        }

        if ($account === null) {
            throw new ForbiddenOperationException('Invalid token.');
        }

        $token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $this->clientToken);

        // TODO: This behavior duplicates with the AuthenticationForm. Need to find a way to avoid duplication.
        /** @var OauthSession|null $minecraftOauthSession */
        $minecraftOauthSession = $account->getOauthSessions()
            ->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])
            ->one();
        if ($minecraftOauthSession === null) {
            $minecraftOauthSession = new OauthSession();
            $minecraftOauthSession->account_id = $account->id;
            $minecraftOauthSession->client_id = OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER;
            $minecraftOauthSession->scopes = [P::MINECRAFT_SERVER_SESSION];
        }

        $minecraftOauthSession->last_used_at = time();
        Assert::true($minecraftOauthSession->save());

        return new AuthenticateData($account, (string)$token, $this->clientToken, (bool)$this->requestUser);
    }

}
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`<?php`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`declare(strict_types=1);`

Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`namespace api\modules\authserver\models;`

Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever. 2019-12-09 22:01:54 +05:30			`use api\components\Tokens\TokenReader;`
Теперь при передаче запроса как json, закодированный в теле, он автоматически парсится 2017-05-31 05:40:22 +05:30			`use api\models\base\ApiForm;`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`use api\modules\authserver\exceptions\ForbiddenOperationException;`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`use api\modules\authserver\validators\AccessTokenValidator;`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`use api\modules\authserver\validators\RequiredValidator;`
Fixes ACCOUNTS-5Z9. Add import statement for Permissions class 2019-12-15 21:03:15 +05:30			`use api\rbac\Permissions as P;`
Перенесены тесты со старого authserver, исправлены ошибки в коде 2016-09-01 13:01:43 +05:30			`use common\models\Account;`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`use common\models\MinecraftAccessKey;`
Fix revokation validation. Add additional tests cases 2019-12-11 01:21:11 +05:30			`use common\models\OauthClient;`
			`use common\models\OauthSession;`
			`use Webmozart\Assert\Assert;`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`use Yii;`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30
Теперь при передаче запроса как json, закодированный в теле, он автоматически парсится 2017-05-31 05:40:22 +05:30			`class RefreshTokenForm extends ApiForm {`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`/**`
			`* @var string`
			`*/`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`public $accessToken;`
Implemented PHP-CS-Fixer support 2018-04-18 02:17:25 +05:30
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`/**`
			`* @var string`
			`*/`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`public $clientToken;`

Return user field when requestUser param received on authentication/refresh endpoint [deploy] 2021-03-06 15:07:58 +05:30			`/**`
			`* @var string\|bool`
			`*/`
			`public $requestUser;`

Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`public function rules(): array {`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`return [`
Перенесены тесты со старого authserver, исправлены ошибки в коде 2016-09-01 13:01:43 +05:30			`[['accessToken', 'clientToken'], RequiredValidator::class],`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`[['accessToken'], AccessTokenValidator::class, 'verifyExpiration' => false],`
Return user field when requestUser param received on authentication/refresh endpoint [deploy] 2021-03-06 15:07:58 +05:30			`[['requestUser'], 'boolean'],`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`];`
			`}`

			`/**`
			`* @return AuthenticateData`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`* @throws \api\modules\authserver\exceptions\IllegalArgumentException`
			`* @throws \api\modules\authserver\exceptions\ForbiddenOperationException`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`*/`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`public function refresh(): AuthenticateData {`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`$this->validate();`
Fix tests 2019-12-05 03:22:27 +05:30			`$account = null;`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`if (mb_strlen($this->accessToken) === 36) {`
			`/** @var MinecraftAccessKey $token */`
			`$token = MinecraftAccessKey::findOne([`
			`'access_token' => $this->accessToken,`
			`'client_token' => $this->clientToken,`
			`]);`
Fix tests 2019-12-05 03:22:27 +05:30			`if ($token !== null) {`
			`$account = $token->account;`
			`}`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`} else {`
			`$token = Yii::$app->tokens->parse($this->accessToken);`
Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever. 2019-12-09 22:01:54 +05:30			`$tokenReader = new TokenReader($token);`
			`if ($tokenReader->getMinecraftClientToken() !== $this->clientToken) {`
Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`throw new ForbiddenOperationException('Invalid token.');`
			`}`

Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever. 2019-12-09 22:01:54 +05:30			`$account = Account::findOne(['id' => $tokenReader->getAccountId()]);`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`}`

Covered all cases, fixed CS, added a new TODO 2020-06-13 04:25:02 +05:30			`if ($account === null) {`
Fix tests 2019-12-05 03:22:27 +05:30			`throw new ForbiddenOperationException('Invalid token.');`
			`}`

Replace separate minecraft access tokens with JWT 2019-12-04 23:40:15 +05:30			`$token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $this->clientToken);`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30
Fix revokation validation. Add additional tests cases 2019-12-11 01:21:11 +05:30			`// TODO: This behavior duplicates with the AuthenticationForm. Need to find a way to avoid duplication.`
			`/** @var OauthSession\|null $minecraftOauthSession */`
Implemented features to revoke access for previously authorized OAuth 2.0 clients 2020-09-30 23:00:04 +05:30			`$minecraftOauthSession = $account->getOauthSessions()`
Fix revokation validation. Add additional tests cases 2019-12-11 01:21:11 +05:30			`->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])`
Implemented features to revoke access for previously authorized OAuth 2.0 clients 2020-09-30 23:00:04 +05:30			`->one();`
			`if ($minecraftOauthSession === null) {`
Fix revokation validation. Add additional tests cases 2019-12-11 01:21:11 +05:30			`$minecraftOauthSession = new OauthSession();`
			`$minecraftOauthSession->account_id = $account->id;`
			`$minecraftOauthSession->client_id = OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER;`
			`$minecraftOauthSession->scopes = [P::MINECRAFT_SERVER_SESSION];`
			`}`

Implemented features to revoke access for previously authorized OAuth 2.0 clients 2020-09-30 23:00:04 +05:30			`$minecraftOauthSession->last_used_at = time();`
			`Assert::true($minecraftOauthSession->save());`

Return user field when requestUser param received on authentication/refresh endpoint [deploy] 2021-03-06 15:07:58 +05:30			`return new AuthenticateData($account, (string)$token, $this->clientToken, (bool)$this->requestUser);`
Первичное портирование логики сервера авторизации с PhalconPHP на Yii2 2016-08-21 04:51:39 +05:30			`}`

			`}`