Introduce revokation mechanism

2025-05-31 14:11:46 +05:30 · 2019-12-10 01:38:09 +03:00
parent ba7fad84a0
commit 016a193263
11 changed files with 103 additions and 20 deletions
--- a/common/models/Account.php
+++ b/common/models/Account.php
@@ -14,33 +14,33 @@ use const common\LATEST_RULES_VERSION;

 /**
 * Fields:
- * @property integer $id
+ * @property int     $id
 * @property string  $uuid
 * @property string  $username
 * @property string  $email
 * @property string  $password_hash
- * @property integer $password_hash_strategy
+ * @property int     $password_hash_strategy
 * @property string  $lang
- * @property integer $status
- * @property integer $rules_agreement_version
+ * @property int     $status
+ * @property int     $rules_agreement_version
 * @property string  $registration_ip
 * @property string  $otp_secret
- * @property integer $is_otp_enabled
- * @property integer $created_at
- * @property integer $updated_at
- * @property integer $password_changed_at
+ * @property int     $is_otp_enabled
+ * @property int     $created_at
+ * @property int     $updated_at
+ * @property int     $password_changed_at
 *
 * Getters-setters:
 * @property-write string $password plain user's password
 * @property-read string $profileLink link to the user's Ely.by profile
 *
 * Relations:
- * @property EmailActivation[]    $emailActivations
- * @property OauthSession[]       $oauthSessions
- * @property OauthClient[]        $oauthClients
- * @property UsernameHistory[]    $usernameHistory
- * @property AccountSession[]     $sessions
- * @property MinecraftAccessKey[] $minecraftAccessKeys
+ * @property-read EmailActivation[] $emailActivations
+ * @property-read OauthSession[] $oauthSessions
+ * @property-read OauthClient[] $oauthClients
+ * @property-read UsernameHistory[] $usernameHistory
+ * @property-read AccountSession[] $sessions
+ * @property-read MinecraftAccessKey[] $minecraftAccessKeys
 *
 * Behaviors:
 * @mixin TimestampBehavior
--- a/common/models/OauthClient.php
+++ b/common/models/OauthClient.php
@@ -31,6 +31,12 @@ class OauthClient extends ActiveRecord {

    public const TYPE_APPLICATION = 'application';
    public const TYPE_MINECRAFT_SERVER = 'minecraft-server';
+    public const TYPE_MINECRAFT_GAME_LAUNCHER = 'minecraft-game-launcher';
+
+    /**
+     * Abstract oauth_client, used to
+     */
+    public const UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER = 'unauthorized_minecraft_game_launcher';

    public static function tableName(): string {
        return 'oauth_clients';
--- a/common/models/OauthSession.php
+++ b/common/models/OauthSession.php
@@ -10,11 +10,12 @@ use yii\db\ActiveRecord;

 /**
 * Fields:
- * @property int     $account_id
- * @property string  $client_id
- * @property int     $legacy_id
- * @property array   $scopes
- * @property integer $created_at
+ * @property int $account_id
+ * @property string $client_id
+ * @property int|null $legacy_id
+ * @property array $scopes
+ * @property int $created_at
+ * @property int|null $revoked_at
 *
 * Relations:
 * @property-read OauthClient $client
@@ -58,6 +59,7 @@ class OauthSession extends ActiveRecord {
     * @return array of refresh tokens (ids)
     */
    public function getLegacyRefreshTokens(): array {
+        // TODO: it seems that this method isn't used anywhere
        if ($this->legacy_id === null) {
            return [];
        }
--- a/common/tests/fixtures/data/oauth-sessions.php
+++ b/common/tests/fixtures/data/oauth-sessions.php
@@ -6,6 +6,23 @@ return [
        'legacy_id' => 1,
        'scopes' => null,
        'created_at' => 1479944472,
+        'revoked_at' => null,
+    ],
+    'revoked-tlauncher' => [
+        'account_id' => 1,
+        'client_id' => 'tlauncher',
+        'legacy_id' => null,
+        'scopes' => null,
+        'created_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
+        'revoked_at' => Carbon\Carbon::create(2019, 8, 1, 1, 2, 0, 'Europe/Minsk')->unix(),
+    ],
+    'revoked-minecraft-game-launchers' => [
+        'account_id' => 1,
+        'client_id' => common\models\OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER,
+        'legacy_id' => null,
+        'scopes' => null,
+        'created_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
+        'revoked_at' => Carbon\Carbon::create(2019, 8, 1, 1, 2, 0, 'Europe/Minsk')->unix(),
    ],
    'banned-account-session' => [
        'account_id' => 10,
@@ -13,6 +30,7 @@ return [
        'legacy_id' => 2,
        'scopes' => null,
        'created_at' => 1481421663,
+        'revoked_at' => null,
    ],
    'deleted-client-session' => [
        'account_id' => 1,
@@ -20,6 +38,7 @@ return [
        'legacy_id' => 3,
        'scopes' => null,
        'created_at' => 1519510065,
+        'revoked_at' => null,
    ],
    'actual-deleted-client-session' => [
        'account_id' => 2,
@@ -27,5 +46,6 @@ return [
        'legacy_id' => 4,
        'scopes' => null,
        'created_at' => 1519511568,
+        'revoked_at' => null,
    ],
 ];