mirror of
https://github.com/elyby/accounts.git
synced 2024-11-09 06:02:39 +05:30
Отрефакторен компонент User\Component
Добавлен метод getActiveSession Добавлена логика для функции "Разлогинить всех" в форме смены пароля
This commit is contained in:
parent
e18f6a08b0
commit
113b9f98d8
@ -3,17 +3,24 @@ namespace api\components\User;
|
|||||||
|
|
||||||
use api\models\AccountIdentity;
|
use api\models\AccountIdentity;
|
||||||
use common\models\AccountSession;
|
use common\models\AccountSession;
|
||||||
|
use Emarref\Jwt\Algorithm\AlgorithmInterface;
|
||||||
use Emarref\Jwt\Algorithm\Hs256;
|
use Emarref\Jwt\Algorithm\Hs256;
|
||||||
use Emarref\Jwt\Claim;
|
use Emarref\Jwt\Claim;
|
||||||
use Emarref\Jwt\Encryption\Factory as EncryptionFactory;
|
use Emarref\Jwt\Encryption\Factory as EncryptionFactory;
|
||||||
|
use Emarref\Jwt\Encryption\Factory;
|
||||||
|
use Emarref\Jwt\Exception\VerificationException;
|
||||||
use Emarref\Jwt\Jwt;
|
use Emarref\Jwt\Jwt;
|
||||||
use Emarref\Jwt\Token;
|
use Emarref\Jwt\Token;
|
||||||
|
use Emarref\Jwt\Verification\Context as VerificationContext;
|
||||||
use Yii;
|
use Yii;
|
||||||
use yii\base\ErrorException;
|
use yii\base\ErrorException;
|
||||||
use yii\base\InvalidConfigException;
|
use yii\base\InvalidConfigException;
|
||||||
use yii\web\IdentityInterface;
|
use yii\web\IdentityInterface;
|
||||||
use yii\web\User as YiiUserComponent;
|
use yii\web\User as YiiUserComponent;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @property AccountSession|null $activeSession
|
||||||
|
*/
|
||||||
class Component extends YiiUserComponent {
|
class Component extends YiiUserComponent {
|
||||||
|
|
||||||
public $secret;
|
public $secret;
|
||||||
@ -43,8 +50,7 @@ class Component extends YiiUserComponent {
|
|||||||
|
|
||||||
$id = $identity->getId();
|
$id = $identity->getId();
|
||||||
$ip = Yii::$app->request->userIP;
|
$ip = Yii::$app->request->userIP;
|
||||||
|
$token = $this->createToken($identity);
|
||||||
$jwt = $this->getJWT($identity);
|
|
||||||
if ($rememberMe) {
|
if ($rememberMe) {
|
||||||
$session = new AccountSession();
|
$session = new AccountSession();
|
||||||
$session->account_id = $id;
|
$session->account_id = $id;
|
||||||
@ -53,10 +59,14 @@ class Component extends YiiUserComponent {
|
|||||||
if (!$session->save()) {
|
if (!$session->save()) {
|
||||||
throw new ErrorException('Cannot save account session model');
|
throw new ErrorException('Cannot save account session model');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$token->addClaim(new SessionIdClaim($session->id));
|
||||||
} else {
|
} else {
|
||||||
$session = null;
|
$session = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$jwt = $this->serializeToken($token);
|
||||||
|
|
||||||
Yii::info("User '{$id}' logged in from {$ip}.", __METHOD__);
|
Yii::info("User '{$id}' logged in from {$ip}.", __METHOD__);
|
||||||
|
|
||||||
$result = new LoginResult($identity, $jwt, $session);
|
$result = new LoginResult($identity, $jwt, $session);
|
||||||
@ -70,7 +80,8 @@ class Component extends YiiUserComponent {
|
|||||||
$transaction = Yii::$app->db->beginTransaction();
|
$transaction = Yii::$app->db->beginTransaction();
|
||||||
try {
|
try {
|
||||||
$identity = new AccountIdentity($account->attributes);
|
$identity = new AccountIdentity($account->attributes);
|
||||||
$jwt = $this->getJWT($identity);
|
$token = $this->createToken($identity);
|
||||||
|
$jwt = $this->serializeToken($token);
|
||||||
|
|
||||||
$result = new RenewResult($identity, $jwt);
|
$result = new RenewResult($identity, $jwt);
|
||||||
|
|
||||||
@ -89,26 +100,79 @@ class Component extends YiiUserComponent {
|
|||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getJWT(IdentityInterface $identity) {
|
/**
|
||||||
|
* @param string $jwtString
|
||||||
|
* @return Token распаршенный токен
|
||||||
|
* @throws VerificationException если один из Claims не пройдёт проверку
|
||||||
|
*/
|
||||||
|
public function parseToken(string $jwtString) : Token {
|
||||||
|
$hostInfo = Yii::$app->request->hostInfo;
|
||||||
|
|
||||||
$jwt = new Jwt();
|
$jwt = new Jwt();
|
||||||
|
$token = $jwt->deserialize($jwtString);
|
||||||
|
$context = new VerificationContext(Factory::create($this->getAlgorithm()));
|
||||||
|
$context->setAudience($hostInfo);
|
||||||
|
$context->setIssuer($hostInfo);
|
||||||
|
$jwt->verify($token, $context);
|
||||||
|
|
||||||
|
return $token;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Метод находит AccountSession модель, относительно которой был выдан текущий JWT токен.
|
||||||
|
* В случае, если на пути поиска встретится ошибка, будет возвращено значение null. Возможные кейсы:
|
||||||
|
* - Юзер не авторизован
|
||||||
|
* - Почему-то нет заголовка с токеном
|
||||||
|
* - Во время проверки токена возникла ошибка, что привело к исключению
|
||||||
|
* - В токене не найдено ключа сессии. Такое возможно, если юзер выбрал "не запоминать меня" или просто старые
|
||||||
|
* токены, без поддержки сохранения используемой сессии
|
||||||
|
*
|
||||||
|
* @return AccountSession|null
|
||||||
|
*/
|
||||||
|
public function getActiveSession() {
|
||||||
|
if ($this->getIsGuest()) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$authHeader = Yii::$app->request->getHeaders()->get('Authorization');
|
||||||
|
if ($authHeader === null || !preg_match('/^Bearer\s+(.*?)$/', $authHeader, $matches)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$token = $matches[1];
|
||||||
|
try {
|
||||||
|
$token = $this->parseToken($token);
|
||||||
|
} catch (VerificationException $e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$sessionId = $token->getPayload()->findClaimByName(SessionIdClaim::NAME);
|
||||||
|
if ($sessionId === null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return AccountSession::findOne($sessionId->getValue());
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getAlgorithm() : AlgorithmInterface {
|
||||||
|
return new Hs256($this->secret);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function serializeToken(Token $token) : string {
|
||||||
|
return (new Jwt())->serialize($token, EncryptionFactory::create($this->getAlgorithm()));
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function createToken(IdentityInterface $identity) : Token {
|
||||||
$token = new Token();
|
$token = new Token();
|
||||||
foreach($this->getClaims($identity) as $claim) {
|
foreach($this->getClaims($identity) as $claim) {
|
||||||
$token->addClaim($claim);
|
$token->addClaim($claim);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $jwt->serialize($token, EncryptionFactory::create($this->getAlgorithm()));
|
return $token;
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return Hs256
|
|
||||||
*/
|
|
||||||
public function getAlgorithm() {
|
|
||||||
return new Hs256($this->secret);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param IdentityInterface $identity
|
* @param IdentityInterface $identity
|
||||||
*
|
|
||||||
* @return Claim\AbstractClaim[]
|
* @return Claim\AbstractClaim[]
|
||||||
*/
|
*/
|
||||||
protected function getClaims(IdentityInterface $identity) {
|
protected function getClaims(IdentityInterface $identity) {
|
||||||
|
17
api/components/User/SessionIdClaim.php
Normal file
17
api/components/User/SessionIdClaim.php
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
<?php
|
||||||
|
namespace api\components\User;
|
||||||
|
|
||||||
|
use Emarref\Jwt\Claim\AbstractClaim;
|
||||||
|
|
||||||
|
class SessionIdClaim extends AbstractClaim {
|
||||||
|
|
||||||
|
const NAME = 'sid';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @inheritdoc
|
||||||
|
*/
|
||||||
|
public function getName() {
|
||||||
|
return self::NAME;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -2,10 +2,9 @@
|
|||||||
namespace api\models;
|
namespace api\models;
|
||||||
|
|
||||||
use common\models\Account;
|
use common\models\Account;
|
||||||
use Emarref\Jwt\Encryption\Factory;
|
use Emarref\Jwt\Claim\JwtId;
|
||||||
use Emarref\Jwt\Exception\VerificationException;
|
use Emarref\Jwt\Exception\VerificationException;
|
||||||
use Emarref\Jwt\Jwt;
|
use Emarref\Jwt\Token;
|
||||||
use Emarref\Jwt\Verification\Context as VerificationContext;
|
|
||||||
use Yii;
|
use Yii;
|
||||||
use yii\base\NotSupportedException;
|
use yii\base\NotSupportedException;
|
||||||
use yii\helpers\StringHelper;
|
use yii\helpers\StringHelper;
|
||||||
@ -13,22 +12,14 @@ use yii\web\IdentityInterface;
|
|||||||
use yii\web\UnauthorizedHttpException;
|
use yii\web\UnauthorizedHttpException;
|
||||||
|
|
||||||
class AccountIdentity extends Account implements IdentityInterface {
|
class AccountIdentity extends Account implements IdentityInterface {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
public static function findIdentityByAccessToken($token, $type = null) {
|
public static function findIdentityByAccessToken($token, $type = null) {
|
||||||
$jwt = new Jwt();
|
|
||||||
$token = $jwt->deserialize($token);
|
|
||||||
/** @var \api\components\User\Component $component */
|
/** @var \api\components\User\Component $component */
|
||||||
$component = Yii::$app->user;
|
$component = Yii::$app->user;
|
||||||
|
|
||||||
$hostInfo = Yii::$app->request->hostInfo;
|
|
||||||
$context = new VerificationContext(Factory::create($component->getAlgorithm()));
|
|
||||||
$context->setAudience($hostInfo);
|
|
||||||
$context->setIssuer($hostInfo);
|
|
||||||
try {
|
try {
|
||||||
$jwt->verify($token, $context);
|
$token = $component->parseToken($token);
|
||||||
} catch (VerificationException $e) {
|
} catch (VerificationException $e) {
|
||||||
if (StringHelper::startsWith($e->getMessage(), 'Token expired at')) {
|
if (StringHelper::startsWith($e->getMessage(), 'Token expired at')) {
|
||||||
$message = 'Token expired';
|
$message = 'Token expired';
|
||||||
@ -40,8 +31,8 @@ class AccountIdentity extends Account implements IdentityInterface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Если исключение выше не случилось, то значит всё оке
|
// Если исключение выше не случилось, то значит всё оке
|
||||||
/** @var \Emarref\Jwt\Claim\JwtId $jti */
|
/** @var JwtId $jti */
|
||||||
$jti = $token->getPayload()->findClaimByName('jti');
|
$jti = $token->getPayload()->findClaimByName(JwtId::NAME);
|
||||||
$account = static::findOne($jti->getValue());
|
$account = static::findOne($jti->getValue());
|
||||||
if ($account === null) {
|
if ($account === null) {
|
||||||
throw new UnauthorizedHttpException('Invalid token');
|
throw new UnauthorizedHttpException('Invalid token');
|
||||||
|
@ -5,6 +5,7 @@ use api\models\base\PasswordProtectedForm;
|
|||||||
use common\models\Account;
|
use common\models\Account;
|
||||||
use common\validators\PasswordValidate;
|
use common\validators\PasswordValidate;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
use yii\base\ErrorException;
|
||||||
use yii\helpers\ArrayHelper;
|
use yii\helpers\ArrayHelper;
|
||||||
|
|
||||||
class ChangePasswordForm extends PasswordProtectedForm {
|
class ChangePasswordForm extends PasswordProtectedForm {
|
||||||
@ -20,6 +21,11 @@ class ChangePasswordForm extends PasswordProtectedForm {
|
|||||||
*/
|
*/
|
||||||
private $_account;
|
private $_account;
|
||||||
|
|
||||||
|
public function __construct(Account $account, array $config = []) {
|
||||||
|
$this->_account = $account;
|
||||||
|
parent::__construct($config);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @inheritdoc
|
* @inheritdoc
|
||||||
*/
|
*/
|
||||||
@ -41,34 +47,40 @@ class ChangePasswordForm extends PasswordProtectedForm {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return boolean if password was changed.
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function changePassword() {
|
public function changePassword() {
|
||||||
if (!$this->validate()) {
|
if (!$this->validate()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$transaction = Yii::$app->db->beginTransaction();
|
||||||
$account = $this->_account;
|
$account = $this->_account;
|
||||||
$account->setPassword($this->newPassword);
|
$account->setPassword($this->newPassword);
|
||||||
|
|
||||||
if ($this->logoutAll) {
|
if ($this->logoutAll) {
|
||||||
// TODO: реализовать процесс разлогинивания всех авторизованных устройств и дописать под это всё тесты
|
/** @var \api\components\User\Component $userComponent */
|
||||||
|
$userComponent = Yii::$app->user;
|
||||||
|
$sessions = $account->sessions;
|
||||||
|
$activeSession = $userComponent->getActiveSession();
|
||||||
|
foreach ($sessions as $session) {
|
||||||
|
if (!$activeSession || $activeSession->id !== $session->id) {
|
||||||
|
$session->delete();
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $account->save();
|
if (!$account->save()) {
|
||||||
|
throw new ErrorException('Cannot save user model');
|
||||||
|
}
|
||||||
|
|
||||||
|
$transaction->commit();
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getAccount() {
|
protected function getAccount() {
|
||||||
return $this->_account;
|
return $this->_account;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @param Account $account
|
|
||||||
* @param array $config
|
|
||||||
*/
|
|
||||||
public function __construct(Account $account, array $config = []) {
|
|
||||||
$this->_account = $account;
|
|
||||||
parent::__construct($config);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -9,10 +9,14 @@ use Codeception\Specify;
|
|||||||
use common\models\AccountSession;
|
use common\models\AccountSession;
|
||||||
use Emarref\Jwt\Algorithm\AlgorithmInterface;
|
use Emarref\Jwt\Algorithm\AlgorithmInterface;
|
||||||
use Emarref\Jwt\Claim\ClaimInterface;
|
use Emarref\Jwt\Claim\ClaimInterface;
|
||||||
|
use Emarref\Jwt\Token;
|
||||||
use tests\codeception\api\unit\DbTestCase;
|
use tests\codeception\api\unit\DbTestCase;
|
||||||
use tests\codeception\common\_support\ProtectedCaller;
|
use tests\codeception\common\_support\ProtectedCaller;
|
||||||
use tests\codeception\common\fixtures\AccountFixture;
|
use tests\codeception\common\fixtures\AccountFixture;
|
||||||
use tests\codeception\common\fixtures\AccountSessionFixture;
|
use tests\codeception\common\fixtures\AccountSessionFixture;
|
||||||
|
use Yii;
|
||||||
|
use yii\web\HeaderCollection;
|
||||||
|
use yii\web\Request;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @property AccountFixture $accounts
|
* @property AccountFixture $accounts
|
||||||
@ -22,29 +26,14 @@ class ComponentTest extends DbTestCase {
|
|||||||
use Specify;
|
use Specify;
|
||||||
use ProtectedCaller;
|
use ProtectedCaller;
|
||||||
|
|
||||||
private $originalRemoteHost;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var Component
|
* @var Component
|
||||||
*/
|
*/
|
||||||
private $component;
|
private $component;
|
||||||
|
|
||||||
public function _before() {
|
public function _before() {
|
||||||
$this->originalRemoteHost = $_SERVER['REMOTE_ADDR'] ?? null;
|
|
||||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
|
||||||
parent::_before();
|
parent::_before();
|
||||||
|
$this->component = new Component($this->getComponentArguments());
|
||||||
$this->component = new Component([
|
|
||||||
'identityClass' => AccountIdentity::class,
|
|
||||||
'enableSession' => false,
|
|
||||||
'loginUrl' => null,
|
|
||||||
'secret' => 'secret',
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function _after() {
|
|
||||||
parent::_after();
|
|
||||||
$_SERVER['REMOTE_ADDR'] = $this->originalRemoteHost;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function fixtures() {
|
public function fixtures() {
|
||||||
@ -55,6 +44,7 @@ class ComponentTest extends DbTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function testLogin() {
|
public function testLogin() {
|
||||||
|
$this->mockRequest();
|
||||||
$this->specify('success get LoginResult object without session value', function() {
|
$this->specify('success get LoginResult object without session value', function() {
|
||||||
$account = new AccountIdentity(['id' => 1]);
|
$account = new AccountIdentity(['id' => 1]);
|
||||||
$result = $this->component->login($account, false);
|
$result = $this->component->login($account, false);
|
||||||
@ -78,29 +68,84 @@ class ComponentTest extends DbTestCase {
|
|||||||
|
|
||||||
public function testRenew() {
|
public function testRenew() {
|
||||||
$this->specify('success get RenewResult object', function() {
|
$this->specify('success get RenewResult object', function() {
|
||||||
|
$userIP = '192.168.0.1';
|
||||||
|
$this->mockRequest($userIP);
|
||||||
/** @var AccountSession $session */
|
/** @var AccountSession $session */
|
||||||
$session = AccountSession::findOne($this->sessions['admin']['id']);
|
$session = AccountSession::findOne($this->sessions['admin']['id']);
|
||||||
$callTime = time();
|
$callTime = time();
|
||||||
$usedRemoteAddr = $_SERVER['REMOTE_ADDR'] ?? null;
|
|
||||||
$_SERVER['REMOTE_ADDR'] = '192.168.0.1';
|
|
||||||
$result = $this->component->renew($session);
|
$result = $this->component->renew($session);
|
||||||
expect($result)->isInstanceOf(RenewResult::class);
|
expect($result)->isInstanceOf(RenewResult::class);
|
||||||
expect(is_string($result->getJwt()))->true();
|
expect(is_string($result->getJwt()))->true();
|
||||||
expect($result->getIdentity()->getId())->equals($session->account_id);
|
expect($result->getIdentity()->getId())->equals($session->account_id);
|
||||||
$session->refresh();
|
$session->refresh();
|
||||||
expect($session->last_refreshed_at)->greaterOrEquals($callTime);
|
expect($session->last_refreshed_at)->greaterOrEquals($callTime);
|
||||||
expect($session->getReadableIp())->equals($_SERVER['REMOTE_ADDR']);
|
expect($session->getReadableIp())->equals($userIP);
|
||||||
$_SERVER['REMOTE_ADDR'] = $usedRemoteAddr;
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGetJWT() {
|
public function testParseToken() {
|
||||||
|
$this->mockRequest();
|
||||||
|
$this->specify('success get RenewResult object', function() {
|
||||||
|
$identity = new AccountIdentity(['id' => 1]);
|
||||||
|
$token = $this->callProtected($this->component, 'createToken', $identity);
|
||||||
|
$jwt = $this->callProtected($this->component, 'serializeToken', $token);
|
||||||
|
|
||||||
|
expect($this->component->parseToken($jwt))->isInstanceOf(Token::class);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGetActiveSession() {
|
||||||
|
$this->specify('get used account session', function() {
|
||||||
|
/** @var AccountIdentity $identity */
|
||||||
|
$identity = AccountIdentity::findOne($this->accounts['admin']['id']);
|
||||||
|
$result = $this->component->login($identity, true);
|
||||||
|
$this->component->logout();
|
||||||
|
|
||||||
|
/** @var Component|\PHPUnit_Framework_MockObject_MockObject $component */
|
||||||
|
$component = $this->getMock(Component::class, ['getIsGuest'], [$this->getComponentArguments()]);
|
||||||
|
$component
|
||||||
|
->expects($this->any())
|
||||||
|
->method('getIsGuest')
|
||||||
|
->will($this->returnValue(false));
|
||||||
|
|
||||||
|
/** @var HeaderCollection|\PHPUnit_Framework_MockObject_MockObject $headersCollection */
|
||||||
|
$headersCollection = $this->getMock(HeaderCollection::class, ['get']);
|
||||||
|
$headersCollection
|
||||||
|
->expects($this->any())
|
||||||
|
->method('get')
|
||||||
|
->with($this->equalTo('Authorization'))
|
||||||
|
->will($this->returnValue('Bearer ' . $result->getJwt()));
|
||||||
|
|
||||||
|
/** @var Request|\PHPUnit_Framework_MockObject_MockObject $request */
|
||||||
|
$request = $this->getMock(Request::class, ['getHeaders']);
|
||||||
|
$request
|
||||||
|
->expects($this->any())
|
||||||
|
->method('getHeaders')
|
||||||
|
->will($this->returnValue($headersCollection));
|
||||||
|
|
||||||
|
Yii::$app->set('request', $request);
|
||||||
|
|
||||||
|
$session = $component->getActiveSession();
|
||||||
|
expect($session)->isInstanceOf(AccountSession::class);
|
||||||
|
expect($session->id)->equals($result->getSession()->id);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testSerializeToken() {
|
||||||
$this->specify('get string, contained jwt token', function() {
|
$this->specify('get string, contained jwt token', function() {
|
||||||
expect($this->component->getJWT(new AccountIdentity(['id' => 1])))
|
$token = new Token();
|
||||||
|
expect($this->callProtected($this->component, 'serializeToken', $token))
|
||||||
->regExp('/^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+\/=]*$/');
|
->regExp('/^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+\/=]*$/');
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCreateToken() {
|
||||||
|
$this->specify('create token', function() {
|
||||||
|
expect($this->callProtected($this->component, 'createToken', new AccountIdentity(['id' => 1])))
|
||||||
|
->isInstanceOf(Token::class);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
public function testGetAlgorithm() {
|
public function testGetAlgorithm() {
|
||||||
$this->specify('get expected hash algorithm object', function() {
|
$this->specify('get expected hash algorithm object', function() {
|
||||||
expect($this->component->getAlgorithm())->isInstanceOf(AlgorithmInterface::class);
|
expect($this->component->getAlgorithm())->isInstanceOf(AlgorithmInterface::class);
|
||||||
@ -117,4 +162,33 @@ class ComponentTest extends DbTestCase {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return \PHPUnit_Framework_MockObject_MockObject
|
||||||
|
*/
|
||||||
|
private function mockRequest($userIP = '127.0.0.1') {
|
||||||
|
$request = $this->getMock(Request::class, ['getHostInfo', 'getUserIP']);
|
||||||
|
$request
|
||||||
|
->expects($this->any())
|
||||||
|
->method('getHostInfo')
|
||||||
|
->will($this->returnValue('http://localhost'));
|
||||||
|
|
||||||
|
$request
|
||||||
|
->expects($this->any())
|
||||||
|
->method('getUserIP')
|
||||||
|
->will($this->returnValue($userIP));
|
||||||
|
|
||||||
|
Yii::$app->set('request', $request);
|
||||||
|
|
||||||
|
return $request;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getComponentArguments() {
|
||||||
|
return [
|
||||||
|
'identityClass' => AccountIdentity::class,
|
||||||
|
'enableSession' => false,
|
||||||
|
'loginUrl' => null,
|
||||||
|
'secret' => 'secret',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -5,6 +5,7 @@ use api\models\AccountIdentity;
|
|||||||
use Codeception\Specify;
|
use Codeception\Specify;
|
||||||
use Exception;
|
use Exception;
|
||||||
use tests\codeception\api\unit\DbTestCase;
|
use tests\codeception\api\unit\DbTestCase;
|
||||||
|
use tests\codeception\common\_support\ProtectedCaller;
|
||||||
use tests\codeception\common\fixtures\AccountFixture;
|
use tests\codeception\common\fixtures\AccountFixture;
|
||||||
use Yii;
|
use Yii;
|
||||||
use yii\web\IdentityInterface;
|
use yii\web\IdentityInterface;
|
||||||
@ -15,6 +16,7 @@ use yii\web\UnauthorizedHttpException;
|
|||||||
*/
|
*/
|
||||||
class AccountIdentityTest extends DbTestCase {
|
class AccountIdentityTest extends DbTestCase {
|
||||||
use Specify;
|
use Specify;
|
||||||
|
use ProtectedCaller;
|
||||||
|
|
||||||
public function fixtures() {
|
public function fixtures() {
|
||||||
return [
|
return [
|
||||||
@ -51,8 +53,9 @@ class AccountIdentityTest extends DbTestCase {
|
|||||||
$component = Yii::$app->user;
|
$component = Yii::$app->user;
|
||||||
/** @var AccountIdentity $account */
|
/** @var AccountIdentity $account */
|
||||||
$account = AccountIdentity::findOne($this->accounts['admin']['id']);
|
$account = AccountIdentity::findOne($this->accounts['admin']['id']);
|
||||||
|
$token = $this->callProtected($component, 'createToken', $account);
|
||||||
|
|
||||||
return $component->getJWT($account);
|
return $this->callProtected($component, 'serializeToken', $token);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,25 +1,28 @@
|
|||||||
<?php
|
<?php
|
||||||
namespace tests\codeception\api\models\profile;
|
namespace tests\codeception\api\models\profile;
|
||||||
|
|
||||||
|
use api\components\User\Component;
|
||||||
|
use api\models\AccountIdentity;
|
||||||
use api\models\profile\ChangePasswordForm;
|
use api\models\profile\ChangePasswordForm;
|
||||||
use Codeception\Specify;
|
use Codeception\Specify;
|
||||||
use common\models\Account;
|
use common\models\Account;
|
||||||
|
use common\models\AccountSession;
|
||||||
use tests\codeception\api\unit\DbTestCase;
|
use tests\codeception\api\unit\DbTestCase;
|
||||||
use tests\codeception\common\fixtures\AccountFixture;
|
use tests\codeception\common\fixtures\AccountFixture;
|
||||||
|
use tests\codeception\common\fixtures\AccountSessionFixture;
|
||||||
use Yii;
|
use Yii;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @property AccountFixture $accounts
|
* @property AccountFixture $accounts
|
||||||
|
* @property AccountSessionFixture $accountSessions
|
||||||
*/
|
*/
|
||||||
class ChangePasswordFormTest extends DbTestCase {
|
class ChangePasswordFormTest extends DbTestCase {
|
||||||
use Specify;
|
use Specify;
|
||||||
|
|
||||||
public function fixtures() {
|
public function fixtures() {
|
||||||
return [
|
return [
|
||||||
'accounts' => [
|
'accounts' => AccountFixture::class,
|
||||||
'class' => AccountFixture::class,
|
'accountSessions' => AccountSessionFixture::class,
|
||||||
'dataFile' => '@tests/codeception/common/fixtures/data/accounts.php',
|
|
||||||
],
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -63,32 +66,73 @@ class ChangePasswordFormTest extends DbTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function testChangePassword() {
|
public function testChangePassword() {
|
||||||
/** @var Account $account */
|
$this->specify('successfully change password with modern hash strategy', function() {
|
||||||
$account = Account::findOne($this->accounts['admin']['id']);
|
/** @var Account $account */
|
||||||
$model = new ChangePasswordForm($account, [
|
$account = Account::findOne($this->accounts['admin']['id']);
|
||||||
'password' => 'password_0',
|
$model = new ChangePasswordForm($account, [
|
||||||
'newPassword' => 'my-new-password',
|
'password' => 'password_0',
|
||||||
'newRePassword' => 'my-new-password',
|
'newPassword' => 'my-new-password',
|
||||||
]);
|
'newRePassword' => 'my-new-password',
|
||||||
$this->specify('successfully change password with modern hash strategy', function() use ($model, $account) {
|
]);
|
||||||
|
|
||||||
$callTime = time();
|
$callTime = time();
|
||||||
expect('form should return true', $model->changePassword())->true();
|
expect('form should return true', $model->changePassword())->true();
|
||||||
expect('new password should be successfully stored into account', $account->validatePassword('my-new-password'))->true();
|
expect('new password should be successfully stored into account', $account->validatePassword('my-new-password'))->true();
|
||||||
expect('password change time updated', $account->password_changed_at)->greaterOrEquals($callTime);
|
expect('password change time updated', $account->password_changed_at)->greaterOrEquals($callTime);
|
||||||
});
|
});
|
||||||
|
|
||||||
/** @var Account $account */
|
$this->specify('successfully change password with legacy hash strategy', function() {
|
||||||
$account = Account::findOne($this->accounts['user-with-old-password-type']['id']);
|
/** @var Account $account */
|
||||||
$model = new ChangePasswordForm($account, [
|
$account = Account::findOne($this->accounts['user-with-old-password-type']['id']);
|
||||||
'password' => '12345678',
|
$model = new ChangePasswordForm($account, [
|
||||||
'newPassword' => 'my-new-password',
|
'password' => '12345678',
|
||||||
'newRePassword' => 'my-new-password',
|
'newPassword' => 'my-new-password',
|
||||||
]);
|
'newRePassword' => 'my-new-password',
|
||||||
$this->specify('successfully change password with legacy hash strategy', function() use ($model, $account) {
|
]);
|
||||||
|
|
||||||
$callTime = time();
|
$callTime = time();
|
||||||
expect('form should return true', $model->changePassword())->true();
|
expect($model->changePassword())->true();
|
||||||
expect('new password should be successfully stored into account', $account->validatePassword('my-new-password'))->true();
|
expect($account->validatePassword('my-new-password'))->true();
|
||||||
expect('password change time updated', $account->password_changed_at)->greaterOrEquals($callTime);
|
expect($account->password_changed_at)->greaterOrEquals($callTime);
|
||||||
|
expect($account->password_hash_strategy)->equals(Account::PASS_HASH_STRATEGY_YII2);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testChangePasswordWithLogout() {
|
||||||
|
/** @var Component|\PHPUnit_Framework_MockObject_MockObject $component */
|
||||||
|
$component = $this->getMock(Component::class, ['getActiveSession'], [[
|
||||||
|
'identityClass' => AccountIdentity::class,
|
||||||
|
'enableSession' => false,
|
||||||
|
'loginUrl' => null,
|
||||||
|
'secret' => 'secret',
|
||||||
|
]]);
|
||||||
|
|
||||||
|
/** @var AccountSession $session */
|
||||||
|
$session = AccountSession::findOne($this->accountSessions['admin2']['id']);
|
||||||
|
|
||||||
|
$component
|
||||||
|
->expects($this->any())
|
||||||
|
->method('getActiveSession')
|
||||||
|
->will($this->returnValue($session));
|
||||||
|
|
||||||
|
Yii::$app->set('user', $component);
|
||||||
|
|
||||||
|
$this->specify('change password with removing all session, except current', function() use ($session) {
|
||||||
|
/** @var Account $account */
|
||||||
|
$account = Account::findOne($this->accounts['admin']['id']);
|
||||||
|
|
||||||
|
$model = new ChangePasswordForm($account, [
|
||||||
|
'password' => 'password_0',
|
||||||
|
'newPassword' => 'my-new-password',
|
||||||
|
'newRePassword' => 'my-new-password',
|
||||||
|
'logoutAll' => true,
|
||||||
|
]);
|
||||||
|
|
||||||
|
expect($model->changePassword())->true();
|
||||||
|
/** @var AccountSession[] $sessions */
|
||||||
|
$sessions = $account->getSessions()->all();
|
||||||
|
expect(count($sessions))->equals(1);
|
||||||
|
expect($sessions[0]->id)->equals($session->id);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,6 +4,7 @@ namespace tests\codeception\common\_support;
|
|||||||
use Codeception\Module;
|
use Codeception\Module;
|
||||||
use Codeception\TestCase;
|
use Codeception\TestCase;
|
||||||
use tests\codeception\common\fixtures\AccountFixture;
|
use tests\codeception\common\fixtures\AccountFixture;
|
||||||
|
use tests\codeception\common\fixtures\AccountSessionFixture;
|
||||||
use tests\codeception\common\fixtures\EmailActivationFixture;
|
use tests\codeception\common\fixtures\EmailActivationFixture;
|
||||||
use tests\codeception\common\fixtures\OauthClientFixture;
|
use tests\codeception\common\fixtures\OauthClientFixture;
|
||||||
use tests\codeception\common\fixtures\OauthScopeFixture;
|
use tests\codeception\common\fixtures\OauthScopeFixture;
|
||||||
@ -46,10 +47,8 @@ class FixtureHelper extends Module {
|
|||||||
|
|
||||||
public function fixtures() {
|
public function fixtures() {
|
||||||
return [
|
return [
|
||||||
'accounts' => [
|
'accounts' => AccountFixture::class,
|
||||||
'class' => AccountFixture::class,
|
'accountSessions' => AccountSessionFixture::class,
|
||||||
'dataFile' => '@tests/codeception/common/fixtures/data/accounts.php',
|
|
||||||
],
|
|
||||||
'emailActivations' => EmailActivationFixture::class,
|
'emailActivations' => EmailActivationFixture::class,
|
||||||
'oauthClients' => [
|
'oauthClients' => [
|
||||||
'class' => OauthClientFixture::class,
|
'class' => OauthClientFixture::class,
|
||||||
|
@ -8,4 +8,12 @@ return [
|
|||||||
'created_at' => time(),
|
'created_at' => time(),
|
||||||
'last_refreshed_at' => time(),
|
'last_refreshed_at' => time(),
|
||||||
],
|
],
|
||||||
|
'admin2' => [
|
||||||
|
'id' => 2,
|
||||||
|
'account_id' => 1,
|
||||||
|
'refresh_token' => 'RI5CdxTama2ZijwYw03rJAq84M2JzPM3gDeIDGI8',
|
||||||
|
'last_used_ip' => ip2long('136.243.88.97'),
|
||||||
|
'created_at' => time(),
|
||||||
|
'last_refreshed_at' => time(),
|
||||||
|
],
|
||||||
];
|
];
|
||||||
|
Loading…
Reference in New Issue
Block a user