mirror of
https://github.com/elyby/accounts.git
synced 2025-01-23 03:53:00 +05:30
Merge branch 'develop'
This commit is contained in:
ErickSkrauch
commit
16d08bd7f0
@ -2,12 +2,15 @@
|
||||
namespace api\aop;
|
||||
|
||||
use api\aop\aspects;
|
||||
use Doctrine\Common\Annotations\AnnotationReader;
|
||||
use Go\Core\AspectContainer;
|
||||
use Go\Core\AspectKernel as BaseAspectKernel;
|
||||
|
||||
class AspectKernel extends BaseAspectKernel {
|
||||
|
||||
protected function configureAop(AspectContainer $container): void {
|
||||
AnnotationReader::addGlobalIgnoredName('url');
|
||||
|
||||
$container->registerAspect(new aspects\MockDataAspect());
|
||||
$container->registerAspect(new aspects\CollectMetricsAspect());
|
||||
}
|
||||
|
||||
@ -126,8 +126,8 @@ class OauthProcess {
|
||||
/**
|
||||
* Метод выполняется сервером приложения, которому был выдан auth_token или refresh_token.
|
||||
*
|
||||
* Входными данными является стандартный список GET параметров по стандарту oAuth:
|
||||
* $_GET = [
|
||||
* Входными данными является стандартный список POST параметров по стандарту oAuth:
|
||||
* $_POST = [
|
||||
* client_id,
|
||||
* client_secret,
|
||||
* redirect_uri,
|
||||
@ -135,7 +135,7 @@ class OauthProcess {
|
||||
* grant_type,
|
||||
* ]
|
||||
* для запроса grant_type = authentication_code.
|
||||
* $_GET = [
|
||||
* $_POST = [
|
||||
* client_id,
|
||||
* client_secret,
|
||||
* refresh_token,
|
||||
@ -145,12 +145,15 @@ class OauthProcess {
|
||||
* @return array
|
||||
*/
|
||||
public function getToken(): array {
|
||||
$grantType = Yii::$app->request->post('grant_type', 'null');
|
||||
try {
|
||||
Yii::$app->statsd->inc('oauth.issueToken.attempt');
|
||||
Yii::$app->statsd->inc("oauth.issueToken_{$grantType}.attempt");
|
||||
$response = $this->server->issueAccessToken();
|
||||
Yii::$app->statsd->inc('oauth.issueToken.success');
|
||||
$clientId = Yii::$app->request->post('client_id');
|
||||
Yii::$app->statsd->inc("oauth.issueToken_client.{$clientId}");
|
||||
Yii::$app->statsd->inc("oauth.issueToken_{$grantType}.success");
|
||||
} catch (OAuthException $e) {
|
||||
Yii::$app->statsd->inc('oauth.issueToken.fail');
|
||||
Yii::$app->statsd->inc("oauth.issueToken_{$grantType}.fail");
|
||||
Yii::$app->response->statusCode = $e->httpStatusCode;
|
||||
$response = [
|
||||
'error' => $e->errorType,
|
||||
|
||||
@ -3,8 +3,8 @@ namespace api\modules\authserver\exceptions;
|
||||
|
||||
class IllegalArgumentException extends AuthserverException {
|
||||
|
||||
public function __construct($status = null, $message = null, $code = 0, \Exception $previous = null) {
|
||||
parent::__construct(400, 'credentials can not be null.', $code, $previous);
|
||||
public function __construct($message = 'credentials can not be null.') {
|
||||
parent::__construct(400, $message);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -5,6 +5,7 @@ use api\models\authentication\LoginForm;
|
||||
use api\models\base\ApiForm;
|
||||
use api\modules\authserver\exceptions\ForbiddenOperationException;
|
||||
use api\modules\authserver\Module as Authserver;
|
||||
use api\modules\authserver\validators\ClientTokenValidator;
|
||||
use api\modules\authserver\validators\RequiredValidator;
|
||||
use common\helpers\Error as E;
|
||||
use common\models\Account;
|
||||
@ -19,6 +20,7 @@ class AuthenticationForm extends ApiForm {
|
||||
public function rules() {
|
||||
return [
|
||||
[['username', 'password', 'clientToken'], RequiredValidator::class],
|
||||
[['clientToken'], ClientTokenValidator::class],
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
25
api/modules/authserver/validators/ClientTokenValidator.php
Normal file
25
api/modules/authserver/validators/ClientTokenValidator.php
Normal file
@ -0,0 +1,25 @@
|
||||
<?php
|
||||
namespace api\modules\authserver\validators;
|
||||
|
||||
use api\modules\authserver\exceptions\IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* Максимальная длина clientToken для нашей базы данных составляет 255.
|
||||
* После этого мы не принимаем указанный токен
|
||||
*/
|
||||
class ClientTokenValidator extends \yii\validators\RequiredValidator {
|
||||
|
||||
/**
|
||||
* @param string $value
|
||||
* @return null
|
||||
* @throws \api\modules\authserver\exceptions\AuthserverException
|
||||
*/
|
||||
protected function validateValue($value) {
|
||||
if (mb_strlen($value) > 255) {
|
||||
throw new IllegalArgumentException('clientToken is too long.');
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
@ -53,7 +53,7 @@ class JoinForm extends Model {
|
||||
$serverId = $this->serverId;
|
||||
$accessToken = $this->accessToken;
|
||||
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
|
||||
Yii::$app->statsd->inc('sessionserver.join.attempts');
|
||||
Yii::$app->statsd->inc('sessionserver.join.attempt');
|
||||
if (!$this->validate()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
return [
|
||||
'version' => '1.1.22',
|
||||
'version' => '1.1.23',
|
||||
'vendorPath' => dirname(__DIR__, 2) . '/vendor',
|
||||
'components' => [
|
||||
'cache' => [
|
||||
|
||||
@ -5,6 +5,7 @@ namespace common\tasks;
|
||||
use common\emails\EmailHelper;
|
||||
use common\emails\templates\ChangeEmailConfirmCurrentEmail;
|
||||
use common\models\confirmations\CurrentEmailConfirmation;
|
||||
use Yii;
|
||||
use yii\queue\RetryableJobInterface;
|
||||
|
||||
class SendCurrentEmailConfirmation implements RetryableJobInterface {
|
||||
@ -36,6 +37,7 @@ class SendCurrentEmailConfirmation implements RetryableJobInterface {
|
||||
* @param \yii\queue\Queue $queue
|
||||
*/
|
||||
public function execute($queue) {
|
||||
Yii::$app->statsd->inc('queue.sendCurrentEmailConfirmation.attempt');
|
||||
$to = EmailHelper::buildTo($this->username, $this->email);
|
||||
$template = new ChangeEmailConfirmCurrentEmail($to, $this->code);
|
||||
$template->send();
|
||||
|
||||
@ -5,6 +5,7 @@ namespace common\tasks;
|
||||
use common\emails\EmailHelper;
|
||||
use common\emails\templates\ChangeEmailConfirmNewEmail;
|
||||
use common\models\confirmations\NewEmailConfirmation;
|
||||
use Yii;
|
||||
use yii\queue\RetryableJobInterface;
|
||||
|
||||
class SendNewEmailConfirmation implements RetryableJobInterface {
|
||||
@ -36,6 +37,7 @@ class SendNewEmailConfirmation implements RetryableJobInterface {
|
||||
* @param \yii\queue\Queue $queue
|
||||
*/
|
||||
public function execute($queue) {
|
||||
Yii::$app->statsd->inc('queue.sendNewEmailConfirmation.attempt');
|
||||
$to = EmailHelper::buildTo($this->username, $this->email);
|
||||
$template = new ChangeEmailConfirmNewEmail($to, $this->username, $this->code);
|
||||
$template->send();
|
||||
|
||||
@ -47,6 +47,7 @@ class SendPasswordRecoveryEmail implements RetryableJobInterface {
|
||||
* @throws \common\emails\exceptions\CannotSendEmailException
|
||||
*/
|
||||
public function execute($queue) {
|
||||
Yii::$app->statsd->inc('queue.sendPasswordRecovery.attempt');
|
||||
$params = new ForgotPasswordParams($this->username, $this->code, $this->link);
|
||||
$to = EmailHelper::buildTo($this->username, $this->email);
|
||||
$template = new ForgotPasswordEmail($to, $this->locale, $params);
|
||||
|
||||
@ -47,6 +47,7 @@ class SendRegistrationEmail implements RetryableJobInterface {
|
||||
* @throws \common\emails\exceptions\CannotSendEmailException
|
||||
*/
|
||||
public function execute($queue) {
|
||||
Yii::$app->statsd->inc('queue.sendRegistrationEmail.attempt');
|
||||
$params = new RegistrationEmailParams($this->username, $this->code, $this->link);
|
||||
$to = EmailHelper::buildTo($this->username, $this->email);
|
||||
$template = new RegistrationEmail($to, $this->locale, $params);
|
||||
|
||||
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
use console\db\Migration;
|
||||
|
||||
class m180102_164624_increase_minecraft_access_keys_client_token_length extends Migration {
|
||||
|
||||
public function safeUp() {
|
||||
$this->alterColumn('{{%minecraft_access_keys}}', 'client_token', $this->string()->notNull());
|
||||
}
|
||||
|
||||
public function safeDown() {
|
||||
$this->alterColumn('{{%minecraft_access_keys}}', 'client_token', $this->string(36)->notNull());
|
||||
}
|
||||
|
||||
}
|
||||
@ -75,6 +75,31 @@ class AuthorizationCest {
|
||||
$this->testSuccessResponse($I);
|
||||
}
|
||||
|
||||
public function longClientToken(FunctionalTester $I) {
|
||||
$I->wantTo('send non uuid clientToken, but less then 255 characters');
|
||||
$this->route->authenticate([
|
||||
'username' => 'admin@ely.by',
|
||||
'password' => 'password_0',
|
||||
'clientToken' => str_pad('', 255, 'x'),
|
||||
]);
|
||||
$this->testSuccessResponse($I);
|
||||
}
|
||||
|
||||
public function tooLongClientToken(FunctionalTester $I) {
|
||||
$I->wantTo('send non uuid clientToken with more then 255 characters length');
|
||||
$this->route->authenticate([
|
||||
'username' => 'admin@ely.by',
|
||||
'password' => 'password_0',
|
||||
'clientToken' => str_pad('', 256, 'x'),
|
||||
]);
|
||||
$I->canSeeResponseCodeIs(400);
|
||||
$I->canSeeResponseIsJson();
|
||||
$I->canSeeResponseContainsJson([
|
||||
'error' => 'IllegalArgumentException',
|
||||
'errorMessage' => 'clientToken is too long.',
|
||||
]);
|
||||
}
|
||||
|
||||
public function wrongArguments(FunctionalTester $I) {
|
||||
$I->wantTo('get error on wrong amount of arguments');
|
||||
$this->route->authenticate([
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user