Все классы, отвечающие за oAuth передвинуты в компоненты API, освежён код, поправлены неймспейсы

This commit is contained in:
ErickSkrauch 2016-11-27 00:43:42 +03:00
parent e6fa0fe6f3
commit 20286f1744
19 changed files with 163 additions and 127 deletions

View File

@ -1,13 +1,13 @@
<?php <?php
namespace common\components\oauth; namespace api\components\OAuth2;
use common\components\oauth\Storage\Redis\AuthCodeStorage; use api\components\OAuth2\Storage\AuthCodeStorage;
use common\components\oauth\Storage\Redis\RefreshTokenStorage; use api\components\OAuth2\Storage\RefreshTokenStorage;
use common\components\oauth\Storage\Yii2\AccessTokenStorage; use api\components\OAuth2\Storage\AccessTokenStorage;
use common\components\oauth\Storage\Yii2\ClientStorage; use api\components\OAuth2\Storage\ClientStorage;
use common\components\oauth\Storage\Yii2\ScopeStorage; use api\components\OAuth2\Storage\ScopeStorage;
use common\components\oauth\Storage\Yii2\SessionStorage; use api\components\OAuth2\Storage\SessionStorage;
use common\components\oauth\Util\KeyAlgorithm\UuidAlgorithm; use api\components\OAuth2\Utils\KeyAlgorithm\UuidAlgorithm;
use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant; use League\OAuth2\Server\Grant;
use League\OAuth2\Server\Util\SecureKey; use League\OAuth2\Server\Util\SecureKey;
@ -41,22 +41,22 @@ class Component extends \yii\base\Component {
public function getAuthServer() { public function getAuthServer() {
if ($this->_authServer === null) { if ($this->_authServer === null) {
$authServer = new AuthorizationServer(); $authServer = new AuthorizationServer();
$authServer $authServer->setAccessTokenStorage(new AccessTokenStorage());
->setAccessTokenStorage(new AccessTokenStorage()) $authServer->setClientStorage(new ClientStorage());
->setClientStorage(new ClientStorage()) $authServer->setScopeStorage(new ScopeStorage());
->setScopeStorage(new ScopeStorage()) $authServer->setSessionStorage(new SessionStorage());
->setSessionStorage(new SessionStorage()) $authServer->setAuthCodeStorage(new AuthCodeStorage());
->setAuthCodeStorage(new AuthCodeStorage()) $authServer->setRefreshTokenStorage(new RefreshTokenStorage());
->setRefreshTokenStorage(new RefreshTokenStorage()) $authServer->setScopeDelimiter(',');
->setScopeDelimiter(',');
$this->_authServer = $authServer; $this->_authServer = $authServer;
foreach ($this->grantTypes as $grantType) { foreach ($this->grantTypes as $grantType) {
if (!array_key_exists($grantType, $this->grantMap)) { if (!isset($this->grantMap[$grantType])) {
throw new InvalidConfigException('Invalid grant type'); throw new InvalidConfigException('Invalid grant type');
} }
/** @var Grant\GrantTypeInterface $grant */
$grant = new $this->grantMap[$grantType](); $grant = new $this->grantMap[$grantType]();
$this->_authServer->addGrantType($grant); $this->_authServer->addGrantType($grant);
} }

View File

@ -1,11 +1,9 @@
<?php <?php
namespace common\components\oauth\Entity; namespace api\components\OAuth2\Entities;
use League\OAuth2\Server\Entity\EntityTrait;
use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity; use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity;
class AccessTokenEntity extends \League\OAuth2\Server\Entity\AccessTokenEntity { class AccessTokenEntity extends \League\OAuth2\Server\Entity\AccessTokenEntity {
use EntityTrait;
protected $sessionId; protected $sessionId;

View File

@ -1,11 +1,9 @@
<?php <?php
namespace common\components\oauth\Entity; namespace api\components\OAuth2\Entities;
use League\OAuth2\Server\Entity\EntityTrait;
use League\OAuth2\Server\Entity\SessionEntity; use League\OAuth2\Server\Entity\SessionEntity;
class AuthCodeEntity extends \League\OAuth2\Server\Entity\AuthCodeEntity { class AuthCodeEntity extends \League\OAuth2\Server\Entity\AuthCodeEntity {
use EntityTrait;
protected $sessionId; protected $sessionId;

View File

@ -0,0 +1,22 @@
<?php
namespace api\components\OAuth2\Entities;
class ClientEntity extends \League\OAuth2\Server\Entity\ClientEntity {
public function setId(string $id) {
$this->id = $id;
}
public function setName(string $name) {
$this->name = $name;
}
public function setSecret(string $secret) {
$this->secret = $secret;
}
public function setRedirectUri(string $redirectUri) {
$this->redirectUri = $redirectUri;
}
}

View File

@ -0,0 +1,10 @@
<?php
namespace api\components\OAuth2\Entities;
class ScopeEntity extends \League\OAuth2\Server\Entity\ScopeEntity {
public function setId(string $id) {
$this->id = $id;
}
}

View File

@ -1,5 +1,5 @@
<?php <?php
namespace common\components\oauth\Entity; namespace api\components\OAuth2\Entities;
use League\OAuth2\Server\Entity\ClientEntity; use League\OAuth2\Server\Entity\ClientEntity;
use League\OAuth2\Server\Entity\EntityTrait; use League\OAuth2\Server\Entity\EntityTrait;
@ -24,4 +24,8 @@ class SessionEntity extends \League\OAuth2\Server\Entity\SessionEntity {
return $this; return $this;
} }
public function setClientId(string $clientId) {
$this->clientId = $clientId;
}
} }

View File

@ -1,5 +1,5 @@
<?php <?php
namespace common\components\oauth\Exception; namespace api\components\OAuth2\Exceptions;
use League\OAuth2\Server\Exception\OAuthException; use League\OAuth2\Server\Exception\OAuthException;

View File

@ -1,5 +1,5 @@
<?php <?php
namespace common\components\oauth\Exception; namespace api\components\OAuth2\Exceptions;
class AccessDeniedException extends \League\OAuth2\Server\Exception\AccessDeniedException { class AccessDeniedException extends \League\OAuth2\Server\Exception\AccessDeniedException {

View File

@ -1,7 +1,7 @@
<?php <?php
namespace common\components\oauth\Storage\Yii2; namespace api\components\OAuth2\Storage;
use common\components\oauth\Entity\AccessTokenEntity; use api\components\OAuth2\Entities\AccessTokenEntity;
use common\models\OauthAccessToken; use common\models\OauthAccessToken;
use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity; use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity;
use League\OAuth2\Server\Entity\ScopeEntity; use League\OAuth2\Server\Entity\ScopeEntity;
@ -34,11 +34,15 @@ class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
return null; return null;
} }
return (new AccessTokenEntity($this->server))->hydrate([ /** @var SessionStorage $sessionStorage */
'id' => $model->access_token, $sessionStorage = $this->server->getSessionStorage();
'expireTime' => $model->expire_time,
'sessionId' => $model->session_id, $token = new AccessTokenEntity($this->server);
]); $token->setId($model->access_token);
$token->setExpireTime($model->expire_time);
$token->setSession($sessionStorage->getById($model->session_id));
return $token;
} }
/** /**

View File

@ -1,7 +1,7 @@
<?php <?php
namespace common\components\oauth\Storage\Redis; namespace api\components\OAuth2\Storage;
use common\components\oauth\Entity\AuthCodeEntity; use api\components\OAuth2\Entities\AuthCodeEntity;
use common\components\redis\Key; use common\components\redis\Key;
use common\components\redis\Set; use common\components\redis\Set;
use League\OAuth2\Server\Entity\AuthCodeEntity as OriginalAuthCodeEntity; use League\OAuth2\Server\Entity\AuthCodeEntity as OriginalAuthCodeEntity;
@ -28,12 +28,16 @@ class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface {
return null; return null;
} }
return (new AuthCodeEntity($this->server))->hydrate([ /** @var SessionStorage $sessionStorage */
'id' => $result['id'], $sessionStorage = $this->server->getSessionStorage();
'redirectUri' => $result['client_redirect_uri'],
'expireTime' => $result['expire_time'], $entity = new AuthCodeEntity($this->server);
'sessionId' => $result['session_id'], $entity->setId($result['id']);
]); $entity->setRedirectUri($result['client_redirect_uri']);
$entity->setExpireTime($result['expire_time']);
$entity->setSession($sessionStorage->getById($result['session_id']));
return $entity;
} }
/** /**

View File

@ -1,9 +1,9 @@
<?php <?php
namespace common\components\oauth\Storage\Yii2; namespace api\components\OAuth2\Storage;
use common\components\oauth\Entity\SessionEntity; use api\components\OAuth2\Entities\ClientEntity;
use api\components\OAuth2\Entities\SessionEntity;
use common\models\OauthClient; use common\models\OauthClient;
use League\OAuth2\Server\Entity\ClientEntity;
use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity; use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity;
use League\OAuth2\Server\Storage\AbstractStorage; use League\OAuth2\Server\Storage\AbstractStorage;
use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\ClientInterface;
@ -18,15 +18,13 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
* @inheritdoc * @inheritdoc
*/ */
public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null) { public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null) {
$query = OauthClient::find() $query = OauthClient::find()->andWhere(['id' => $clientId]);
->select(['id', 'name', 'secret', 'redirect_uri'])
->where([OauthClient::tableName() . '.id' => $clientId]);
if ($clientSecret !== null) { if ($clientSecret !== null) {
$query->andWhere(['secret' => $clientSecret]); $query->andWhere(['secret' => $clientSecret]);
} }
$model = $query->asArray()->one(); /** @var OauthClient|null $model */
$model = $query->one();
if ($model === null) { if ($model === null) {
return null; return null;
} }
@ -39,22 +37,17 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
* Короче это нужно учесть * Короче это нужно учесть
*/ */
if ($redirectUri !== null) { if ($redirectUri !== null) {
if ($redirectUri === self::REDIRECT_STATIC_PAGE || $redirectUri === self::REDIRECT_STATIC_PAGE_WITH_CODE) { if (in_array($redirectUri, [self::REDIRECT_STATIC_PAGE, self::REDIRECT_STATIC_PAGE_WITH_CODE], true)) {
// Тут, наверное, нужно проверить тип приложения // Тут, наверное, нужно проверить тип приложения
} else { } else {
if (!StringHelper::startsWith($redirectUri, $model['redirect_uri'], false)) { if (!StringHelper::startsWith($redirectUri, $model->redirect_uri, false)) {
return null; return null;
} }
} }
} }
$entity = new ClientEntity($this->server); $entity = $this->hydrate($model);
$entity->hydrate([ $entity->setRedirectUri($redirectUri);
'id' => $model['id'],
'name' => $model['name'],
'secret' => $model['secret'],
'redirectUri' => $redirectUri,
]);
return $entity; return $entity;
} }
@ -67,17 +60,23 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
throw new \ErrorException('This module assumes that $session typeof ' . SessionEntity::class); throw new \ErrorException('This module assumes that $session typeof ' . SessionEntity::class);
} }
$model = OauthClient::find() /** @var OauthClient|null $model */
->select(['id', 'name']) $model = OauthClient::findOne($session->getClientId());
->andWhere(['id' => $session->getClientId()])
->asArray()
->one();
if ($model === null) { if ($model === null) {
return null; return null;
} }
return (new ClientEntity($this->server))->hydrate($model); return $this->hydrate($model);
}
private function hydrate(OauthClient $model) : ClientEntity {
$entity = new ClientEntity($this->server);
$entity->setId($model->id);
$entity->setName($model->name);
$entity->setSecret($model->secret);
$entity->setRedirectUri($model->redirect_uri);
return $entity;
} }
} }

View File

@ -1,5 +1,5 @@
<?php <?php
namespace common\components\oauth\Storage\Redis; namespace api\components\OAuth2\Storage;
use common\components\redis\Key; use common\components\redis\Key;
use League\OAuth2\Server\Entity\RefreshTokenEntity; use League\OAuth2\Server\Entity\RefreshTokenEntity;
@ -19,10 +19,12 @@ class RefreshTokenStorage extends AbstractStorage implements RefreshTokenInterfa
return null; return null;
} }
return (new RefreshTokenEntity($this->server)) $entity = new RefreshTokenEntity($this->server);
->setId($result['id']) $entity->setId($result['id']);
->setExpireTime($result['expire_time']) $entity->setExpireTime($result['expire_time']);
->setAccessTokenId($result['access_token_id']); $entity->setAccessTokenId($result['access_token_id']);
return $entity;
} }
/** /**

View File

@ -1,8 +1,8 @@
<?php <?php
namespace common\components\oauth\Storage\Yii2; namespace api\components\OAuth2\Storage;
use api\components\OAuth2\Entities\ScopeEntity;
use common\models\OauthScope; use common\models\OauthScope;
use League\OAuth2\Server\Entity\ScopeEntity;
use League\OAuth2\Server\Storage\AbstractStorage; use League\OAuth2\Server\Storage\AbstractStorage;
use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Storage\ScopeInterface;
@ -12,13 +12,14 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
* @inheritdoc * @inheritdoc
*/ */
public function get($scope, $grantType = null, $clientId = null) { public function get($scope, $grantType = null, $clientId = null) {
$row = OauthScope::find()->andWhere(['id' => $scope])->asArray()->one(); /** @var OauthScope|null $row */
$row = OauthScope::findOne($scope);
if ($row === null) { if ($row === null) {
return null; return null;
} }
$entity = new ScopeEntity($this->server); $entity = new ScopeEntity($this->server);
$entity->hydrate($row); $entity->setId($row->id);
return $entity; return $entity;
} }

View File

@ -1,8 +1,8 @@
<?php <?php
namespace common\components\oauth\Storage\Yii2; namespace api\components\OAuth2\Storage;
use common\components\oauth\Entity\AuthCodeEntity; use api\components\OAuth2\Entities\AuthCodeEntity;
use common\components\oauth\Entity\SessionEntity; use api\components\OAuth2\Entities\SessionEntity;
use common\models\OauthSession; use common\models\OauthSession;
use ErrorException; use ErrorException;
use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity; use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity;
@ -18,35 +18,12 @@ class SessionStorage extends AbstractStorage implements SessionInterface {
private $cache = []; private $cache = [];
/**
* @param string $sessionId
* @return OauthSession|null
*/
private function getSessionModel($sessionId) {
if (!isset($this->cache[$sessionId])) {
$this->cache[$sessionId] = OauthSession::findOne($sessionId);
}
return $this->cache[$sessionId];
}
private function hydrateEntity($sessionModel) {
if (!$sessionModel instanceof OauthSession) {
return null;
}
return (new SessionEntity($this->server))->hydrate([
'id' => $sessionModel->id,
'client_id' => $sessionModel->client_id,
])->setOwner($sessionModel->owner_type, $sessionModel->owner_id);
}
/** /**
* @param string $sessionId * @param string $sessionId
* @return SessionEntity|null * @return SessionEntity|null
*/ */
public function getSession($sessionId) { public function getById($sessionId) {
return $this->hydrateEntity($this->getSessionModel($sessionId)); return $this->hydrate($this->getSessionModel($sessionId));
} }
/** /**
@ -60,7 +37,7 @@ class SessionStorage extends AbstractStorage implements SessionInterface {
}, },
])->one(); ])->one();
return $this->hydrateEntity($model); return $this->hydrate($model);
} }
/** /**
@ -71,7 +48,7 @@ class SessionStorage extends AbstractStorage implements SessionInterface {
throw new ErrorException('This module assumes that $authCode typeof ' . AuthCodeEntity::class); throw new ErrorException('This module assumes that $authCode typeof ' . AuthCodeEntity::class);
} }
return $this->getSession($authCode->getSessionId()); return $this->getById($authCode->getSessionId());
} }
/** /**
@ -123,4 +100,21 @@ class SessionStorage extends AbstractStorage implements SessionInterface {
$this->getSessionModel($session->getId())->getScopes()->add($scope->getId()); $this->getSessionModel($session->getId())->getScopes()->add($scope->getId());
} }
private function getSessionModel(string $sessionId) : OauthSession {
if (!isset($this->cache[$sessionId])) {
$this->cache[$sessionId] = OauthSession::findOne($sessionId);
}
return $this->cache[$sessionId];
}
private function hydrate(OauthSession $sessionModel) {
$entity = new SessionEntity($this->server);
$entity->setId($sessionModel->id);
$entity->setClientId($sessionModel->client_id);
$entity->setOwner($sessionModel->owner_type, $sessionModel->owner_id);
return $entity;
}
} }

View File

@ -0,0 +1,16 @@
<?php
namespace api\components\OAuth2\Utils\KeyAlgorithm;
use League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface;
use Ramsey\Uuid\Uuid;
class UuidAlgorithm implements KeyAlgorithmInterface {
/**
* @inheritdoc
*/
public function generate($len = 40) : string {
return Uuid::uuid4()->toString();
}
}

View File

@ -63,7 +63,7 @@ return [
'format' => yii\web\Response::FORMAT_JSON, 'format' => yii\web\Response::FORMAT_JSON,
], ],
'oauth' => [ 'oauth' => [
'class' => common\components\oauth\Component::class, 'class' => api\components\OAuth2\Component::class,
'grantTypes' => ['authorization_code'], 'grantTypes' => ['authorization_code'],
], ],
'errorHandler' => [ 'errorHandler' => [

View File

@ -2,8 +2,8 @@
namespace api\controllers; namespace api\controllers;
use api\filters\ActiveUserRule; use api\filters\ActiveUserRule;
use common\components\oauth\Exception\AcceptRequiredException; use api\components\OAuth2\Exceptions\AcceptRequiredException;
use common\components\oauth\Exception\AccessDeniedException; use api\components\OAuth2\Exceptions\AccessDeniedException;
use common\models\Account; use common\models\Account;
use common\models\OauthClient; use common\models\OauthClient;
use common\models\OauthScope; use common\models\OauthScope;
@ -186,7 +186,7 @@ class OauthController extends Controller {
} }
$scopes = $codeModel->getScopes(); $scopes = $codeModel->getScopes();
if (array_search(OauthScope::OFFLINE_ACCESS, array_keys($scopes)) === false) { if (array_search(OauthScope::OFFLINE_ACCESS, array_keys($scopes), true) === false) {
return; return;
} }
} elseif ($grantType === 'refresh_token') { } elseif ($grantType === 'refresh_token') {

View File

@ -32,7 +32,7 @@ abstract class BaseApplication extends yii\base\Application {
* @property \api\components\User\Component $user User component. * @property \api\components\User\Component $user User component.
* @property \api\components\ApiUser\Component $apiUser Api User component. * @property \api\components\ApiUser\Component $apiUser Api User component.
* @property \api\components\ReCaptcha\Component $reCaptcha * @property \api\components\ReCaptcha\Component $reCaptcha
* @property \common\components\oauth\Component $oauth * @property \api\components\OAuth2\Component $oauth
* *
* @method \api\components\User\Component getUser() * @method \api\components\User\Component getUser()
*/ */

View File

@ -1,16 +0,0 @@
<?php
namespace common\components\oauth\Util\KeyAlgorithm;
use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm;
use Ramsey\Uuid\Uuid;
class UuidAlgorithm extends DefaultAlgorithm {
/**
* @inheritdoc
*/
public function generate($len = 40) : string {
return Uuid::uuid4()->toString();
}
}