ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-02-18 16:28:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Added jwt public and private key path params to user component

Browse Source
This commit is contained in:
valik 2019-07-26 11:11:09 +03:00
parent 3f9ee42539
commit 445c234360
9 changed files with 59 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env-dist
View File

@ -7,8 +7,8 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000
## Security params
JWT_USER_SECRET=
JWT_PUBLIC_KEY=
JWT_PRIVATE_KEY=
JWT_PUBLIC_KEY_PATH=
JWT_PRIVATE_KEY_PATH=
## External services
RECAPTCHA_PUBLIC=

57
api/components/User/Component.php
View File

@ -11,6 +11,7 @@ use Emarref\Jwt\Algorithm\AlgorithmInterface;
use Emarref\Jwt\Algorithm\Hs256;
use Emarref\Jwt\Algorithm\Rs256;
use Emarref\Jwt\Claim;
use Emarref\Jwt\Encryption\EncryptionInterface;
use Emarref\Jwt\Encryption\Factory as EncryptionFactory;
use Emarref\Jwt\Exception\VerificationException;
use Emarref\Jwt\HeaderParameter\Custom;
@ -46,14 +47,18 @@ class Component extends YiiUserComponent {
public $secret;
public $publicKey;
public $publicKeyPath;
public $privateKey;
public $privateKeyPath;
public $expirationTimeout = 'PT1H';
public $sessionTimeout = 'P7D';
private $publicKey;
private $privateKey;
/**
* @var Token[]
*/
@ -62,16 +67,28 @@ class Component extends YiiUserComponent {
public function init() {
parent::init();
Assert::notEmpty($this->secret, 'secret must be specified');
Assert::notEmpty($this->publicKey, 'public key must be specified');
Assert::notEmpty($this->privateKey, 'private key must be specified');
Assert::notEmpty($this->publicKeyPath, 'public key path must be specified');
Assert::notEmpty($this->privateKeyPath, 'private key path must be specified');
}
if (!($this->publicKey = file_get_contents($this->publicKey))) {
throw new InvalidConfigException('invalid public key');
public function getPublicKey() {
if (empty($this->publicKey)) {
if (!($this->publicKey = file_get_contents($this->publicKeyPath))) {
throw new InvalidConfigException('invalid public key path');
}
}
if (!($this->privateKey = file_get_contents($this->privateKey))) {
throw new InvalidConfigException('invalid private key');
return $this->publicKey;
}
public function getPrivateKey() {
if (empty($this->privateKey)) {
if (!($this->privateKey = file_get_contents($this->privateKeyPath))) {
throw new InvalidConfigException('invalid private key path');
}
}
return $this->privateKey;
}
public function findIdentityByAccessToken($accessToken): ?IdentityInterface {
@ -153,16 +170,9 @@ class Component extends YiiUserComponent {
throw new VerificationException('Incorrect token encoding', 0, $e);
}
$algorithm = $this->getAlgorithm();
$version = $notVerifiedToken->getHeader()->findParameterByName('v');
if ($version === null) {
$algorithm = new Hs256($this->secret);
}
$encryption = EncryptionFactory::create($algorithm);
if ($version !== null) {
$encryption->setPublicKey($this->publicKey);
}
$version = $version ? $version->getValue() : null;
$encryption = $this->getEncryption($version);
$context = new VerificationContext($encryption);
$context->setSubject(self::JWT_SUBJECT_PREFIX);
@ -234,8 +244,19 @@ class Component extends YiiUserComponent {
return new Rs256();
}
public function getEncryption(?int $version): EncryptionInterface {
$algorithm = $version ? new Rs256() : new Hs256($this->secret);
$encryption = EncryptionFactory::create($algorithm);
if ($version) {
$encryption->setPublicKey($this->getPublicKey())->setPrivateKey($this->getPrivateKey());
}
return $encryption;
}
protected function serializeToken(Token $token): string {
$encryption = EncryptionFactory::create($this->getAlgorithm())->setPrivateKey($this->privateKey);
$encryption = $this->getEncryption(1);
return (new Jwt())->serialize($token, $encryption);
}

4
api/config/config.php
View File

@ -11,8 +11,8 @@ return [
'user' => [
'class' => api\components\User\Component::class,
'secret' => getenv('JWT_USER_SECRET'),
'publicKey' => getenv('JWT_PUBLIC_KEY') ?: '/data/certs/public.crt',
'privateKey' => getenv('JWT_PRIVATE_KEY') ?: '/data/certs/private.key',
'publicKeyPath' => getenv('JWT_PUBLIC_KEY') ?: 'data/certs/public.crt',
'privateKeyPath' => getenv('JWT_PRIVATE_KEY') ?: 'data/certs/private.key',
],
'log' => [
'traceLevel' => YII_DEBUG ? 3 : 0,

4
api/tests/unit/components/User/ComponentTest.php
View File

@ -189,8 +189,8 @@ class ComponentTest extends TestCase {
'enableSession' => false,
'loginUrl' => null,
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
];
}

4
api/tests/unit/models/authentication/LogoutFormTest.php
View File

@ -63,8 +63,8 @@ class LogoutFormTest extends TestCase {
'enableSession' => false,
'loginUrl' => null,
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
];
}

8
api/tests/unit/modules/accounts/models/ChangePasswordFormTest.php
View File

@ -61,8 +61,8 @@ class ChangePasswordFormTest extends TestCase {
'enableSession' => false,
'loginUrl' => null,
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldNotReceive('terminateSessions');
@ -123,8 +123,8 @@ class ChangePasswordFormTest extends TestCase {
'enableSession' => false,
'loginUrl' => null,
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldReceive('terminateSessions')->once()->withArgs([$account, Component::KEEP_CURRENT_SESSION]);

4
api/tests/unit/modules/accounts/models/EnableTwoFactorAuthFormTest.php
View File

@ -24,8 +24,8 @@ class EnableTwoFactorAuthFormTest extends TestCase {
'enableSession' => false,
'loginUrl' => null,
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldReceive('terminateSessions')->withArgs([$account, Component::KEEP_CURRENT_SESSION]);

8
common/tests/unit/rbac/rules/AccountOwnerTest.php
View File

@ -15,8 +15,8 @@ class AccountOwnerTest extends TestCase {
public function testIdentityIsNull() {
$component = mock(Component::class . '[findIdentityByAccessToken]', [[
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldDeferMissing();
$component->shouldReceive('findIdentityByAccessToken')->andReturn(null);
@ -40,8 +40,8 @@ class AccountOwnerTest extends TestCase {
$component = mock(Component::class . '[findIdentityByAccessToken]', [[
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldDeferMissing();
$component->shouldReceive('findIdentityByAccessToken')->withArgs(['token'])->andReturn($identity);

4
common/tests/unit/rbac/rules/OauthClientOwnerTest.php
View File

@ -36,8 +36,8 @@ class OauthClientOwnerTest extends TestCase {
/** @var Component|\Mockery\MockInterface $component */
$component = mock(Component::class . '[findIdentityByAccessToken]', [[
'secret' => 'secret',
'publicKey' => 'data/certs/public.crt',
'privateKey' => 'data/certs/private.key',
'publicKeyPath' => 'data/certs/public.crt',
'privateKeyPath' => 'data/certs/private.key',
]]);
$component->shouldDeferMissing();
$component->shouldReceive('findIdentityByAccessToken')->withArgs(['token'])->andReturn($identity);