ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Resolves #2. Implemented authlib-injector support

Browse Source
This commit is contained in:
ErickSkrauch
2021-03-03 15:04:42 +01:00
parent 10ab237d1d
commit 4856695940
17 changed files with 505 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
api/config/config-test.php
View File

@@ -17,7 +17,7 @@ return [
'authserverHost' => 'localhost',
],
'container' => [
'definitions' => [
'singletons' => [
api\components\ReCaptcha\Validator::class => function() {
return new class(new GuzzleHttp\Client()) extends api\components\ReCaptcha\Validator {
protected function validateValue($value) {
@@ -34,6 +34,45 @@ return [
],
];
}
public function profile(string $username, bool $signed = false): ?array {
$account = common\models\Account::findOne(['username' => $username]);
$uuid = $account ? str_replace('-', '', $account->uuid) : '00000000000000000000000000000000';
$profile = [
'name' => $username,
'id' => $uuid,
'properties' => [
[
'name' => 'textures',
'value' => base64_encode(json_encode([
'timestamp' => Carbon\Carbon::now()->getPreciseTimestamp(3),
'profileId' => $uuid,
'profileName' => $username,
'textures' => [
'SKIN' => [
'url' => 'http://ely.by/skin.png',
],
],
])),
],
[
'name' => 'ely',
'value' => 'but why are you asking?',
],
],
];
if ($signed) {
$profile['properties'][0]['signature'] = 'signature';
}
return $profile;
}
public function getSignatureVerificationKey(string $format = 'pem'): string {
return "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANbUpVCZkMKpfvYZ08W3lumdAaYxLBnm\nUDlzHBQH3DpYef5WCO32TDU6feIJ58A0lAywgtZ4wwi2dGHOz/1hAvcCAwEAAQ==\n-----END PUBLIC KEY-----";
}
};
},
],

6
api/config/routes.php
View File

@@ -46,4 +46,10 @@ return [
'/mojang/profiles/<username>' => 'mojang/api/uuid-by-username',
'/mojang/profiles/<uuid>/names' => 'mojang/api/usernames-by-uuid',
'POST /mojang/profiles' => 'mojang/api/uuids-by-usernames',
// authlib-injector
'/authlib-injector/authserver/<action>' => 'authserver/authentication/<action>',
'/authlib-injector/sessionserver/session/minecraft/join' => 'session/session/join',
'/authlib-injector/sessionserver/session/minecraft/hasJoined' => 'session/session/has-joined',
'/authlib-injector/sessionserver/session/minecraft/profile/<uuid>' => 'session/session/profile',
];

44
api/controllers/AuthlibInjectorController.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace api\controllers;
use api\filters\NginxCache;
use common\components\SkinsSystemApi;
use yii\helpers\ArrayHelper;
use yii\web\Controller as BaseController;
final class AuthlibInjectorController extends BaseController {
public function behaviors(): array {
return ArrayHelper::merge(parent::behaviors(), [
'nginxCache' => [
'class' => NginxCache::class,
'rules' => [
'index' => 3600, // 1h
],
],
]);
}
public function actionIndex(SkinsSystemApi $skinsSystemApi): array {
return [
'meta' => [
'serverName' => 'Ely.by',
'implementationName' => 'Account Ely.by adapter for the authlib-injector library',
'implementationVersion' => '1.0.0',
'feature.no_mojang_namespace' => true,
'links' => [
'homepage' => 'https://ely.by',
'register' => 'https://account.ely.by/register',
],
],
'skinDomains' => [
'ely.by',
'.ely.by',
],
'signaturePublickey' => $skinsSystemApi->getSignatureVerificationKey(),
];
}
}

7
api/modules/session/controllers/SessionController.php
View File

@@ -85,7 +85,7 @@ class SessionController extends Controller {
$account = $hasJoinedForm->hasJoined();
$textures = new Textures($account);
return $textures->getMinecraftResponse();
return $textures->getMinecraftResponse(true);
}
public function actionHasJoinedLegacy(): string {
@@ -109,11 +109,12 @@ class SessionController extends Controller {
/**
* @param string $uuid
* @param string $unsigned
*
* @return array|null
* @throws IllegalArgumentException
*/
public function actionProfile(string $uuid): ?array {
public function actionProfile(string $uuid, string $unsigned = null): ?array {
try {
$uuid = Uuid::fromString($uuid)->toString();
} catch (\InvalidArgumentException $e) {
@@ -127,7 +128,7 @@ class SessionController extends Controller {
return null;
}
return (new Textures($account))->getMinecraftResponse();
return (new Textures($account))->getMinecraftResponse($unsigned === 'false');
}
}

9
api/tests/_pages/SessionServerRoute.php
View File

@@ -19,8 +19,13 @@ class SessionServerRoute extends BasePage {
$this->getActor()->sendGET('/api/minecraft/session/legacy/hasJoined', $params);
}
public function profile($profileUuid) {
$this->getActor()->sendGET("/api/minecraft/session/profile/{$profileUuid}");
public function profile(string $profileUuid, bool $signed = false) {
$url = "/api/minecraft/session/profile/{$profileUuid}";
if ($signed) {
$url .= '?unsigned=false';
}
$this->getActor()->sendGET($url);
}
}

19
api/tests/functional/_steps/SessionServerSteps.php
View File

@@ -36,19 +36,31 @@ class SessionServerSteps extends FunctionalTester {
return [$username, $serverId];
}
public function canSeeValidTexturesResponse($expectedUsername, $expectedUuid) {
public function canSeeValidTexturesResponse(
string $expectedUsername,
string $expectedUuid,
bool $shouldBeSigned = false
) {
$this->seeResponseIsJson();
$this->canSeeResponseContainsJson([
'name' => $expectedUsername,
'id' => $expectedUuid,
'ely' => true,
'properties' => [
[
'name' => 'textures',
'signature' => 'Cg==',
],
[
'name' => 'ely',
'value' => 'but why are you asking?',
],
],
]);
if ($shouldBeSigned) {
$this->canSeeResponseJsonMatchesJsonPath('$.properties[?(@.name == "textures")].signature');
} else {
$this->cantSeeResponseJsonMatchesJsonPath('$.properties[?(@.name == "textures")].signature');
}
$this->canSeeResponseJsonMatchesJsonPath('$.properties[0].value');
$value = $this->grabDataFromResponseByJsonPath('$.properties[0].value')[0];
$decoded = json_decode(base64_decode($value), true);
@@ -56,7 +68,6 @@ class SessionServerSteps extends FunctionalTester {
$this->assertArrayHasKey('textures', $decoded);
$this->assertSame($expectedUuid, $decoded['profileId']);
$this->assertSame($expectedUsername, $decoded['profileName']);
$this->assertTrue($decoded['ely']);
$textures = $decoded['textures'];
$this->assertArrayHasKey('SKIN', $textures);
$skinTextures = $textures['SKIN'];

52
api/tests/functional/authlibInjector/HasJoinedCest.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\authlibInjector;
use api\tests\functional\_steps\SessionServerSteps;
use api\tests\FunctionalTester;
use function Ramsey\Uuid\v4 as uuid;
class HasJoinedCest {
public function hasJoined(SessionServerSteps $I) {
$I->wantTo('check hasJoined user to some server');
[$username, $serverId] = $I->amJoined();
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
'username' => $username,
'serverId' => $serverId,
]);
$I->seeResponseCodeIs(200);
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022', true);
}
public function wrongArguments(FunctionalTester $I) {
$I->wantTo('get error on wrong amount of arguments');
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
'wrong' => 'argument',
]);
$I->canSeeResponseCodeIs(400);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'IllegalArgumentException',
'errorMessage' => 'credentials can not be null.',
]);
}
public function hasJoinedWithNoJoinOperation(FunctionalTester $I) {
$I->wantTo('hasJoined to some server without join call');
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/hasJoined', [
'username' => 'some-username',
'serverId' => uuid(),
]);
$I->seeResponseCodeIs(401);
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid token.',
]);
}
}

30
api/tests/functional/authlibInjector/IndexCest.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\authlibInjector;
use api\tests\FunctionalTester;
class IndexCest {
public function index(FunctionalTester $I) {
$I->sendGet('/api/authlib-injector');
$I->seeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'meta' => [
'serverName' => 'Ely.by',
'implementationName' => 'Account Ely.by adapter for the authlib-injector library',
'implementationVersion' => '1.0.0',
'feature.no_mojang_namespace' => true,
'links' => [
'homepage' => 'https://ely.by',
'register' => 'https://account.ely.by/register',
],
],
'skinDomains' => ['ely.by', '.ely.by'],
'signaturePublickey' => "-----BEGIN PUBLIC KEY-----\nMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANbUpVCZkMKpfvYZ08W3lumdAaYxLBnm\nUDlzHBQH3DpYef5WCO32TDU6feIJ58A0lAywgtZ4wwi2dGHOz/1hAvcCAwEAAQ==\n-----END PUBLIC KEY-----",
]);
$I->canSeeHttpHeader('X-Accel-Expires');
}
}

147
api/tests/functional/authlibInjector/JoinCest.php Normal file
View File

@@ -0,0 +1,147 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\authlibInjector;
use api\rbac\Permissions as P;
use api\tests\functional\_steps\AuthserverSteps;
use api\tests\functional\_steps\OauthSteps;
use api\tests\FunctionalTester;
use Codeception\Example;
use function Ramsey\Uuid\v4 as uuid;
class JoinCest {
public function joinByLegacyAuthserver(AuthserverSteps $I) {
$I->wantTo('join to server, using legacy authserver access token');
[$accessToken] = $I->amAuthenticated();
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => $accessToken,
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$this->expectSuccessResponse($I);
}
public function joinByPassJsonInPost(AuthserverSteps $I) {
$I->wantTo('join to server, passing data in body as encoded json');
[$accessToken] = $I->amAuthenticated();
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => $accessToken,
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$this->expectSuccessResponse($I);
}
/**
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
* @example ["df936908b2e1544d96f82977ec213022"]
*/
public function joinByOauth2Token(OauthSteps $I, Example $case) {
$I->wantTo('join to server, using modern oAuth2 generated token');
$accessToken = $I->getAccessToken([P::MINECRAFT_SERVER_SESSION]);
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => $accessToken,
'selectedProfile' => $case[0],
'serverId' => uuid(),
]);
$this->expectSuccessResponse($I);
}
public function joinByModernOauth2TokenWithoutPermission(OauthSteps $I) {
$I->wantTo('join to server, using moder oAuth2 generated token, but without minecraft auth permission');
$accessToken = $I->getAccessToken(['account_info', 'account_email']);
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => $accessToken,
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$I->seeResponseCodeIs(401);
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'The token does not have required scope.',
]);
}
public function joinWithExpiredToken(FunctionalTester $I) {
$I->wantTo('join to some server with expired accessToken');
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => '6042634a-a1e2-4aed-866c-c661fe4e63e2',
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$I->seeResponseCodeIs(401);
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Expired access_token.',
]);
}
public function wrongArguments(FunctionalTester $I) {
$I->wantTo('get error on wrong amount of arguments');
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'wrong' => 'argument',
]);
$I->canSeeResponseCodeIs(400);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'IllegalArgumentException',
'errorMessage' => 'credentials can not be null.',
]);
}
public function joinWithWrongAccessToken(FunctionalTester $I) {
$I->wantTo('join to some server with wrong accessToken');
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => uuid(),
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$I->seeResponseCodeIs(401);
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid access_token.',
]);
}
public function joinWithNilUuids(FunctionalTester $I) {
$I->wantTo('join to some server with nil accessToken and selectedProfile');
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => '00000000-0000-0000-0000-000000000000',
'selectedProfile' => 'df936908-b2e1-544d-96f8-2977ec213022',
'serverId' => uuid(),
]);
$I->canSeeResponseCodeIs(400);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'IllegalArgumentException',
'errorMessage' => 'credentials can not be null.',
]);
}
public function joinByAccountMarkedForDeletion(FunctionalTester $I) {
$I->sendPOST('/api/authlib-injector/sessionserver/session/minecraft/join', [
'accessToken' => '239ba889-7020-4383-8d99-cd8c8aab4a2f',
'selectedProfile' => '6383de63-8f85-4ed5-92b7-5401a1fa68cd',
'serverId' => uuid(),
]);
$I->canSeeResponseCodeIs(401);
$I->canSeeResponseContainsJson([
'error' => 'ForbiddenOperationException',
'errorMessage' => 'Invalid credentials',
]);
}
private function expectSuccessResponse(FunctionalTester $I) {
$I->seeResponseCodeIs(200);
$I->seeResponseIsJson();
$I->canSeeResponseContainsJson([
'id' => 'OK',
]);
}
}

56
api/tests/functional/authlibInjector/ProfileCest.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
namespace api\tests\functional\authlibInjector;
use api\tests\functional\_steps\SessionServerSteps;
use api\tests\FunctionalTester;
use Codeception\Example;
use function Ramsey\Uuid\v4;
class ProfileCest {
/**
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
* @example ["df936908b2e1544d96f82977ec213022"]
*/
public function getProfile(SessionServerSteps $I, Example $case) {
$I->sendGET("/api/authlib-injector/sessionserver/session/minecraft/profile/{$case[0]}");
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', false);
}
public function getProfileSigned(SessionServerSteps $I) {
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/df936908b2e1544d96f82977ec213022?unsigned=false');
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', true);
}
public function directCallWithoutUuidPart(FunctionalTester $I) {
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/');
$I->canSeeResponseCodeIs(404);
}
public function callWithInvalidUuid(FunctionalTester $I) {
$I->wantTo('call profile route with invalid uuid string');
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/bla-bla-bla');
$I->canSeeResponseCodeIs(400);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'error' => 'IllegalArgumentException',
'errorMessage' => 'Invalid uuid format.',
]);
}
public function getProfileWithNonexistentUuid(FunctionalTester $I) {
$I->wantTo('get info about nonexistent uuid');
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/' . v4());
$I->canSeeResponseCodeIs(204);
$I->canSeeResponseEquals('');
}
public function getProfileOfAccountMarkedForDeletion(FunctionalTester $I) {
$I->sendGET('/api/authlib-injector/sessionserver/session/minecraft/profile/6383de63-8f85-4ed5-92b7-5401a1fa68cd');
$I->canSeeResponseCodeIs(204);
$I->canSeeResponseEquals('');
}
}

2
api/tests/functional/sessionserver/HasJoinedCest.php
View File

@@ -26,7 +26,7 @@ class HasJoinedCest {
'serverId' => $serverId,
]);
$I->seeResponseCodeIs(200);
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022');
$I->canSeeValidTexturesResponse($username, 'df936908b2e1544d96f82977ec213022', true);
}
public function wrongArguments(FunctionalTester $I) {

17
api/tests/functional/sessionserver/ProfileCest.php
View File

@@ -4,6 +4,7 @@ namespace api\tests\functional\sessionserver;
use api\tests\_pages\SessionServerRoute;
use api\tests\functional\_steps\SessionServerSteps;
use api\tests\FunctionalTester;
use Codeception\Example;
use function Ramsey\Uuid\v4;
class ProfileCest {
@@ -17,16 +18,20 @@ class ProfileCest {
$this->route = new SessionServerRoute($I);
}
public function getProfile(SessionServerSteps $I) {
/**
* @example ["df936908-b2e1-544d-96f8-2977ec213022"]
* @example ["df936908b2e1544d96f82977ec213022"]
*/
public function getProfile(SessionServerSteps $I, Example $case) {
$I->wantTo('get info about player textures by uuid');
$this->route->profile('df936908-b2e1-544d-96f8-2977ec213022');
$this->route->profile($case[0]);
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022');
}
public function getProfileByUuidWithoutDashes(SessionServerSteps $I) {
$I->wantTo('get info about player textures by uuid without dashes');
$this->route->profile('df936908b2e1544d96f82977ec213022');
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022');
public function getProfileWithSignedTextures(SessionServerSteps $I) {
$I->wantTo('get info about player textures by uuid');
$this->route->profile('df936908b2e1544d96f82977ec213022', true);
$I->canSeeValidTexturesResponse('Admin', 'df936908b2e1544d96f82977ec213022', true);
}
public function directCallWithoutUuidPart(FunctionalTester $I) {