Restore full functionality of OAuth2 server [skip ci]

common/models/Account.php

@@ -41,6 +41,7 @@ use const common\LATEST_RULES_VERSION;
  * @property UsernameHistory[]    $usernameHistory
  * @property AccountSession[]     $sessions
  * @property MinecraftAccessKey[] $minecraftAccessKeys
+ * @property-read OauthRefreshToken[] $oauthRefreshTokens
  *
  * Behaviors:
  * @mixin TimestampBehavior
@@ -101,6 +102,10 @@ class Account extends ActiveRecord {
         return $this->hasMany(OauthClient::class, ['account_id' => 'id']);
     }
 
+    public function getOauthRefreshTokens(): ActiveQuery {
+        return $this->hasMany(OauthRefreshToken::class, ['account_id' => 'id']);
+    }
+
     public function getUsernameHistory(): ActiveQuery {
         return $this->hasMany(UsernameHistory::class, ['account_id' => 'id']);
     }

common/models/OauthClient.php

@@ -1,4 +1,6 @@
 <?php
+declare(strict_types=1);
+
 namespace common\models;
 
 use Yii;
@@ -22,8 +24,9 @@ use yii\db\ActiveRecord;
  * @property int            $created_at
  *
  * Behaviors:
- * @property Account|null   $account
+ * @property Account|null $account
  * @property OauthSession[] $sessions
+ * @property-read OauthRefreshToken[] $refreshTokens
  */
 class OauthClient extends ActiveRecord {
 
@@ -31,7 +34,7 @@ class OauthClient extends ActiveRecord {
     public const TYPE_MINECRAFT_SERVER = 'minecraft-server';
 
     public static function tableName(): string {
-        return '{{%oauth_clients}}';
+        return 'oauth_clients';
     }
 
     public function behaviors(): array {
@@ -55,6 +58,10 @@ class OauthClient extends ActiveRecord {
         return $this->hasMany(OauthSession::class, ['client_id' => 'id']);
     }
 
+    public function getRefreshTokens(): ActiveQuery {
+        return $this->hasMany(OauthRefreshToken::class, ['client_id' => 'id']);
+    }
+
     public static function find(): OauthClientQuery {
         return Yii::createObject(OauthClientQuery::class, [static::class]);
     }

common/models/OauthOwnerType.php

@@ -1,23 +0,0 @@
-<?php
-namespace common\models;
-
-final class OauthOwnerType {
-
-    /**
-     * Used for sessions belonging directly to account.ely.by users
-     * who have performed password authentication and are using the web interface
-     */
-    public const ACCOUNT = 'accounts';
-
-    /**
-     * Used when a user uses OAuth2 authorization_code protocol to allow an application
-     * to access and perform actions on its own behalf
-     */
-    public const USER = 'user';
-
-    /**
-     * Used for clients authorized via OAuth2 client_credentials protocol
-     */
-    public const CLIENT = 'client';
-
-}

common/models/OauthRefreshToken.php

@@ -0,0 +1,50 @@
+<?php
+declare(strict_types=1);
+
+namespace common\models;
+
+use yii\behaviors\TimestampBehavior;
+use yii\db\ActiveQuery;
+use yii\db\ActiveRecord;
+
+/**
+ * Fields:
+ * @property string $id
+ * @property int    $account_id
+ * @property int    $client_id
+ * @property int    $issued_at
+ *
+ * Relations:
+ * @property-read OauthSession $session
+ * @property-read Account $account
+ * @property-read OauthClient $client
+ */
+class OauthRefreshToken extends ActiveRecord {
+
+    public static function tableName(): string {
+        return 'oauth_refresh_tokens';
+    }
+
+    public function behaviors(): array {
+        return [
+            [
+                'class' => TimestampBehavior::class,
+                'createdAtAttribute' => 'issued_at',
+                'updatedAtAttribute' => false,
+            ],
+        ];
+    }
+
+    public function getSession(): ActiveQuery {
+        return $this->hasOne(OauthSession::class, ['account_id' => 'account_id', 'client_id' => 'client_id']);
+    }
+
+    public function getAccount(): ActiveQuery {
+        return $this->hasOne(Account::class, ['id' => 'account_id']);
+    }
+
+    public function getClient(): ActiveQuery {
+        return $this->hasOne(OauthClient::class, ['id' => 'client_id']);
+    }
+
+}

common/models/OauthSession.php

@@ -17,8 +17,9 @@ use yii\db\ActiveRecord;
  * @property integer $created_at
  *
  * Relations:
- * @property OauthClient $client
- * @property Account     $account
+ * @property-read OauthClient $client
+ * @property-read Account $account
+ * @property-read OauthRefreshToken[] $refreshTokens
  */
 class OauthSession extends ActiveRecord {
 
@@ -43,6 +44,10 @@ class OauthSession extends ActiveRecord {
         return $this->hasOne(Account::class, ['id' => 'owner_id']);
     }
 
+    public function getRefreshTokens(): ActiveQuery {
+        return $this->hasMany(OauthRefreshToken::class, ['account_id' => 'account_id', 'client_id' => 'client_id']);
+    }
+
     public function getScopes(): array {
         if (empty($this->scopes) && $this->legacy_id !== null) {
             return Yii::$app->redis->smembers($this->getLegacyRedisScopesKey());

common/tests/_support/FixtureHelper.php

@@ -1,15 +1,11 @@
 <?php
+declare(strict_types=1);
+
 namespace common\tests\_support;
 
 use Codeception\Module;
 use Codeception\TestInterface;
-use common\tests\fixtures\AccountFixture;
-use common\tests\fixtures\AccountSessionFixture;
-use common\tests\fixtures\EmailActivationFixture;
-use common\tests\fixtures\MinecraftAccessKeyFixture;
-use common\tests\fixtures\OauthClientFixture;
-use common\tests\fixtures\OauthSessionFixture;
-use common\tests\fixtures\UsernameHistoryFixture;
+use common\tests\fixtures;
 use yii\test\FixtureTrait;
 use yii\test\InitDbFixture;
 
@@ -50,13 +46,14 @@ class FixtureHelper extends Module {
 
     public function fixtures() {
         return [
-            'accounts' => AccountFixture::class,
-            'accountSessions' => AccountSessionFixture::class,
-            'emailActivations' => EmailActivationFixture::class,
-            'usernamesHistory' => UsernameHistoryFixture::class,
-            'oauthClients' => OauthClientFixture::class,
-            'oauthSessions' => OauthSessionFixture::class,
-            'minecraftAccessKeys' => MinecraftAccessKeyFixture::class,
+            'accounts' => fixtures\AccountFixture::class,
+            'accountSessions' => fixtures\AccountSessionFixture::class,
+            'emailActivations' => fixtures\EmailActivationFixture::class,
+            'usernamesHistory' => fixtures\UsernameHistoryFixture::class,
+            'oauthClients' => fixtures\OauthClientFixture::class,
+            'oauthSessions' => fixtures\OauthSessionFixture::class,
+            'oauthRefreshTokens' => fixtures\OauthRefreshTokensFixture::class,
+            'minecraftAccessKeys' => fixtures\MinecraftAccessKeyFixture::class,
         ];
     }
 

common/tests/fixtures/OauthRefreshTokensFixture.php

@@ -0,0 +1,19 @@
+<?php
+declare(strict_types=1);
+
+namespace common\tests\fixtures;
+
+use common\models\OauthRefreshToken;
+use yii\test\ActiveFixture;
+
+class OauthRefreshTokensFixture extends ActiveFixture {
+
+    public $modelClass = OauthRefreshToken::class;
+
+    public $dataFile = '@root/common/tests/fixtures/data/oauth-refresh-tokens.php';
+
+    public $depends = [
+        OauthSessionFixture::class,
+    ];
+
+}

common/tests/fixtures/OauthSessionFixture.php

@@ -1,4 +1,6 @@
 <?php
+declare(strict_types=1);
+
 namespace common\tests\fixtures;
 
 use common\models\OauthSession;

common/tests/fixtures/data/oauth-refresh-tokens.php

@@ -0,0 +1,2 @@
+<?php
+return [];