Implemented oauth session revocation notification.

Reworked webhooks notifications constructors
This commit is contained in:
ErickSkrauch 2020-10-01 01:40:28 +03:00
parent b904d5d314
commit 5fc97fdd7a
13 changed files with 283 additions and 137 deletions

View File

@ -11,6 +11,8 @@ use api\modules\oauth\models\OauthClientTypeForm;
use api\rbac\Permissions as P;
use common\models\Account;
use common\models\OauthClient;
use common\notifications\OAuthSessionRevokedNotification;
use common\tasks\CreateWebHooksDeliveries;
use Webmozart\Assert\Assert;
use Yii;
use yii\db\ActiveQuery;
@ -197,6 +199,8 @@ class ClientsController extends Controller {
if ($session !== null && !$session->isRevoked()) {
$session->revoked_at = time();
Assert::true($session->save());
Yii::$app->queue->push(new CreateWebHooksDeliveries(new OAuthSessionRevokedNotification($session)));
}
return ['success' => true];

View File

@ -5,6 +5,8 @@ namespace common\models;
use Carbon\Carbon;
use common\components\UserPass;
use common\notifications\AccountDeletedNotification;
use common\notifications\AccountEditNotification;
use common\tasks\CreateWebHooksDeliveries;
use DateInterval;
use Webmozart\Assert\Assert;
@ -181,12 +183,13 @@ class Account extends ActiveRecord {
return;
}
Yii::$app->queue->push(CreateWebHooksDeliveries::createAccountEdit($this, $meaningfulChangedAttributes));
$notification = new AccountEditNotification($this, $meaningfulChangedAttributes);
Yii::$app->queue->push(new CreateWebHooksDeliveries($notification));
}
public function afterDelete(): void {
parent::afterDelete();
Yii::$app->queue->push(CreateWebHooksDeliveries::createAccountDeletion($this));
Yii::$app->queue->push(new CreateWebHooksDeliveries(new AccountDeletedNotification($this)));
}
}

View File

@ -0,0 +1,33 @@
<?php
declare(strict_types=1);
namespace common\notifications;
use common\models\Account;
use Webmozart\Assert\Assert;
final class AccountDeletedNotification implements NotificationInterface {
private Account $account;
public function __construct(Account $account) {
Assert::notNull($account->deleted_at, 'Account must be deleted');
$this->account = $account;
}
public static function getType(): string {
return 'account.deletion';
}
public function getPayloads(): array {
return [
'id' => $this->account->id,
'uuid' => $this->account->uuid,
'username' => $this->account->username,
'email' => $this->account->email,
'registered' => date('c', $this->account->created_at),
'deleted' => date('c', $this->account->deleted_at),
];
}
}

View File

@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace common\notifications;
use common\models\Account;
final class AccountEditNotification implements NotificationInterface {
private Account $account;
private array $changedAttributes;
public function __construct(Account $account, array $changedAttributes) {
$this->account = $account;
$this->changedAttributes = $changedAttributes;
}
public static function getType(): string {
return 'account.edit';
}
public function getPayloads(): array {
return [
'id' => $this->account->id,
'uuid' => $this->account->uuid,
'username' => $this->account->username,
'email' => $this->account->email,
'lang' => $this->account->lang,
'isActive' => $this->account->status === Account::STATUS_ACTIVE,
'isDeleted' => $this->account->status === Account::STATUS_DELETED,
'registered' => date('c', (int)$this->account->created_at),
'changedAttributes' => $this->changedAttributes,
];
}
}

View File

@ -0,0 +1,12 @@
<?php
declare(strict_types=1);
namespace common\notifications;
interface NotificationInterface {
public static function getType(): string;
public function getPayloads(): array;
}

View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace common\notifications;
use common\models\OauthSession;
use Webmozart\Assert\Assert;
final class OAuthSessionRevokedNotification implements NotificationInterface {
private OauthSession $oauthSession;
public function __construct(OauthSession $oauthSession) {
Assert::notNull($oauthSession->revoked_at, 'OAuth session must be revoked');
$this->oauthSession = $oauthSession;
}
public static function getType(): string {
return 'oauth2.session_revoked';
}
public function getPayloads(): array {
return [
'accountId' => $this->oauthSession->account_id,
'clientId' => $this->oauthSession->client_id,
'revoked' => date('c', $this->oauthSession->revoked_at),
];
}
}

View File

@ -3,82 +3,44 @@ declare(strict_types=1);
namespace common\tasks;
use common\models\Account;
use common\models\WebHook;
use Yii;
use common\notifications\NotificationInterface;
use yii\db\Expression;
use yii\queue\RetryableJobInterface;
final class CreateWebHooksDeliveries implements RetryableJobInterface {
public string $type;
private NotificationInterface $notification;
public array $payloads;
public function __construct(string $type, array $payloads) {
$this->type = $type;
$this->payloads = $payloads;
public function __construct(NotificationInterface $notification) {
$this->notification = $notification;
}
public static function createAccountEdit(Account $account, array $changedAttributes): self {
return new static('account.edit', [
'id' => $account->id,
'uuid' => $account->uuid,
'username' => $account->username,
'email' => $account->email,
'lang' => $account->lang,
'isActive' => $account->status === Account::STATUS_ACTIVE,
'isDeleted' => $account->status === Account::STATUS_DELETED,
'registered' => date('c', (int)$account->created_at),
'changedAttributes' => $changedAttributes,
]);
}
public static function createAccountDeletion(Account $account): self {
return new static('account.deletion', [
'id' => $account->id,
'uuid' => $account->uuid,
'username' => $account->username,
'email' => $account->email,
'registered' => date('c', (int)$account->created_at),
'deleted' => date('c', (int)$account->deleted_at),
]);
}
/**
* @return int time to reserve in seconds
*/
public function getTtr(): int {
return 10;
}
/**
* @param int $attempt number
* @param \Exception|\Throwable $error from last execute of the job
*
* @return bool
*/
public function canRetry($attempt, $error): bool {
return true;
}
/**
* @param \yii\queue\Queue $queue which pushed and is handling the job
*/
public function execute($queue): void {
$type = $this->notification::getType();
$payloads = $this->notification->getPayloads();
/** @var WebHook[] $targets */
$targets = WebHook::find()
// It's very important to use exactly single quote to begin the string
// and double quote to specify the string value
->andWhere(new Expression("JSON_CONTAINS(`events`, '\"{$this->type}\"')"))
->andWhere(new Expression("JSON_CONTAINS(`events`, '\"{$type}\"')"))
->all();
foreach ($targets as $target) {
$job = new DeliveryWebHook();
$job->type = $this->type;
$job->type = $type;
$job->url = $target->url;
$job->secret = $target->secret;
$job->payloads = $this->payloads;
Yii::$app->queue->push($job);
$job->payloads = $payloads;
$queue->push($job);
}
}

View File

@ -16,39 +16,18 @@ use yii\queue\RetryableJobInterface;
class DeliveryWebHook implements RetryableJobInterface {
/**
* @var string
*/
public $type;
public string $type;
/**
* @var string
*/
public $url;
public string $url;
/**
* @var string|null
*/
public $secret;
public ?string $secret;
/**
* @var array
*/
public $payloads;
public array $payloads;
/**
* @return int time to reserve in seconds
*/
public function getTtr(): int {
return 65;
}
/**
* @param int $attempt number
* @param \Exception|\Throwable $error from last execute of the job
*
* @return bool
*/
public function canRetry($attempt, $error): bool {
if ($attempt >= 5) {
return false;

View File

@ -0,0 +1,36 @@
<?php
declare(strict_types=1);
namespace common\tests\unit\notifications;
use Codeception\Test\Unit;
use common\models\Account;
use common\notifications\AccountDeletedNotification;
/**
* @covers \common\notifications\AccountDeletedNotification
*/
class AccountDeletedNotificationTest extends Unit {
public function testGetPayloads(): void {
$account = new Account();
$account->id = 123;
$account->username = 'mock-username';
$account->uuid = 'afc8dc7a-4bbf-4d3a-8699-68890088cf84';
$account->email = 'mock@ely.by';
$account->created_at = 1531008814;
$account->deleted_at = 1601501781;
$notification = new AccountDeletedNotification($account);
$this->assertSame('account.deletion', $notification::getType());
$this->assertSame([
'id' => 123,
'uuid' => 'afc8dc7a-4bbf-4d3a-8699-68890088cf84',
'username' => 'mock-username',
'email' => 'mock@ely.by',
'registered' => '2018-07-08T00:13:34+00:00',
'deleted' => '2020-09-30T21:36:21+00:00',
], $notification->getPayloads());
}
}

View File

@ -0,0 +1,46 @@
<?php
declare(strict_types=1);
namespace common\tests\unit\notifications;
use Codeception\Test\Unit;
use common\models\Account;
use common\notifications\AccountEditNotification;
/**
* @covers \common\notifications\AccountEditNotification
*/
class AccountEditNotificationTest extends Unit {
public function testGetPayloads(): void {
$account = new Account();
$account->id = 123;
$account->username = 'mock-username';
$account->uuid = 'afc8dc7a-4bbf-4d3a-8699-68890088cf84';
$account->email = 'mock@ely.by';
$account->lang = 'en';
$account->status = Account::STATUS_ACTIVE;
$account->created_at = 1531008814;
$changedAttributes = [
'username' => 'old-username',
'uuid' => 'e05d33e9-ff91-4d26-9f5c-8250f802a87a',
'email' => 'old-email@ely.by',
'status' => 0,
];
$notification = new AccountEditNotification($account, $changedAttributes);
$this->assertSame('account.edit', $notification::getType());
$this->assertSame([
'id' => 123,
'uuid' => 'afc8dc7a-4bbf-4d3a-8699-68890088cf84',
'username' => 'mock-username',
'email' => 'mock@ely.by',
'lang' => 'en',
'isActive' => true,
'isDeleted' => false,
'registered' => '2018-07-08T00:13:34+00:00',
'changedAttributes' => $changedAttributes,
], $notification->getPayloads());
}
}

View File

@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace common\tests\unit\notifications;
use Codeception\Test\Unit;
use common\models\OauthSession;
use common\notifications\OAuthSessionRevokedNotification;
/**
* @covers \common\notifications\OAuthSessionRevokedNotification
*/
class OAuthSessionRevokedNotificationTest extends Unit {
public function testGetPayloads(): void {
$oauthSession = new OauthSession();
$oauthSession->account_id = 1;
$oauthSession->client_id = 'mock-client';
$oauthSession->revoked_at = 1601504074;
$notification = new OAuthSessionRevokedNotification($oauthSession);
$this->assertSame('oauth2.session_revoked', $notification::getType());
$this->assertSame([
'accountId' => 1,
'clientId' => 'mock-client',
'revoked' => '2020-09-30T22:14:34+00:00',
], $notification->getPayloads());
}
}

View File

@ -3,7 +3,7 @@ declare(strict_types=1);
namespace common\tests\unit\tasks;
use common\models\Account;
use common\notifications\NotificationInterface;
use common\tasks\CreateWebHooksDeliveries;
use common\tasks\DeliveryWebHook;
use common\tests\fixtures;
@ -21,67 +21,39 @@ class CreateWebHooksDeliveriesTest extends TestCase {
];
}
public function testCreateAccountEdit() {
$account = new Account();
$account->id = 123;
$account->username = 'mock-username';
$account->uuid = 'afc8dc7a-4bbf-4d3a-8699-68890088cf84';
$account->email = 'mock@ely.by';
$account->lang = 'en';
$account->status = Account::STATUS_ACTIVE;
$account->created_at = 1531008814;
$changedAttributes = [
'username' => 'old-username',
'uuid' => 'e05d33e9-ff91-4d26-9f5c-8250f802a87a',
'email' => 'old-email@ely.by',
'status' => 0,
];
$result = CreateWebHooksDeliveries::createAccountEdit($account, $changedAttributes);
$this->assertSame('account.edit', $result->type);
$this->assertEmpty(array_diff_assoc([
'id' => 123,
'uuid' => 'afc8dc7a-4bbf-4d3a-8699-68890088cf84',
'username' => 'mock-username',
'email' => 'mock@ely.by',
'lang' => 'en',
'isActive' => true,
'registered' => '2018-07-08T00:13:34+00:00',
], $result->payloads));
$this->assertSame($changedAttributes, $result->payloads['changedAttributes']);
}
public function testExecute() {
$task = new CreateWebHooksDeliveries('account.edit', [
'id' => 123,
'uuid' => 'afc8dc7a-4bbf-4d3a-8699-68890088cf84',
'username' => 'mock-username',
'email' => 'mock@ely.by',
'lang' => 'en',
'isActive' => true,
'registered' => '2018-07-08T00:13:34+00:00',
'changedAttributes' => [
'username' => 'old-username',
'uuid' => 'e05d33e9-ff91-4d26-9f5c-8250f802a87a',
'email' => 'old-email@ely.by',
'status' => 0,
],
]);
$task->execute($this->createMock(Queue::class));
/** @var DeliveryWebHook[] $tasks */
$tasks = $this->tester->grabQueueJobs();
$this->assertCount(2, $tasks);
$notification = new class implements NotificationInterface {
public static function getType(): string {
return 'account.edit';
}
$this->assertInstanceOf(DeliveryWebHook::class, $tasks[0]);
$this->assertSame($task->type, $tasks[0]->type);
$this->assertSame($task->payloads, $tasks[0]->payloads);
$this->assertSame('http://localhost:80/webhooks/ely', $tasks[0]->url);
$this->assertSame('my-secret', $tasks[0]->secret);
public function getPayloads(): array {
return ['key' => 'value'];
}
};
$this->assertInstanceOf(DeliveryWebHook::class, $tasks[1]);
$this->assertSame($task->type, $tasks[1]->type);
$this->assertSame($task->payloads, $tasks[1]->payloads);
$this->assertSame('http://localhost:81/webhooks/ely', $tasks[1]->url);
$this->assertNull($tasks[1]->secret);
$queue = $this->createMock(Queue::class);
$queue->expects($this->exactly(2))->method('push')->withConsecutive(
[$this->callback(function(DeliveryWebHook $task): bool {
$this->assertSame('account.edit', $task->type);
$this->assertSame(['key' => 'value'], $task->payloads);
$this->assertSame('http://localhost:80/webhooks/ely', $task->url);
$this->assertSame('my-secret', $task->secret);
return true;
})],
[$this->callback(function(DeliveryWebHook $task): bool {
$this->assertSame('account.edit', $task->type);
$this->assertSame(['key' => 'value'], $task->payloads);
$this->assertSame('http://localhost:81/webhooks/ely', $task->url);
$this->assertNull($task->secret);
return true;
})],
);
$task = new CreateWebHooksDeliveries($notification);
$task->execute($queue);
}
}

View File

@ -4,6 +4,7 @@ declare(strict_types=1);
namespace console\models;
use common\models\WebHook;
use common\notifications;
use Webmozart\Assert\Assert;
use yii\base\Model;
@ -50,8 +51,9 @@ class WebHookForm extends Model {
public static function getEvents(): array {
return [
'account.edit',
'account.deletion',
notifications\AccountEditNotification::getType(),
notifications\AccountDeletedNotification::getType(),
notifications\OAuthSessionRevokedNotification::getType(),
];
}