Implementation of the backend for the OAuth2 clients management

2025-05-31 14:11:46 +05:30 · 2018-02-28 01:27:35 +03:00
parent ddec87e3a9
commit 673429e577
55 changed files with 1810 additions and 65 deletions
--- a/tests/codeception/common/fixtures/data/accounts.php
+++ b/tests/codeception/common/fixtures/data/accounts.php
@@ -186,4 +186,20 @@ return [
        'updated_at' => 1485124685,
        'password_changed_at' => 1485124685,
    ],
+    'account-with-two-oauth-clients' => [
+        'id' => 14,
+        'uuid' => '1b946267-b1a9-4409-ae83-94f84a329883',
+        'username' => 'TwoOauthClients',
+        'email' => 'oauth2-two@gmail.com',
+        'password_hash' => '$2y$13$2rYkap5T6jG8z/mMK8a3Ou6aZxJcmAaTha6FEuujvHEmybSHRzW5e', # password_0
+        'password_hash_strategy' => \common\models\Account::PASS_HASH_STRATEGY_YII2,
+        'lang' => 'ru',
+        'status' => \common\models\Account::STATUS_ACTIVE,
+        'rules_agreement_version' => \common\LATEST_RULES_VERSION,
+        'otp_secret' => null,
+        'is_otp_enabled' => false,
+        'created_at' => 1519487320,
+        'updated_at' => 1519487320,
+        'password_changed_at' => 1519487320,
+    ],
 ];
--- a/tests/codeception/common/fixtures/data/oauth-clients.php
+++ b/tests/codeception/common/fixtures/data/oauth-clients.php
@@ -3,51 +3,141 @@ return [
    'ely' => [
        'id' => 'ely',
        'secret' => 'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
+        'type' => 'application',
        'name' => 'Ely.by',
        'description' => 'Всем знакомое елуби',
        'redirect_uri' => 'http://ely.by',
+        'website_url' => '',
+        'minecraft_server_ip' => '',
        'account_id' => null,
        'is_trusted' => 0,
+        'is_deleted' => 0,
        'created_at' => 1455309271,
    ],
    'tlauncher' => [
        'id' => 'tlauncher',
        'secret' => 'HsX-xXzdGiz3mcsqeEvrKHF47sqiaX94',
+        'type' => 'application',
        'name' => 'TLauncher',
        'description' => 'Лучший альтернативный лаунчер для Minecraft с большим количеством версий и их модификаций, а также возмоностью входа как с лицензионным аккаунтом, так и без него.',
        'redirect_uri' => '',
+        'website_url' => '',
+        'minecraft_server_ip' => '',
        'account_id' => null,
        'is_trusted' => 0,
+        'is_deleted' => 0,
        'created_at' => 1455318468,
    ],
    'test1' => [
        'id' => 'test1',
        'secret' => 'eEvrKHF47sqiaX94HsX-xXzdGiz3mcsq',
+        'type' => 'application',
        'name' => 'Test1',
        'description' => 'Some description',
        'redirect_uri' => 'http://test1.net',
+        'website_url' => '',
+        'minecraft_server_ip' => '',
        'account_id' => null,
        'is_trusted' => 0,
+        'is_deleted' => 0,
        'created_at' => 1479937982,
    ],
    'trustedClient' => [
        'id' => 'trusted-client',
        'secret' => 'tXBbyvMcyaOgHMOAXBpN2EC7uFoJAaL9',
+        'type' => 'application',
        'name' => 'Trusted client',
        'description' => 'Это клиент, которому мы доверяем',
        'redirect_uri' => null,
+        'website_url' => '',
+        'minecraft_server_ip' => '',
        'account_id' => null,
        'is_trusted' => 1,
+        'is_deleted' => 0,
        'created_at' => 1482922663,
    ],
    'defaultClient' => [
        'id' => 'default-client',
        'secret' => 'AzWRy7ZjS1yRQUk2vRBDic8fprOKDB1W',
+        'type' => 'application',
        'name' => 'Default client',
        'description' => 'Это обычный клиент, каких может быть много',
        'redirect_uri' => null,
+        'website_url' => '',
+        'minecraft_server_ip' => '',
        'account_id' => null,
        'is_trusted' => 0,
+        'is_deleted' => 0,
        'created_at' => 1482922711,
    ],
+    'admin_oauth_client' => [
+        'id' => 'admin-oauth-client',
+        'secret' => 'FKyO71iCIlv4YM2IHlLbhsvYoIJScUzTZt1kEK7DQLXXYISLDvURVXK32Q58sHWS',
+        'type' => 'application',
+        'name' => 'Admin\'s oauth client',
+        'description' => 'Personal oauth client',
+        'redirect_uri' => 'http://some-site.com/oauth/ely',
+        'website_url' => '',
+        'minecraft_server_ip' => '',
+        'account_id' => 1,
+        'is_trusted' => 0,
+        'is_deleted' => 0,
+        'created_at' => 1519254133,
+    ],
+    'first_test_oauth_client' => [
+        'id' => 'first-test-oauth-client',
+        'secret' => 'Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT',
+        'type' => 'application',
+        'name' => 'First test oauth client',
+        'description' => 'Some description to the first oauth client',
+        'redirect_uri' => 'http://some-site-1.com/oauth/ely',
+        'website_url' => '',
+        'minecraft_server_ip' => '',
+        'account_id' => 14,
+        'is_trusted' => 0,
+        'is_deleted' => 0,
+        'created_at' => 1519487434,
+    ],
+    'another_test_oauth_client' => [
+        'id' => 'another-test-oauth-client',
+        'secret' => 'URVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXXYISLDvIHlLbhsvYoIJScUzT',
+        'type' => 'minecraft-server',
+        'name' => 'Another test oauth client',
+        'description' => null,
+        'redirect_uri' => null,
+        'website_url' => '',
+        'minecraft_server_ip' => '136.243.88.97:25565',
+        'account_id' => 14,
+        'is_trusted' => 0,
+        'is_deleted' => 0,
+        'created_at' => 1519487472,
+    ],
+    'deleted_oauth_client' => [
+        'id' => 'deleted-oauth-client',
+        'secret' => 'YISLDvIHlLbhsvYoIJScUzTURVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXX',
+        'type' => 'application',
+        'name' => 'I was deleted :(',
+        'description' => null,
+        'redirect_uri' => 'http://not-exists-site.com/oauth/ely',
+        'website_url' => '',
+        'minecraft_server_ip' => null,
+        'account_id' => 1,
+        'is_trusted' => 0,
+        'is_deleted' => 1,
+        'created_at' => 1519504563,
+    ],
+    'deleted_oauth_client_with_sessions' => [
+        'id' => 'deleted-oauth-client-with-sessions',
+        'secret' => 'EK7DQLXXYISLDvIHlLbhsvYoIJScUzTURVXK32Q58sHWSFKyO71iCIlv4YM2Zt1k',
+        'type' => 'application',
+        'name' => 'I still have some sessions ^_^',
+        'description' => null,
+        'redirect_uri' => 'http://not-exists-site.com/oauth/ely',
+        'website_url' => '',
+        'minecraft_server_ip' => null,
+        'account_id' => 1,
+        'is_trusted' => 0,
+        'is_deleted' => 1,
+        'created_at' => 1519507190,
+    ],
 ];
--- a/tests/codeception/common/fixtures/data/oauth-sessions.php
+++ b/tests/codeception/common/fixtures/data/oauth-sessions.php
@@ -6,6 +6,7 @@ return [
        'owner_id' => 1,
        'client_id' => 'test1',
        'client_redirect_uri' => 'http://test1.net/oauth',
+        'created_at' => 1479944472,
    ],
    'banned-account-session' => [
        'id' => 2,
@@ -13,5 +14,22 @@ return [
        'owner_id' => 10,
        'client_id' => 'test1',
        'client_redirect_uri' => 'http://test1.net/oauth',
+        'created_at' => 1481421663,
+    ],
+    'deleted-client-session' => [
+        'id' => 3,
+        'owner_type' => 'user',
+        'owner_id' => 1,
+        'client_id' => 'deleted-oauth-client-with-sessions',
+        'client_redirect_uri' => 'http://not-exists-site.com/oauth/ely',
+        'created_at' => 1519510065,
+    ],
+    'actual-deleted-client-session' => [
+        'id' => 4,
+        'owner_type' => 'user',
+        'owner_id' => 2,
+        'client_id' => 'deleted-oauth-client-with-sessions',
+        'client_redirect_uri' => 'http://not-exists-site.com/oauth/ely',
+        'created_at' => 1519511568,
    ],
 ];
--- a/tests/codeception/common/unit/models/OauthClientQueryTest.php
+++ b/tests/codeception/common/unit/models/OauthClientQueryTest.php
@@ -0,0 +1,42 @@
+<?php
+namespace tests\codeception\common\unit\models;
+
+use common\models\OauthClient;
+use tests\codeception\common\fixtures\OauthClientFixture;
+use tests\codeception\common\unit\TestCase;
+
+class OauthClientQueryTest extends TestCase {
+
+    public function _fixtures() {
+        return [
+            'oauthClients' => OauthClientFixture::class,
+        ];
+    }
+
+    public function testDefaultHideDeletedEntries() {
+        /** @var OauthClient[] $clients */
+        $clients = OauthClient::find()->all();
+        $this->assertEmpty(array_filter($clients, function(OauthClient $client) {
+            return (bool)$client->is_deleted === true;
+        }));
+        $this->assertNull(OauthClient::findOne('deleted-oauth-client'));
+    }
+
+    public function testAllowFindDeletedEntries() {
+        /** @var OauthClient[] $clients */
+        $clients = OauthClient::find()->includeDeleted()->all();
+        $this->assertNotEmpty(array_filter($clients, function(OauthClient $client) {
+            return (bool)$client->is_deleted === true;
+        }));
+        $client = OauthClient::find()
+            ->includeDeleted()
+            ->andWhere(['id' => 'deleted-oauth-client'])
+            ->one();
+        $this->assertInstanceOf(OauthClient::class, $client);
+        $deletedClients = OauthClient::find()->onlyDeleted()->all();
+        $this->assertEmpty(array_filter($deletedClients, function(OauthClient $client) {
+            return (bool)$client->is_deleted === false;
+        }));
+    }
+
+}
--- a/tests/codeception/common/unit/rbac/rules/AccountOwnerTest.php
+++ b/tests/codeception/common/unit/rbac/rules/AccountOwnerTest.php
@@ -40,6 +40,7 @@ class AccountOwnerTest extends TestCase {

        Yii::$app->set('user', $component);

+        $this->assertFalse($rule->execute('token', $item, []));
        $this->assertFalse($rule->execute('token', $item, ['accountId' => 2]));
        $this->assertFalse($rule->execute('token', $item, ['accountId' => '2']));
        $this->assertTrue($rule->execute('token', $item, ['accountId' => 1]));
@@ -53,11 +54,4 @@ class AccountOwnerTest extends TestCase {
        $this->assertFalse($rule->execute('token', $item, ['accountId' => 1, 'optionalRules' => true]));
    }

-    /**
-     * @expectedException \yii\base\InvalidParamException
-     */
-    public function testExecuteWithException() {
-        (new AccountOwner())->execute('', new Item(), []);
-    }
-
 }
--- a/tests/codeception/common/unit/rbac/rules/OauthClientOwnerTest.php
+++ b/tests/codeception/common/unit/rbac/rules/OauthClientOwnerTest.php
@@ -0,0 +1,53 @@
+<?php
+namespace tests\codeception\common\unit\rbac\rules;
+
+use api\components\User\Component;
+use api\components\User\IdentityInterface;
+use common\models\Account;
+use common\rbac\Permissions as P;
+use common\rbac\rules\OauthClientOwner;
+use tests\codeception\common\fixtures\OauthClientFixture;
+use tests\codeception\common\unit\TestCase;
+use Yii;
+use yii\rbac\Item;
+use const common\LATEST_RULES_VERSION;
+
+class OauthClientOwnerTest extends TestCase {
+
+    public function _fixtures() {
+        return [
+            'oauthClients' => OauthClientFixture::class,
+        ];
+    }
+
+    public function testExecute() {
+        $rule = new OauthClientOwner();
+        $item = new Item();
+
+        $account = new Account();
+        $account->id = 1;
+        $account->status = Account::STATUS_ACTIVE;
+        $account->rules_agreement_version = LATEST_RULES_VERSION;
+
+        /** @var IdentityInterface|\Mockery\MockInterface $identity */
+        $identity = mock(IdentityInterface::class);
+        $identity->shouldReceive('getAccount')->andReturn($account);
+
+        /** @var Component|\Mockery\MockInterface $component */
+        $component = mock(Component::class . '[findIdentityByAccessToken]', [['secret' => 'secret']]);
+        $component->shouldDeferMissing();
+        $component->shouldReceive('findIdentityByAccessToken')->withArgs(['token'])->andReturn($identity);
+
+        Yii::$app->set('user', $component);
+
+        $this->assertFalse($rule->execute('token', $item, []));
+        $this->assertTrue($rule->execute('token', $item, ['clientId' => 'admin-oauth-client']));
+        $this->assertFalse($rule->execute('token', $item, ['clientId' => 'not-exists-client']));
+        $account->id = 2;
+        $this->assertFalse($rule->execute('token', $item, ['clientId' => 'admin-oauth-client']));
+        $item->name = P::VIEW_OWN_OAUTH_CLIENTS;
+        $this->assertTrue($rule->execute('token', $item, ['accountId' => 2]));
+        $this->assertFalse($rule->execute('token', $item, ['accountId' => 1]));
+    }
+
+}
--- a/tests/codeception/common/unit/tasks/ClearOauthSessionsTest.php
+++ b/tests/codeception/common/unit/tasks/ClearOauthSessionsTest.php
@@ -0,0 +1,55 @@
+<?php
+namespace tests\codeception\common\unit\tasks;
+
+use common\models\OauthClient;
+use common\models\OauthSession;
+use common\tasks\ClearOauthSessions;
+use tests\codeception\common\fixtures;
+use tests\codeception\common\unit\TestCase;
+use yii\queue\Queue;
+
+class ClearOauthSessionsTest extends TestCase {
+
+    public function _fixtures() {
+        return [
+            'oauthClients' => fixtures\OauthClientFixture::class,
+            'oauthSessions' => fixtures\OauthSessionFixture::class,
+        ];
+    }
+
+    public function testCreateFromClient() {
+        $client = new OauthClient();
+        $client->id = 'mocked-id';
+
+        $result = ClearOauthSessions::createFromOauthClient($client);
+        $this->assertInstanceOf(ClearOauthSessions::class, $result);
+        $this->assertSame('mocked-id', $result->clientId);
+        $this->assertNull($result->notSince);
+
+        $result = ClearOauthSessions::createFromOauthClient($client, time());
+        $this->assertInstanceOf(ClearOauthSessions::class, $result);
+        $this->assertSame('mocked-id', $result->clientId);
+        $this->assertEquals(time(), $result->notSince, '', 1);
+    }
+
+    public function testExecute() {
+        $task = new ClearOauthSessions();
+        $task->clientId = 'deleted-oauth-client-with-sessions';
+        $task->notSince = 1519510065;
+        $task->execute(mock(Queue::class));
+
+        $this->assertFalse(OauthSession::find()->andWhere(['id' => 3])->exists());
+        $this->assertTrue(OauthSession::find()->andWhere(['id' => 4])->exists());
+
+        $task = new ClearOauthSessions();
+        $task->clientId = 'deleted-oauth-client-with-sessions';
+        $task->execute(mock(Queue::class));
+
+        $this->assertFalse(OauthSession::find()->andWhere(['id' => 4])->exists());
+
+        $task = new ClearOauthSessions();
+        $task->clientId = 'some-not-exists-client-id';
+        $task->execute(mock(Queue::class));
+    }
+
+}
--- a/tests/codeception/common/unit/validators/MinecraftServerAddressValidatorTest.php
+++ b/tests/codeception/common/unit/validators/MinecraftServerAddressValidatorTest.php
@@ -0,0 +1,33 @@
+<?php
+namespace tests\codeception\common\unit\validators;
+
+use common\validators\MinecraftServerAddressValidator;
+use tests\codeception\common\unit\TestCase;
+
+class MinecraftServerAddressValidatorTest extends TestCase {
+
+    /**
+     * @dataProvider domainNames
+     */
+    public function testValidate($address, $shouldBeValid) {
+        $validator = new MinecraftServerAddressValidator();
+        $validator->validate($address, $errors);
+        $this->assertEquals($shouldBeValid, $errors === null);
+    }
+
+    public function domainNames() {
+        return [
+            ['localhost',            true ],
+            ['localhost:25565',      true ],
+            ['mc.hypixel.net',       true ],
+            ['mc.hypixel.net:25565', true ],
+            ['136.243.88.97',        true ],
+            ['136.243.88.97:25565',  true ],
+            ['http://ely.by',        false],
+            ['http://ely.by:80',     false],
+            ['ely.by/abcd',          false],
+            ['ely.by?abcd',          false],
+        ];
+    }
+
+}