Реализован функционал получения информации об аккауте после выполнения oAuth авторизации

This commit is contained in:
ErickSkrauch 2016-08-06 16:36:24 +03:00
parent 26b37c2f6b
commit a48c1432c6
15 changed files with 147 additions and 63 deletions

View File

@ -0,0 +1,8 @@
<?php
namespace api\components\ApiUser;
class AccessControl extends \yii\filters\AccessControl {
public $user = 'apiUser';
}

View File

@ -10,10 +10,14 @@ use yii\web\User as YiiUserComponent;
*/ */
class Component extends YiiUserComponent { class Component extends YiiUserComponent {
public $identity = Identity::class; public $identityClass = Identity::class;
public $enableSession = false; public $enableSession = false;
public $loginUrl = null; public $loginUrl = null;
public function getAccessChecker() {
return new AuthChecker();
}
} }

View File

@ -5,4 +5,6 @@ return [
'/accounts/change-email/confirm-new-email' => 'accounts/change-email-confirm-new-email', '/accounts/change-email/confirm-new-email' => 'accounts/change-email-confirm-new-email',
'/oauth2/v1/<action>' => 'oauth/<action>', '/oauth2/v1/<action>' => 'oauth/<action>',
'/account/v1/info' => 'identity-info/index',
]; ];

View File

@ -1,9 +1,9 @@
<?php <?php
namespace api\controllers; namespace api\controllers;
use common\models\OauthScope; use api\components\ApiUser\AccessControl;
use common\models\OauthScope as S;
use Yii; use Yii;
use yii\filters\AccessControl;
use yii\helpers\ArrayHelper; use yii\helpers\ArrayHelper;
class IdentityInfoController extends ApiController { class IdentityInfoController extends ApiController {
@ -16,7 +16,7 @@ class IdentityInfoController extends ApiController {
[ [
'actions' => ['index'], 'actions' => ['index'],
'allow' => true, 'allow' => true,
'roles' => ['@'], 'roles' => [S::ACCOUNT_INFO],
], ],
], ],
], ],
@ -28,12 +28,13 @@ class IdentityInfoController extends ApiController {
$response = [ $response = [
'id' => $account->id, 'id' => $account->id,
'uuid' => $account->uuid, 'uuid' => $account->uuid,
'username' => $account->username,
'registeredAt' => $account->created_at, 'registeredAt' => $account->created_at,
'profileLink' => $account->getProfileLink(), 'profileLink' => $account->getProfileLink(),
'preferredLanguage' => $account->lang, 'preferredLanguage' => $account->lang,
]; ];
if (Yii::$app->apiUser->can(OauthScope::ACCOUNT_EMAIL)) { if (Yii::$app->apiUser->can(S::ACCOUNT_EMAIL)) {
$response['email'] = $account->email; $response['email'] = $account->email;
} }

View File

@ -11,6 +11,7 @@ class OauthScope extends ActiveRecord {
const OFFLINE_ACCESS = 'offline_access'; const OFFLINE_ACCESS = 'offline_access';
const MINECRAFT_SERVER_SESSION = 'minecraft_server_session'; const MINECRAFT_SERVER_SESSION = 'minecraft_server_session';
const ACCOUNT_INFO = 'account_info';
const ACCOUNT_EMAIL = 'account_email'; const ACCOUNT_EMAIL = 'account_email';
public static function tableName() { public static function tableName() {

View File

@ -0,0 +1,18 @@
<?php
use console\db\Migration;
class m160803_185857_account_permissions extends Migration {
public function safeUp() {
$this->batchInsert('{{%oauth_scopes}}', ['id'], [
['account_info'],
['account_email'],
]);
}
public function safeDown() {
$this->delete('{{%oauth_scopes}}', ['id' => ['account_info', 'account_email']]);
}
}

View File

@ -1,15 +0,0 @@
<?php
use console\db\Migration;
class m160803_185857_permission_email_access extends Migration {
public function safeUp() {
$this->insert('{{%oauth_scopes}}', ['id' => 'account_email']);
}
public function safeDown() {
$this->delete('{{%oauth_scopes}}', ['id' => 'account_email']);
}
}

View File

@ -0,0 +1,16 @@
<?php
namespace tests\codeception\api\_pages;
use yii\codeception\BasePage;
/**
* @property \tests\codeception\api\FunctionalTester $actor
*/
class IdentityInfoRoute extends BasePage {
public function info() {
$this->route = ['identity-info/index'];
$this->actor->sendGET($this->getUrl());
}
}

View File

@ -0,0 +1,66 @@
<?php
namespace codeception\api\functional;
use common\models\OauthScope as S;
use tests\codeception\api\_pages\IdentityInfoRoute;
use tests\codeception\api\functional\_steps\OauthSteps;
use tests\codeception\api\FunctionalTester;
class IdentityInfoCest {
/**
* @var IdentityInfoRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new IdentityInfoRoute($I);
}
public function testGetErrorIfNotEnoughPerms(OauthSteps $I) {
$accessToken = $I->getAccessToken();
$I->amBearerAuthenticated($accessToken);
$this->route->info();
$I->canSeeResponseCodeIs(403);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'name' => 'Forbidden',
'status' => 403,
]);
}
public function testGetInfo(OauthSteps $I) {
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO]);
$I->amBearerAuthenticated($accessToken);
$this->route->info();
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'id' => 1,
'uuid' => 'df936908-b2e1-544d-96f8-2977ec213022',
'username' => 'Admin',
'registeredAt' => 1451775316,
'profileLink' => 'http://ely.by/u1',
'preferredLanguage' => 'en',
]);
$I->cantSeeResponseJsonMatchesJsonPath('$.email');
}
public function testGetInfoWithEmail(OauthSteps $I) {
$accessToken = $I->getAccessToken([S::ACCOUNT_INFO, S::ACCOUNT_EMAIL]);
$I->amBearerAuthenticated($accessToken);
$this->route->info();
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'id' => 1,
'uuid' => 'df936908-b2e1-544d-96f8-2977ec213022',
'username' => 'Admin',
'registeredAt' => 1451775316,
'profileLink' => 'http://ely.by/u1',
'preferredLanguage' => 'en',
'email' => 'admin@ely.by',
]);
}
}

View File

@ -1,9 +1,9 @@
<?php <?php
namespace tests\codeception\api; namespace tests\codeception\api;
use common\models\OauthScope as S;
use tests\codeception\api\_pages\OauthRoute; use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\functional\_steps\OauthSteps; use tests\codeception\api\functional\_steps\OauthSteps;
use Yii;
class OauthAccessTokenCest { class OauthAccessTokenCest {
@ -55,7 +55,7 @@ class OauthAccessTokenCest {
} }
public function testIssueTokenWithRefreshToken(OauthSteps $I) { public function testIssueTokenWithRefreshToken(OauthSteps $I) {
$authCode = $I->getAuthCode(false); $authCode = $I->getAuthCode([S::OFFLINE_ACCESS]);
$this->route->issueToken($this->buildParams( $this->route->issueToken($this->buildParams(
$authCode, $authCode,
'ely', 'ely',

View File

@ -1,10 +1,9 @@
<?php <?php
namespace tests\codeception\api; namespace tests\codeception\api;
use common\models\OauthScope; use common\models\OauthScope as S;
use tests\codeception\api\_pages\OauthRoute; use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\functional\_steps\OauthSteps; use tests\codeception\api\functional\_steps\OauthSteps;
use Yii;
class OauthRefreshTokenCest { class OauthRefreshTokenCest {
@ -35,12 +34,12 @@ class OauthRefreshTokenCest {
} }
public function testRefreshTokenWithSameScopes(OauthSteps $I) { public function testRefreshTokenWithSameScopes(OauthSteps $I) {
$refreshToken = $I->getRefreshToken(); $refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
$this->route->issueToken($this->buildParams( $this->route->issueToken($this->buildParams(
$refreshToken, $refreshToken,
'ely', 'ely',
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM', 'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
[OauthScope::MINECRAFT_SERVER_SESSION, OauthScope::OFFLINE_ACCESS] [S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS]
)); ));
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
@ -53,12 +52,12 @@ class OauthRefreshTokenCest {
} }
public function testRefreshTokenWithNewScopes(OauthSteps $I) { public function testRefreshTokenWithNewScopes(OauthSteps $I) {
$refreshToken = $I->getRefreshToken(); $refreshToken = $I->getRefreshToken([S::MINECRAFT_SERVER_SESSION]);
$this->route->issueToken($this->buildParams( $this->route->issueToken($this->buildParams(
$refreshToken, $refreshToken,
'ely', 'ely',
'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM', 'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
[OauthScope::MINECRAFT_SERVER_SESSION, OauthScope::OFFLINE_ACCESS, 'change_skin'] [S::MINECRAFT_SERVER_SESSION, S::OFFLINE_ACCESS, S::ACCOUNT_EMAIL]
)); ));
$I->canSeeResponseCodeIs(400); $I->canSeeResponseCodeIs(400);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();

View File

@ -1,11 +1,12 @@
<?php <?php
namespace tests\codeception\api\functional\_steps; namespace tests\codeception\api\functional\_steps;
use common\models\OauthScope as S;
use tests\codeception\api\_pages\OauthRoute; use tests\codeception\api\_pages\OauthRoute;
class OauthSteps extends \tests\codeception\api\FunctionalTester { class OauthSteps extends \tests\codeception\api\FunctionalTester {
public function getAuthCode($online = true) { public function getAuthCode(array $permissions = []) {
// TODO: по идее можно напрямую сделать зпись в базу, что ускорит процесс тестирования // TODO: по идее можно напрямую сделать зпись в базу, что ускорит процесс тестирования
$this->loggedInAsActiveAccount(); $this->loggedInAsActiveAccount();
$route = new OauthRoute($this); $route = new OauthRoute($this);
@ -13,7 +14,7 @@ class OauthSteps extends \tests\codeception\api\FunctionalTester {
'client_id' => 'ely', 'client_id' => 'ely',
'redirect_uri' => 'http://ely.by', 'redirect_uri' => 'http://ely.by',
'response_type' => 'code', 'response_type' => 'code',
'scope' => 'minecraft_server_session' . ($online ? '' : ',offline_access'), 'scope' => implode(',', $permissions),
], ['accept' => true]); ], ['accept' => true]);
$this->canSeeResponseJsonMatchesJsonPath('$.redirectUri'); $this->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
$response = json_decode($this->grabResponse(), true); $response = json_decode($this->grabResponse(), true);
@ -22,9 +23,22 @@ class OauthSteps extends \tests\codeception\api\FunctionalTester {
return $matches[1]; return $matches[1];
} }
public function getRefreshToken() { public function getAccessToken(array $permissions = []) {
$authCode = $this->getAuthCode($permissions);
$response = $this->issueToken($authCode);
return $response['access_token'];
}
public function getRefreshToken(array $permissions = []) {
// TODO: по идее можно напрямую сделать зпись в базу, что ускорит процесс тестирования // TODO: по идее можно напрямую сделать зпись в базу, что ускорит процесс тестирования
$authCode = $this->getAuthCode(false); $authCode = $this->getAuthCode(array_merge([S::OFFLINE_ACCESS], $permissions));
$response = $this->issueToken($authCode);
return $response['refresh_token'];
}
public function issueToken($authCode) {
$route = new OauthRoute($this); $route = new OauthRoute($this);
$route->issueToken([ $route->issueToken([
'code' => $authCode, 'code' => $authCode,
@ -34,9 +48,7 @@ class OauthSteps extends \tests\codeception\api\FunctionalTester {
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
]); ]);
$response = json_decode($this->grabResponse(), true); return json_decode($this->grabResponse(), true);
return $response['refresh_token'];
} }
} }

View File

@ -7,7 +7,6 @@ use tests\codeception\common\fixtures\AccountFixture;
use tests\codeception\common\fixtures\AccountSessionFixture; use tests\codeception\common\fixtures\AccountSessionFixture;
use tests\codeception\common\fixtures\EmailActivationFixture; use tests\codeception\common\fixtures\EmailActivationFixture;
use tests\codeception\common\fixtures\OauthClientFixture; use tests\codeception\common\fixtures\OauthClientFixture;
use tests\codeception\common\fixtures\OauthScopeFixture;
use tests\codeception\common\fixtures\OauthSessionFixture; use tests\codeception\common\fixtures\OauthSessionFixture;
use tests\codeception\common\fixtures\UsernameHistoryFixture; use tests\codeception\common\fixtures\UsernameHistoryFixture;
use yii\test\FixtureTrait; use yii\test\FixtureTrait;
@ -56,10 +55,6 @@ class FixtureHelper extends Module {
'class' => OauthClientFixture::class, 'class' => OauthClientFixture::class,
'dataFile' => '@tests/codeception/common/fixtures/data/oauth-clients.php', 'dataFile' => '@tests/codeception/common/fixtures/data/oauth-clients.php',
], ],
'oauthScopes' => [
'class' => OauthScopeFixture::class,
'dataFile' => '@tests/codeception/common/fixtures/data/oauth-scopes.php',
],
'oauthSessions' => [ 'oauthSessions' => [
'class' => OauthSessionFixture::class, 'class' => OauthSessionFixture::class,
'dataFile' => '@tests/codeception/common/fixtures/data/oauth-sessions.php', 'dataFile' => '@tests/codeception/common/fixtures/data/oauth-sessions.php',

View File

@ -1,11 +0,0 @@
<?php
namespace tests\codeception\common\fixtures;
use common\models\OauthScope;
use yii\test\ActiveFixture;
class OauthScopeFixture extends ActiveFixture {
public $modelClass = OauthScope::class;
}

View File

@ -1,12 +0,0 @@
<?php
return [
'minecraft_server_session' => [
'id' => 'minecraft_server_session',
],
'change_skin' => [
'id' => 'change_skin',
],
'offline_access' => [
'id' => 'offline_access',
],
];