Implemented features to revoke access for previously authorized OAuth 2.0 clients

2025-05-31 14:11:46 +05:30 · 2020-09-30 20:30:04 +03:00
parent 2a4f29801d
commit b904d5d314
12 changed files with 240 additions and 34 deletions
--- a/common/models/OauthSession.php
+++ b/common/models/OauthSession.php
@@ -16,10 +16,14 @@ use yii\db\ActiveRecord;
 * @property array $scopes
 * @property int $created_at
 * @property int|null $revoked_at
+ * @property int $last_used_at
 *
 * Relations:
- * @property-read OauthClient $client
+ * @property-read OauthClient|null $client
 * @property-read Account $account
+ *
+ * Mixins:
+ * @mixin TimestampBehavior
 */
 class OauthSession extends ActiveRecord {

@@ -36,6 +40,10 @@ class OauthSession extends ActiveRecord {
        ];
    }

+    public function isRevoked(): bool {
+        return $this->revoked_at > $this->last_used_at;
+    }
+
    public function getClient(): ActiveQuery {
        return $this->hasOne(OauthClient::class, ['id' => 'client_id']);
    }
--- a/common/tests/fixtures/data/oauth-sessions.php
+++ b/common/tests/fixtures/data/oauth-sessions.php
@@ -7,6 +7,7 @@ return [
        'scopes' => null,
        'created_at' => 1479944472,
        'revoked_at' => null,
+        'last_used_at' => 1479944472,
    ],
    'revoked-tlauncher' => [
        'account_id' => 1,
@@ -15,6 +16,7 @@ return [
        'scopes' => null,
        'created_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
        'revoked_at' => Carbon\Carbon::create(2019, 8, 1, 1, 2, 0, 'Europe/Minsk')->unix(),
+        'last_used_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
    ],
    'revoked-minecraft-game-launchers' => [
        'account_id' => 1,
@@ -23,6 +25,7 @@ return [
        'scopes' => null,
        'created_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
        'revoked_at' => Carbon\Carbon::create(2019, 8, 1, 1, 2, 0, 'Europe/Minsk')->unix(),
+        'last_used_at' => Carbon\Carbon::create(2019, 8, 1, 0, 0, 0, 'Europe/Minsk')->unix(),
    ],
    'banned-account-session' => [
        'account_id' => 10,
@@ -31,6 +34,7 @@ return [
        'scopes' => null,
        'created_at' => 1481421663,
        'revoked_at' => null,
+        'last_used_at' => 1481421663,
    ],
    'deleted-client-session' => [
        'account_id' => 1,
@@ -39,6 +43,7 @@ return [
        'scopes' => null,
        'created_at' => 1519510065,
        'revoked_at' => null,
+        'last_used_at' => 1519510065,
    ],
    'actual-deleted-client-session' => [
        'account_id' => 2,
@@ -47,5 +52,6 @@ return [
        'scopes' => null,
        'created_at' => 1519511568,
        'revoked_at' => null,
+        'last_used_at' => 1519511568,
    ],
 ];