ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever.

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-09 19:31:54 +03:00
parent efb97a2006
commit ba7fad84a0
23 changed files with 231 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
api/modules/authserver/models/RefreshTokenForm.php
View File

@ -3,6 +3,7 @@ declare(strict_types=1);
namespace api\modules\authserver\models;
use api\components\Tokens\TokenReader;
use api\models\base\ApiForm;
use api\modules\authserver\exceptions\ForbiddenOperationException;
use api\modules\authserver\validators\AccessTokenValidator;
@ -49,16 +50,12 @@ class RefreshTokenForm extends ApiForm {
}
} else {
$token = Yii::$app->tokens->parse($this->accessToken);
$encodedClientToken = $token->getClaim('ely-client-token');
$clientToken = Yii::$app->tokens->decryptValue($encodedClientToken);
if ($clientToken !== $this->clientToken) {
$tokenReader = new TokenReader($token);
if ($tokenReader->getMinecraftClientToken() !== $this->clientToken) {
throw new ForbiddenOperationException('Invalid token.');
}
$accountClaim = $token->getClaim('sub');
$accountId = (int)explode('|', $accountClaim)[1];
$account = Account::findOne(['id' => $accountId]);
$account = Account::findOne(['id' => $tokenReader->getAccountId()]);
}
if ($account === null) {