ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop'

Browse Source
This commit is contained in:
ErickSkrauch
2018-03-18 16:10:36 +03:00
parent d1506734ab f3f53e752d
commit bb4e3c56cf
68 changed files with 7423 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -3,7 +3,6 @@
# Composer
/vendor
/composer.lock
# Mac DS_Store Files
.DS_Store

22
.gitlab-ci.yml
View File

@@ -7,7 +7,7 @@ variables:
CONTAINER_IMAGE: "registry.ely.by/elyby/accounts"
test:backend:
image: docker:latest
image: docker:18.02
services:
- mariadb:10.2.11
- redis:3.0-alpine
@@ -59,12 +59,24 @@ test:frontend:
- yarn test
build:production:
image: docker:latest
image: docker:18.02
stage: build
variables:
GA_ID: "UA-45299905-3"
SENTRY_CDN: "https://088e7718236a4f91937a81fb319a93f6@sentry.ely.by/2"
before_script:
- docker login -u gitlab-ci -p $CI_BUILD_TOKEN registry.ely.by
- export VERSION="${CI_COMMIT_TAG:-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA:0:7}}"
- echo "$SSH_PRIVATE_KEY" > id_rsa
- echo "$FRONTEND_ENV_CONFIG" > frontend/config/env.js
- |
echo "
module.exports = {
version: '$VERSION',
ga: {id: '$GA_ID'},
sentryCdn: '$SENTRY_CDN',
};
" > frontend/config/env.js
- sed -i"" -e "s/{{PLACE_VERSION_HERE}}/$VERSION/g" common/config/config.php
script:
- export IMAGE_NAME="$CONTAINER_IMAGE:latest"
- docker build --pull -t $IMAGE_NAME .
@@ -73,7 +85,7 @@ build:production:
- tags
release:latest:
image: docker:latest
image: docker:18.02
stage: release
variables:
GIT_STRATEGY: none
@@ -86,7 +98,7 @@ release:latest:
- tags
release:tag:
image: docker:latest
image: docker:18.02
stage: release
variables:
GIT_STRATEGY: none

7
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM registry.ely.by/elyby/accounts-php:1.6.0
FROM registry.ely.by/elyby/accounts-php:1.7.0
# bootstrap скрипт для проекта
COPY docker/php/bootstrap.sh /bootstrap.sh
@@ -15,9 +15,10 @@ RUN chmod 400 ~/.ssh/id_rsa \
&& touch /root/.ssh/known_hosts \
&& ssh-keyscan github.com gitlab.ely.by >> /root/.ssh/known_hosts
# Копируем composer.json в родительскую директорию, которая не будет синкаться с хостом через
# volume на dev окружении. В entrypoint эта папка будет скопирована обратно.
# Копируем списки зависимостей composer в родительскую директорию, которая не будет синкаться
# с хостом через volume на dev окружении. В entrypoint эта папка будет скопирована обратно
COPY ./composer.json /var/www/composer.json
COPY ./composer.lock /var/www/composer.lock
# Устанавливаем зависимости PHP
RUN cd .. \

7
Dockerfile-dev
View File

@@ -1,4 +1,4 @@
FROM registry.ely.by/elyby/accounts-php:1.6.0-dev
FROM registry.ely.by/elyby/accounts-php:1.7.0-dev
# bootstrap скрипт для проекта
COPY docker/php/bootstrap.sh /bootstrap.sh
@@ -15,9 +15,10 @@ RUN chmod 400 ~/.ssh/id_rsa \
&& touch /root/.ssh/known_hosts \
&& ssh-keyscan github.com gitlab.ely.by >> /root/.ssh/known_hosts
# Копируем composer.json в родительскую директорию, которая не будет синкаться с хостом через
# volume на dev окружении. В entrypoint эта папка будет скопирована обратно.
# Копируем списки зависимостей composer в родительскую директорию, которая не будет синкаться
# с хостом через volume на dev окружении. В entrypoint эта папка будет скопирована обратно
COPY ./composer.json /var/www/composer.json
COPY ./composer.lock /var/www/composer.lock
# Устанавливаем зависимости PHP
RUN cd .. \

17
api/components/OAuth2/Storage/ClientStorage.php
View File

@@ -18,14 +18,12 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
* @inheritdoc
*/
public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null) {
$query = OauthClient::find()->andWhere(['id' => $clientId]);
if ($clientSecret !== null) {
$query->andWhere(['secret' => $clientSecret]);
$model = $this->findClient($clientId);
if ($model === null) {
return null;
}
/** @var OauthClient|null $model */
$model = $query->one();
if ($model === null) {
if ($clientSecret !== null && $clientSecret !== $model->secret) {
return null;
}
@@ -60,8 +58,7 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
throw new \ErrorException('This module assumes that $session typeof ' . SessionEntity::class);
}
/** @var OauthClient|null $model */
$model = OauthClient::findOne($session->getClientId());
$model = $this->findClient($session->getClientId());
if ($model === null) {
return null;
}
@@ -80,4 +77,8 @@ class ClientStorage extends AbstractStorage implements ClientInterface {
return $entity;
}
private function findClient(string $clientId): ?OauthClient {
return OauthClient::findOne($clientId);
}
}

2
api/components/ReCaptcha/Validator.php
View File

@@ -12,7 +12,7 @@ use yii\di\Instance;
class Validator extends \yii\validators\Validator {
private const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';
private const SITE_VERIFY_URL = 'https://recaptcha.net/recaptcha/api/siteverify';
private const REPEAT_LIMIT = 3;
private const REPEAT_TIMEOUT = 1;

1
api/config/config.php
View File

@@ -86,5 +86,6 @@ return [
'mojang' => api\modules\mojang\Module::class,
'internal' => api\modules\internal\Module::class,
'accounts' => api\modules\accounts\Module::class,
'oauth' => api\modules\oauth\Module::class,
],
];

16
api/config/routes.php
View File

@@ -3,8 +3,17 @@
* @var array $params
*/
return [
'/oauth2/v1/<action>' => 'oauth/<action>',
// Oauth module routes
'/oauth2/v1/<action>' => 'oauth/authorization/<action>',
'POST /v1/oauth2/<type>' => 'oauth/clients/create',
'GET /v1/oauth2/<clientId>' => 'oauth/clients/get',
'PUT /v1/oauth2/<clientId>' => 'oauth/clients/update',
'DELETE /v1/oauth2/<clientId>' => 'oauth/clients/delete',
'POST /v1/oauth2/<clientId>/reset' => 'oauth/clients/reset',
'GET /v1/accounts/<accountId:\d+>/oauth2/clients' => 'oauth/clients/get-per-account',
'/account/v1/info' => 'oauth/identity/index',
// Accounts module routes
'GET /v1/accounts/<id:\d+>' => 'accounts/default/get',
'GET /v1/accounts/<id:\d+>/two-factor-auth' => 'accounts/default/get-two-factor-auth-credentials',
'POST /v1/accounts/<id:\d+>/two-factor-auth' => 'accounts/default/enable-two-factor-auth',
@@ -13,6 +22,7 @@ return [
'DELETE /v1/accounts/<id:\d+>/ban' => 'accounts/default/pardon',
'/v1/accounts/<id:\d+>/<action>' => 'accounts/default/<action>',
// Legacy accounts endpoints. It should be removed after frontend will be updated.
'GET /accounts/current' => 'accounts/default/get',
'POST /accounts/change-username' => 'accounts/default/username',
'POST /accounts/change-password' => 'accounts/default/password',
@@ -25,14 +35,14 @@ return [
'DELETE /two-factor-auth' => 'accounts/default/disable-two-factor-auth',
'POST /accounts/change-lang' => 'accounts/default/language',
'/account/v1/info' => 'identity-info/index',
// Session server module routes
'/minecraft/session/join' => 'session/session/join',
'/minecraft/session/legacy/join' => 'session/session/join-legacy',
'/minecraft/session/hasJoined' => 'session/session/has-joined',
'/minecraft/session/legacy/hasJoined' => 'session/session/has-joined-legacy',
'/minecraft/session/profile/<uuid>' => 'session/session/profile',
// Mojang API module routes
'/mojang/profiles/<username>' => 'mojang/api/uuid-by-username',
'/mojang/profiles/<uuid>/names' => 'mojang/api/usernames-by-uuid',
'POST /mojang/profiles' => 'mojang/api/uuids-by-usernames',

1
api/modules/accounts/actions/BaseAccountAction.php
View File

@@ -9,7 +9,6 @@ use yii\web\NotFoundHttpException;
abstract class BaseAccountAction extends Action {
// TODO: вернуть final модификатор метода после того, как в GoAOP добавят поддержку аспектов для final методов
public function run(int $id): array {
$className = $this->getFormClassName();
/** @var AccountActionForm $model */

10
api/modules/oauth/Module.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
namespace api\modules\oauth;
use yii\base\Module as BaseModule;
class Module extends BaseModule {
public $id = 'oauth';
}

9
api/controllers/OauthController.php → api/modules/oauth/controllers/AuthorizationController.php
View File

@@ -1,16 +1,17 @@
<?php
namespace api\controllers;
namespace api\modules\oauth\controllers;
use api\models\OauthProcess;
use api\controllers\Controller;
use api\modules\oauth\models\OauthProcess;
use common\rbac\Permissions as P;
use Yii;
use yii\filters\AccessControl;
use yii\helpers\ArrayHelper;
class OauthController extends Controller {
class AuthorizationController extends Controller {
public function behaviors(): array {
return ArrayHelper::merge(parent::behaviors(), [
return ArrayHelper::merge(Controller::behaviors(), [
'authenticator' => [
'only' => ['complete'],
],

192
api/modules/oauth/controllers/ClientsController.php Normal file
View File

@@ -0,0 +1,192 @@
<?php
namespace api\modules\oauth\controllers;
use api\controllers\Controller;
use api\exceptions\ThisShouldNotHappenException;
use api\modules\oauth\exceptions\UnsupportedOauthClientType;
use api\modules\oauth\models\OauthClientForm;
use api\modules\oauth\models\OauthClientFormFactory;
use api\modules\oauth\models\OauthClientTypeForm;
use common\models\Account;
use common\models\OauthClient;
use common\rbac\Permissions as P;
use Yii;
use yii\filters\AccessControl;
use yii\helpers\ArrayHelper;
use yii\web\NotFoundHttpException;
class ClientsController extends Controller {
public function behaviors(): array {
return ArrayHelper::merge(parent::behaviors(), [
'access' => [
'class' => AccessControl::class,
'rules' => [
[
'actions' => ['create'],
'allow' => true,
'permissions' => [P::CREATE_OAUTH_CLIENTS],
],
[
'actions' => ['update', 'delete', 'reset'],
'allow' => true,
'permissions' => [P::MANAGE_OAUTH_CLIENTS],
'roleParams' => function() {
return [
'clientId' => Yii::$app->request->get('clientId'),
];
},
],
[
'actions' => ['get'],
'allow' => true,
'permissions' => [P::VIEW_OAUTH_CLIENTS],
'roleParams' => function() {
return [
'clientId' => Yii::$app->request->get('clientId'),
];
},
],
[
'actions' => ['get-per-account'],
'allow' => true,
'permissions' => [P::VIEW_OAUTH_CLIENTS],
'roleParams' => function() {
return [
'accountId' => Yii::$app->request->get('accountId'),
];
},
],
],
],
]);
}
public function actionGet(string $clientId): array {
return $this->formatClient($this->findOauthClient($clientId));
}
public function actionCreate(string $type): array {
$account = Yii::$app->user->identity->getAccount();
if ($account === null) {
throw new ThisShouldNotHappenException('This form should not to be executed without associated account');
}
$client = new OauthClient();
$client->account_id = $account->id;
$client->type = $type;
$requestModel = $this->createForm($client);
$requestModel->load(Yii::$app->request->post());
$form = new OauthClientForm($client);
if (!$form->save($requestModel)) {
return [
'success' => false,
'errors' => $requestModel->getValidationErrors(),
];
}
return [
'success' => true,
'data' => $this->formatClient($client),
];
}
public function actionUpdate(string $clientId): array {
$client = $this->findOauthClient($clientId);
$requestModel = $this->createForm($client);
$requestModel->load(Yii::$app->request->post());
$form = new OauthClientForm($client);
if (!$form->save($requestModel)) {
return [
'success' => false,
'errors' => $requestModel->getValidationErrors(),
];
}
return [
'success' => true,
'data' => $this->formatClient($client),
];
}
public function actionDelete(string $clientId): array {
$client = $this->findOauthClient($clientId);
(new OauthClientForm($client))->delete();
return [
'success' => true,
];
}
public function actionReset(string $clientId, string $regenerateSecret = null): array {
$client = $this->findOauthClient($clientId);
$form = new OauthClientForm($client);
$form->reset($regenerateSecret !== null);
return [
'success' => true,
'data' => $this->formatClient($client),
];
}
public function actionGetPerAccount(int $accountId): array {
/** @var Account|null $account */
$account = Account::findOne(['id' => $accountId]);
if ($account === null) {
throw new NotFoundHttpException();
}
$clients = $account->oauthClients;
$result = array_map(function(OauthClient $client) {
return $this->formatClient($client);
}, $clients);
return $result;
}
private function formatClient(OauthClient $client): array {
$result = [
'clientId' => $client->id,
'clientSecret' => $client->secret,
'type' => $client->type,
'name' => $client->name,
'websiteUrl' => $client->website_url,
'createdAt' => $client->created_at,
'countUsers' => (int)$client->getSessions()->count(),
];
switch ($client->type) {
case OauthClient::TYPE_APPLICATION:
$result['description'] = $client->description;
$result['redirectUri'] = $client->redirect_uri;
break;
case OauthClient::TYPE_MINECRAFT_SERVER:
$result['minecraftServerIp'] = $client->minecraft_server_ip;
break;
}
return $result;
}
private function createForm(OauthClient $client): OauthClientTypeForm {
try {
$model = OauthClientFormFactory::create($client);
} catch (UnsupportedOauthClientType $e) {
Yii::warning('Someone tried use ' . $client->type . ' type of oauth form.');
throw new NotFoundHttpException(null, 0, $e);
}
return $model;
}
private function findOauthClient(string $clientId): OauthClient {
/** @var OauthClient|null $client */
$client = OauthClient::findOne($clientId);
if ($client === null) {
throw new NotFoundHttpException();
}
return $client;
}
}

11
api/controllers/IdentityInfoController.php → api/modules/oauth/controllers/IdentityController.php
View File

@@ -1,16 +1,17 @@
<?php
namespace api\controllers;
namespace api\modules\oauth\controllers;
use api\models\OauthAccountInfo;
use api\controllers\Controller;
use api\modules\oauth\models\IdentityInfo;
use common\rbac\Permissions as P;
use Yii;
use yii\filters\AccessControl;
use yii\helpers\ArrayHelper;
class IdentityInfoController extends Controller {
class IdentityController extends Controller {
public function behaviors(): array {
return ArrayHelper::merge(parent::behaviors(), [
return ArrayHelper::merge(Controller::behaviors(), [
'access' => [
'class' => AccessControl::class,
'rules' => [
@@ -32,7 +33,7 @@ class IdentityInfoController extends Controller {
public function actionIndex(): array {
/** @noinspection NullPointerExceptionInspection */
return (new OauthAccountInfo(Yii::$app->user->getIdentity()->getAccount()))->info();
return (new IdentityInfo(Yii::$app->user->getIdentity()->getAccount()))->info();
}
}

8
api/modules/oauth/exceptions/InvalidOauthClientState.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
namespace api\modules\oauth\exceptions;
use yii\base\Exception;
class InvalidOauthClientState extends Exception implements OauthException {
}

7
api/modules/oauth/exceptions/OauthException.php Normal file
View File

@@ -0,0 +1,7 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\exceptions;
interface OauthException {
}

23
api/modules/oauth/exceptions/UnsupportedOauthClientType.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
namespace api\modules\oauth\exceptions;
use Throwable;
use yii\base\Exception;
class UnsupportedOauthClientType extends Exception implements OauthException {
/**
* @var string
*/
private $type;
public function __construct(string $type, int $code = 0, Throwable $previous = null) {
parent::__construct('Unsupported oauth client type', $code, $previous);
$this->type = $type;
}
public function getType(): string {
return $this->type;
}
}

30
api/modules/oauth/models/ApplicationType.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use common\helpers\Error as E;
use common\models\OauthClient;
use yii\helpers\ArrayHelper;
class ApplicationType extends BaseOauthClientType {
public $description;
public $redirectUri;
public function rules(): array {
return ArrayHelper::merge(parent::rules(), [
['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED],
['redirectUri', 'url', 'validSchemes' => ['[\w]+'], 'message' => E::REDIRECT_URI_INVALID],
['description', 'string'],
]);
}
public function applyToClient(OauthClient $client): void {
parent::applyToClient($client);
$client->description = $this->description;
$client->redirect_uri = $this->redirectUri;
}
}

40
api/modules/oauth/models/BaseOauthClientType.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use api\models\base\ApiForm;
use common\helpers\Error as E;
use common\models\OauthClient;
abstract class BaseOauthClientType extends ApiForm implements OauthClientTypeForm {
public $name;
public $websiteUrl;
public function rules(): array {
return [
['name', 'required', 'message' => E::NAME_REQUIRED],
['websiteUrl', 'url', 'message' => E::WEBSITE_URL_INVALID],
];
}
public function load($data, $formName = null): bool {
return parent::load($data, $formName);
}
public function validate($attributeNames = null, $clearErrors = true): bool {
return parent::validate($attributeNames, $clearErrors);
}
public function getValidationErrors(): array {
return $this->getFirstErrors();
}
public function applyToClient(OauthClient $client): void {
$client->name = $this->name;
$client->website_url = $this->websiteUrl;
}
}

6
api/models/OauthAccountInfo.php → api/modules/oauth/models/IdentityInfo.php
View File

@@ -1,11 +1,13 @@
<?php
namespace api\models;
declare(strict_types=1);
namespace api\modules\oauth\models;
use api\models\base\BaseAccountForm;
use api\modules\accounts\models\AccountInfo;
use common\models\Account;
class OauthAccountInfo extends BaseAccountForm {
class IdentityInfo extends BaseAccountForm {
private $model;

26
api/modules/oauth/models/MinecraftServerType.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use common\helpers\Error as E;
use common\models\OauthClient;
use common\validators\MinecraftServerAddressValidator;
use yii\helpers\ArrayHelper;
class MinecraftServerType extends BaseOauthClientType {
public $minecraftServerIp;
public function rules(): array {
return ArrayHelper::merge(parent::rules(), [
['minecraftServerIp', MinecraftServerAddressValidator::class, 'message' => E::MINECRAFT_SERVER_IP_INVALID],
]);
}
public function applyToClient(OauthClient $client): void {
parent::applyToClient($client);
$client->minecraft_server_ip = $this->minecraftServerIp;
}
}

96
api/modules/oauth/models/OauthClientForm.php Normal file
View File

@@ -0,0 +1,96 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use api\exceptions\ThisShouldNotHappenException;
use api\modules\oauth\exceptions\InvalidOauthClientState;
use common\models\OauthClient;
use common\tasks\ClearOauthSessions;
use Yii;
use yii\helpers\Inflector;
class OauthClientForm {
/**
* @var OauthClient
*/
private $client;
public function __construct(OauthClient $client) {
if ($client->type === null) {
throw new InvalidOauthClientState('client\'s type field must be set');
}
$this->client = $client;
}
public function getClient(): OauthClient {
return $this->client;
}
public function save(OauthClientTypeForm $form): bool {
if (!$form->validate()) {
return false;
}
$client = $this->getClient();
$form->applyToClient($client);
if ($client->isNewRecord) {
$baseId = $id = substr(Inflector::slug($client->name), 0, 250);
$i = 0;
while ($this->isClientExists($id)) {
$id = $baseId . ++$i;
}
$client->id = $id;
$client->generateSecret();
}
if (!$client->save()) {
throw new ThisShouldNotHappenException('Cannot save oauth client');
}
return true;
}
public function delete(): bool {
$transaction = Yii::$app->db->beginTransaction();
$client = $this->client;
$client->is_deleted = true;
if (!$client->save()) {
throw new ThisShouldNotHappenException('Cannot update oauth client');
}
Yii::$app->queue->push(ClearOauthSessions::createFromOauthClient($client));
$transaction->commit();
return true;
}
public function reset(bool $regenerateSecret = false): bool {
$transaction = Yii::$app->db->beginTransaction();
$client = $this->client;
if ($regenerateSecret) {
$client->generateSecret();
if (!$client->save()) {
throw new ThisShouldNotHappenException('Cannot update oauth client');
}
}
Yii::$app->queue->push(ClearOauthSessions::createFromOauthClient($client, time()));
$transaction->commit();
return true;
}
protected function isClientExists(string $id): bool {
return OauthClient::find()->andWhere(['id' => $id])->exists();
}
}

37
api/modules/oauth/models/OauthClientFormFactory.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use api\modules\oauth\exceptions\UnsupportedOauthClientType;
use common\models\OauthClient;
class OauthClientFormFactory {
/**
* @param OauthClient $client
*
* @return OauthClientTypeForm
* @throws UnsupportedOauthClientType
*/
public static function create(OauthClient $client): OauthClientTypeForm {
switch ($client->type) {
case OauthClient::TYPE_APPLICATION:
return new ApplicationType([
'name' => $client->name,
'websiteUrl' => $client->website_url,
'description' => $client->description,
'redirectUri' => $client->redirect_uri,
]);
case OauthClient::TYPE_MINECRAFT_SERVER:
return new MinecraftServerType([
'name' => $client->name,
'websiteUrl' => $client->website_url,
'minecraftServerIp' => $client->minecraft_server_ip,
]);
}
throw new UnsupportedOauthClientType($client->type);
}
}

18
api/modules/oauth/models/OauthClientTypeForm.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use common\models\OauthClient;
interface OauthClientTypeForm {
public function load($data): bool;
public function validate(): bool;
public function getValidationErrors(): array;
public function applyToClient(OauthClient $client): void;
}

13
api/models/OauthProcess.php → api/modules/oauth/models/OauthProcess.php
View File

@@ -1,5 +1,5 @@
<?php
namespace api\models;
namespace api\modules\oauth\models;
use api\components\OAuth2\Exception\AcceptRequiredException;
use api\components\OAuth2\Exception\AccessDeniedException;
@@ -52,8 +52,8 @@ class OauthProcess {
try {
$authParams = $this->getAuthorizationCodeGrant()->checkAuthorizeParams();
$client = $authParams->getClient();
/** @var \common\models\OauthClient $clientModel */
$clientModel = OauthClient::findOne($client->getId());
/** @var OauthClient $clientModel */
$clientModel = $this->findClient($client->getId());
$response = $this->buildSuccessResponse(
Yii::$app->request->getQueryParams(),
$clientModel,
@@ -90,9 +90,10 @@ class OauthProcess {
Yii::$app->statsd->inc('oauth.complete.attempt');
$grant = $this->getAuthorizationCodeGrant();
$authParams = $grant->checkAuthorizeParams();
/** @var Account $account */
$account = Yii::$app->user->identity->getAccount();
/** @var \common\models\OauthClient $clientModel */
$clientModel = OauthClient::findOne($authParams->getClient()->getId());
$clientModel = $this->findClient($authParams->getClient()->getId());
if (!$this->canAutoApprove($account, $clientModel, $authParams)) {
Yii::$app->statsd->inc('oauth.complete.approve_required');
@@ -164,6 +165,10 @@ class OauthProcess {
return $response;
}
private function findClient(string $clientId): ?OauthClient {
return OauthClient::findOne($clientId);
}
/**
* Метод проверяет, может ли текущий пользователь быть автоматически авторизован
* для указанного клиента без запроса доступа к необходимому списку прав

2
api/modules/session/filters/RateLimiter.php
View File

@@ -85,7 +85,7 @@ class RateLimiter extends \yii\filters\RateLimiter {
}
if ($this->server === null) {
/** @var OauthClient $server */
/** @var OauthClient|null $server */
$this->server = OauthClient::findOne($serverId);
// TODO: убедится, что это сервер
if ($this->server === null) {

2
common/config/config.php
View File

@@ -1,6 +1,6 @@
<?php
return [
'version' => '1.1.24',
'version' => '{{PLACE_VERSION_HERE}}', // This will be replaced by build tool
'vendorPath' => dirname(__DIR__, 2) . '/vendor',
'components' => [
'cache' => [

9
common/helpers/Error.php
View File

@@ -60,4 +60,13 @@ final class Error {
const OTP_ALREADY_ENABLED = 'error.otp_already_enabled';
const OTP_NOT_ENABLED = 'error.otp_not_enabled';
const NAME_REQUIRED = 'error.name_required';
const REDIRECT_URI_REQUIRED = 'error.redirectUri_required';
const REDIRECT_URI_INVALID = 'error.redirectUri_invalid';
const WEBSITE_URL_INVALID = 'error.websiteUrl_invalid';
const MINECRAFT_SERVER_IP_INVALID = 'error.minecraftServerIp_invalid';
}

6
common/models/Account.php
View File

@@ -34,6 +34,7 @@ use const common\LATEST_RULES_VERSION;
* Отношения:
* @property EmailActivation[] $emailActivations
* @property OauthSession[] $oauthSessions
* @property OauthClient[] $oauthClients
* @property UsernameHistory[] $usernameHistory
* @property AccountSession[] $sessions
* @property MinecraftAccessKey[] $minecraftAccessKeys
@@ -93,6 +94,11 @@ class Account extends ActiveRecord {
return $this->hasMany(OauthSession::class, ['owner_id' => 'id'])->andWhere(['owner_type' => 'user']);
}
public function getOauthClients(): OauthClientQuery {
/** @noinspection PhpIncompatibleReturnTypeInspection */
return $this->hasMany(OauthClient::class, ['account_id' => 'id']);
}
public function getUsernameHistory(): ActiveQuery {
return $this->hasMany(UsernameHistory::class, ['account_id' => 'id']);
}

40
common/models/OauthClient.php
View File

@@ -1,48 +1,62 @@
<?php
namespace common\models;
use Yii;
use yii\behaviors\TimestampBehavior;
use yii\db\ActiveQuery;
use yii\db\ActiveRecord;
/**
* Поля модели:
* @property string $id
* @property string $secret
* @property string $type
* @property string $name
* @property string $description
* @property string $redirect_uri
* @property string $website_url
* @property string $minecraft_server_ip
* @property integer $account_id
* @property bool $is_trusted
* @property bool $is_deleted
* @property integer $created_at
*
* Отношения:
* @property Account $account
* @property Account|null $account
* @property OauthSession[] $sessions
*/
class OauthClient extends ActiveRecord {
public static function tableName() {
public const TYPE_APPLICATION = 'application';
public const TYPE_MINECRAFT_SERVER = 'minecraft-server';
public static function tableName(): string {
return '{{%oauth_clients}}';
}
public function rules() {
public function behaviors(): array {
return [
[['id'], 'required', 'when' => function(self $model) {
return $model->isNewRecord;
}],
[['id'], 'unique', 'when' => function(self $model) {
return $model->isNewRecord;
}],
[['name', 'description'], 'required'],
[['name', 'description'], 'string', 'max' => 255],
[
'class' => TimestampBehavior::class,
'updatedAtAttribute' => false,
],
];
}
public function getAccount() {
public function generateSecret(): void {
$this->secret = Yii::$app->security->generateRandomString(64);
}
public function getAccount(): ActiveQuery {
return $this->hasOne(Account::class, ['id' => 'account_id']);
}
public function getSessions() {
public function getSessions(): ActiveQuery {
return $this->hasMany(OauthSession::class, ['client_id' => 'id']);
}
public static function find(): OauthClientQuery {
return Yii::createObject(OauthClientQuery::class, [static::class]);
}
}

34
common/models/OauthClientQuery.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
declare(strict_types=1);
namespace common\models;
use yii\db\ActiveQuery;
use yii\db\Command;
/**
* @see OauthClient
*/
class OauthClientQuery extends ActiveQuery {
private $showDeleted = false;
public function includeDeleted(): self {
$this->showDeleted = true;
return $this;
}
public function onlyDeleted(): self {
$this->showDeleted = true;
return $this->andWhere(['is_deleted' => true]);
}
public function createCommand($db = null): Command {
if ($this->showDeleted === false) {
$this->andWhere(['is_deleted' => false]);
}
return parent::createCommand($db);
}
}

11
common/models/OauthSession.php
View File

@@ -4,6 +4,7 @@ namespace common\models;
use common\components\Redis\Set;
use Yii;
use yii\base\NotSupportedException;
use yii\behaviors\TimestampBehavior;
use yii\db\ActiveQuery;
use yii\db\ActiveRecord;
@@ -14,6 +15,7 @@ use yii\db\ActiveRecord;
* @property string|null $owner_id
* @property string $client_id
* @property string $client_redirect_uri
* @property integer $created_at
*
* Отношения
* @property OauthClient $client
@@ -26,6 +28,15 @@ class OauthSession extends ActiveRecord {
return '{{%oauth_sessions}}';
}
public function behaviors() {
return [
[
'class' => TimestampBehavior::class,
'updatedAtAttribute' => false,
],
];
}
public function getClient(): ActiveQuery {
return $this->hasOne(OauthClient::class, ['id' => 'client_id']);
}

4
common/models/amqp/AccountBanned.php
View File

@@ -1,9 +1,9 @@
<?php
namespace common\models\amqp;
use yii\base\Object;
use yii\base\BaseObject;
class AccountBanned extends Object {
class AccountBanned extends BaseObject {
public $accountId;

4
common/models/amqp/AccountPardoned.php
View File

@@ -1,9 +1,9 @@
<?php
namespace common\models\amqp;
use yii\base\Object;
use yii\base\BaseObject;
class AccountPardoned extends Object {
class AccountPardoned extends BaseObject {
public $accountId;

4
common/models/amqp/EmailChanged.php
View File

@@ -1,9 +1,9 @@
<?php
namespace common\models\amqp;
use yii\base\Object;
use yii\base\BaseObject;
class EmailChanged extends Object {
class EmailChanged extends BaseObject {
public $accountId;

4
common/models/amqp/UsernameChanged.php
View File

@@ -1,9 +1,9 @@
<?php
namespace common\models\amqp;
use yii\base\Object;
use yii\base\BaseObject;
class UsernameChanged extends Object {
class UsernameChanged extends BaseObject {
public $accountId;

5
common/rbac/Permissions.php
View File

@@ -12,6 +12,9 @@ final class Permissions {
public const MANAGE_TWO_FACTOR_AUTH = 'manage_two_factor_auth';
public const BLOCK_ACCOUNT = 'block_account';
public const COMPLETE_OAUTH_FLOW = 'complete_oauth_flow';
public const CREATE_OAUTH_CLIENTS = 'create_oauth_clients';
public const VIEW_OAUTH_CLIENTS = 'view_oauth_clients';
public const MANAGE_OAUTH_CLIENTS = 'manage_oauth_clients';
// Personal level controller permissions
public const OBTAIN_OWN_ACCOUNT_INFO = 'obtain_own_account_info';
@@ -23,6 +26,8 @@ final class Permissions {
public const CHANGE_OWN_ACCOUNT_EMAIL = 'change_own_account_email';
public const MANAGE_OWN_TWO_FACTOR_AUTH = 'manage_own_two_factor_auth';
public const MINECRAFT_SERVER_SESSION = 'minecraft_server_session';
public const VIEW_OWN_OAUTH_CLIENTS = 'view_own_oauth_clients';
public const MANAGE_OWN_OAUTH_CLIENTS = 'manage_own_oauth_clients';
// Data permissions
public const OBTAIN_ACCOUNT_EMAIL = 'obtain_account_email';

3
common/rbac/rules/AccountOwner.php
View File

@@ -3,7 +3,6 @@ namespace common\rbac\rules;
use common\models\Account;
use Yii;
use yii\base\InvalidParamException;
use yii\rbac\Rule;
class AccountOwner extends Rule {
@@ -26,7 +25,7 @@ class AccountOwner extends Rule {
public function execute($accessToken, $item, $params): bool {
$accountId = $params['accountId'] ?? null;
if ($accountId === null) {
throw new InvalidParamException('params don\'t contain required key: accountId');
return false;
}
$identity = Yii::$app->user->findIdentityByAccessToken($accessToken);

61
common/rbac/rules/OauthClientOwner.php Normal file
View File

@@ -0,0 +1,61 @@
<?php
declare(strict_types=1);
namespace common\rbac\rules;
use common\models\OauthClient;
use common\rbac\Permissions as P;
use Yii;
use yii\rbac\Rule;
class OauthClientOwner extends Rule {
public $name = 'oauth_client_owner';
/**
* Accepts 2 params:
* - clientId - it's the client id, that user want access to.
* - accountId - if it is passed to check the VIEW_OAUTH_CLIENTS permission, then it will
* check, that current user have access to the provided account.
*
* @param string|int $accessToken
* @param \yii\rbac\Item $item
* @param array $params
*
* @return bool a value indicating whether the rule permits the auth item it is associated with.
*/
public function execute($accessToken, $item, $params): bool {
$accountId = $params['accountId'] ?? null;
if ($accountId !== null && $item->name === P::VIEW_OWN_OAUTH_CLIENTS) {
return (new AccountOwner())->execute($accessToken, $item, ['accountId' => $accountId]);
}
$clientId = $params['clientId'] ?? null;
if ($clientId === null) {
return false;
}
/** @var OauthClient|null $client */
$client = OauthClient::findOne($clientId);
if ($client === null) {
return false;
}
$identity = Yii::$app->user->findIdentityByAccessToken($accessToken);
if ($identity === null) {
return false;
}
$account = $identity->getAccount();
if ($account === null) {
return false;
}
if ($account->id !== $client->account_id) {
return false;
}
return true;
}
}

69
common/tasks/ClearOauthSessions.php Normal file
View File

@@ -0,0 +1,69 @@
<?php
declare(strict_types=1);
namespace common\tasks;
use common\models\OauthClient;
use Yii;
use yii\queue\RetryableJobInterface;
class ClearOauthSessions implements RetryableJobInterface {
/**
* @var int
*/
public $clientId;
/**
* @var int unix timestamp, that allows to limit this task to clear only some old sessions
*/
public $notSince;
public static function createFromOauthClient(OauthClient $client, int $notSince = null): self {
$result = new static();
$result->clientId = $client->id;
if ($notSince !== null) {
$result->notSince = $notSince;
}
return $result;
}
public function getTtr(): int {
return 60/*sec*/ * 5/*min*/;
}
public function canRetry($attempt, $error): bool {
return true;
}
/**
* @param \yii\queue\Queue $queue which pushed and is handling the job
*
* @throws \Exception
* @throws \Throwable
* @throws \yii\db\StaleObjectException
*/
public function execute($queue): void {
Yii::$app->statsd->inc('queue.clearOauthSessions.attempt');
/** @var OauthClient|null $client */
$client = OauthClient::find()
->includeDeleted()
->andWhere(['id' => $this->clientId])
->one();
if ($client === null) {
return;
}
$sessionsQuery = $client->getSessions();
if ($this->notSince !== null) {
$sessionsQuery->andWhere(['<=', 'created_at', $this->notSince]);
}
foreach ($sessionsQuery->each(100, Yii::$app->unbufferedDb) as $session) {
/** @var \common\models\OauthSession $session */
$session->delete();
}
}
}

24
common/validators/MinecraftServerAddressValidator.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace common\validators;
use yii\validators\Validator;
class MinecraftServerAddressValidator extends Validator {
protected function validateValue($value) {
// we will add minecraft protocol to help parse_url understand all another parts
$urlParts = parse_url('minecraft://' . $value);
$cnt = count($urlParts);
// scheme will be always presented, so we need to increase expected $cnt by 1
if (($cnt === 3 && isset($urlParts['host'], $urlParts['port']))
|| ($cnt === 2 && isset($urlParts['host']))
) {
return null;
}
return [$this->message, []];
}
}

10
composer.json
View File

@@ -7,7 +7,7 @@
"require": {
"php": "^7.1",
"roave/security-advisories": "dev-master",
"yiisoft/yii2": "2.0.13.1",
"yiisoft/yii2": "2.0.14",
"yiisoft/yii2-swiftmailer": "~2.1.0",
"ramsey/uuid": "^3.5",
"league/oauth2-server": "^4.1",
@@ -24,7 +24,7 @@
"bacon/bacon-qr-code": "^1.0",
"paragonie/constant_time_encoding": "^2.0",
"webmozart/assert": "^1.2.0",
"goaop/framework": "~2.1.2",
"goaop/framework": "~2.2.0",
"domnikl/statsd": "^2.6",
"yiisoft/yii2-queue": "~2.0.2",
"enqueue/amqp-lib": "^0.8.11"
@@ -34,7 +34,7 @@
"yiisoft/yii2-faker": "*",
"flow/jsonpath": "^0.3.1",
"phpunit/phpunit": "^6.0",
"codeception/codeception": "dev-reset_yii2_app#6045eed00f7b163226d04fe40333f076b0f132e3",
"codeception/codeception": "2.3.8",
"codeception/specify": "^1.0.0",
"codeception/verify": "*",
"mockery/mockery": "^1.0.0",
@@ -52,10 +52,6 @@
{
"type": "git",
"url": "git@gitlab.ely.by:elyby/email-renderer.git"
},
{
"type": "git",
"url": "git@github.com:erickskrauch/Codeception.git"
}
],
"autoload": {

5575
composer.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

32
console/controllers/CleanupController.php
View File

@@ -4,12 +4,15 @@ namespace console\controllers;
use common\models\AccountSession;
use common\models\EmailActivation;
use common\models\MinecraftAccessKey;
use common\models\OauthClient;
use common\tasks\ClearOauthSessions;
use Yii;
use yii\console\Controller;
use yii\console\ExitCode;
class CleanupController extends Controller {
public function actionEmailKeys() {
public function actionEmailKeys(): int {
$query = EmailActivation::find();
foreach ($this->getEmailActivationsDurationsMap() as $typeId => $expiration) {
$query->orWhere([
@@ -24,10 +27,10 @@ class CleanupController extends Controller {
$email->delete();
}
return self::EXIT_CODE_NORMAL;
return ExitCode::OK;
}
public function actionMinecraftSessions() {
public function actionMinecraftSessions(): int {
$expiredMinecraftSessionsQuery = MinecraftAccessKey::find()
->andWhere(['<', 'updated_at', time() - 1209600]); // 2 weeks
@@ -36,7 +39,7 @@ class CleanupController extends Controller {
$minecraftSession->delete();
}
return self::EXIT_CODE_NORMAL;
return ExitCode::OK;
}
/**
@@ -47,7 +50,7 @@ class CleanupController extends Controller {
* У модели AccountSession нет внешних связей, так что целевые записи
* могут быть удалены без использования циклов.
*/
public function actionWebSessions() {
public function actionWebSessions(): int {
AccountSession::deleteAll([
'OR',
['<', 'last_refreshed_at', time() - 7776000], // 90 days
@@ -58,7 +61,24 @@ class CleanupController extends Controller {
],
]);
return self::EXIT_CODE_NORMAL;
return ExitCode::OK;
}
public function actionOauthClients(): int {
/** @var OauthClient[] $clients */
$clients = OauthClient::find()
->onlyDeleted()
->all();
foreach ($clients as $client) {
if ($client->getSessions()->exists()) {
Yii::$app->queue->push(ClearOauthSessions::createFromOauthClient($client));
continue;
}
$client->delete();
}
return ExitCode::OK;
}
private function getEmailActivationsDurationsMap(): array {

11
console/controllers/RbacController.php
View File

@@ -4,6 +4,7 @@ namespace console\controllers;
use common\rbac\Permissions as P;
use common\rbac\Roles as R;
use common\rbac\rules\AccountOwner;
use common\rbac\rules\OauthClientOwner;
use InvalidArgumentException;
use Yii;
use yii\base\ErrorException;
@@ -30,6 +31,9 @@ class RbacController extends Controller {
$permChangeAccountEmail = $this->createPermission(P::CHANGE_ACCOUNT_EMAIL);
$permManageTwoFactorAuth = $this->createPermission(P::MANAGE_TWO_FACTOR_AUTH);
$permBlockAccount = $this->createPermission(P::BLOCK_ACCOUNT);
$permCreateOauthClients = $this->createPermission(P::CREATE_OAUTH_CLIENTS);
$permViewOauthClients = $this->createPermission(P::VIEW_OAUTH_CLIENTS);
$permManageOauthClients = $this->createPermission(P::MANAGE_OAUTH_CLIENTS);
$permCompleteOauthFlow = $this->createPermission(P::COMPLETE_OAUTH_FLOW, AccountOwner::class);
$permObtainAccountEmail = $this->createPermission(P::OBTAIN_ACCOUNT_EMAIL);
@@ -44,6 +48,8 @@ class RbacController extends Controller {
$permChangeOwnAccountEmail = $this->createPermission(P::CHANGE_OWN_ACCOUNT_EMAIL, AccountOwner::class);
$permManageOwnTwoFactorAuth = $this->createPermission(P::MANAGE_OWN_TWO_FACTOR_AUTH, AccountOwner::class);
$permMinecraftServerSession = $this->createPermission(P::MINECRAFT_SERVER_SESSION);
$permViewOwnOauthClients = $this->createPermission(P::VIEW_OWN_OAUTH_CLIENTS, OauthClientOwner::class);
$permManageOwnOauthClients = $this->createPermission(P::MANAGE_OWN_OAUTH_CLIENTS, OauthClientOwner::class);
$permEscapeIdentityVerification = $this->createPermission(P::ESCAPE_IDENTITY_VERIFICATION);
@@ -56,6 +62,8 @@ class RbacController extends Controller {
$authManager->addChild($permChangeOwnAccountPassword, $permChangeAccountPassword);
$authManager->addChild($permChangeOwnAccountEmail, $permChangeAccountEmail);
$authManager->addChild($permManageOwnTwoFactorAuth, $permManageTwoFactorAuth);
$authManager->addChild($permViewOwnOauthClients, $permViewOauthClients);
$authManager->addChild($permManageOwnOauthClients, $permManageOauthClients);
$authManager->addChild($permObtainExtendedAccountInfo, $permObtainAccountInfo);
$authManager->addChild($permObtainExtendedAccountInfo, $permObtainAccountEmail);
@@ -68,6 +76,9 @@ class RbacController extends Controller {
$authManager->addChild($roleAccountsWebUser, $permChangeOwnAccountEmail);
$authManager->addChild($roleAccountsWebUser, $permManageOwnTwoFactorAuth);
$authManager->addChild($roleAccountsWebUser, $permCompleteOauthFlow);
$authManager->addChild($roleAccountsWebUser, $permCreateOauthClients);
$authManager->addChild($roleAccountsWebUser, $permViewOwnOauthClients);
$authManager->addChild($roleAccountsWebUser, $permManageOwnOauthClients);
}
private function createRole(string $name): Role {

29
console/migrations/m180224_132027_extend_oauth_clients_attributes.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
use console\db\Migration;
class m180224_132027_extend_oauth_clients_attributes extends Migration {
public function safeUp() {
$this->addColumn('{{%oauth_clients}}', 'type', $this->string()->notNull()->after('secret'));
$this->addColumn('{{%oauth_clients}}', 'website_url', $this->string()->null()->after('redirect_uri'));
$this->addColumn('{{%oauth_clients}}', 'minecraft_server_ip', $this->string()->null()->after('website_url'));
$this->addColumn('{{%oauth_clients}}', 'is_deleted', $this->boolean()->notNull()->defaultValue(false)->after('is_trusted'));
$this->update('{{%oauth_clients}}', [
'type' => 'application',
]);
$this->addColumn('{{%oauth_sessions}}', 'created_at', $this->integer()->unsigned()->notNull());
$this->update('{{%oauth_sessions}}', [
'created_at' => time(),
]);
}
public function safeDown() {
$this->dropColumn('{{%oauth_clients}}', 'type');
$this->dropColumn('{{%oauth_clients}}', 'website_url');
$this->dropColumn('{{%oauth_clients}}', 'minecraft_server_ip');
$this->dropColumn('{{%oauth_clients}}', 'is_deleted');
$this->dropColumn('{{%oauth_sessions}}', 'created_at');
}
}

1
docker/cron/cleanup
View File

@@ -2,3 +2,4 @@
0 0 * * * root /usr/local/bin/php /var/www/html/yii cleanup/email-keys >/dev/null 2>&1
0 1 * * * root /usr/local/bin/php /var/www/html/yii cleanup/minecraft-sessions >/dev/null 2>&1
0 2 * * * root /usr/local/bin/php /var/www/html/yii cleanup/web-sessions >/dev/null 2>&1
0 3 * * * root /usr/local/bin/php /var/www/html/yii cleanup/oauth-clients >/dev/null 2>&1

30
tests/codeception/api/_pages/OauthRoute.php
View File

@@ -3,16 +3,40 @@ namespace tests\codeception\api\_pages;
class OauthRoute extends BasePage {
public function validate($queryParams) {
public function validate(array $queryParams): void {
$this->getActor()->sendGET('/oauth2/v1/validate', $queryParams);
}
public function complete($queryParams = [], $postParams = []) {
public function complete(array $queryParams = [], array $postParams = []): void {
$this->getActor()->sendPOST('/oauth2/v1/complete?' . http_build_query($queryParams), $postParams);
}
public function issueToken($postParams = []) {
public function issueToken(array $postParams = []): void {
$this->getActor()->sendPOST('/oauth2/v1/token', $postParams);
}
public function createClient(string $type, array $postParams): void {
$this->getActor()->sendPOST('/v1/oauth2/' . $type, $postParams);
}
public function updateClient(string $clientId, array $params): void {
$this->getActor()->sendPUT('/v1/oauth2/' . $clientId, $params);
}
public function deleteClient(string $clientId): void {
$this->getActor()->sendDELETE('/v1/oauth2/' . $clientId);
}
public function resetClient(string $clientId, bool $regenerateSecret = false): void {
$this->getActor()->sendPOST("/v1/oauth2/$clientId/reset" . ($regenerateSecret ? '?regenerateSecret' : ''));
}
public function getClient(string $clientId): void {
$this->getActor()->sendGET("/v1/oauth2/$clientId");
}
public function getPerAccount(int $accountId): void {
$this->getActor()->sendGET("/v1/accounts/$accountId/oauth2/clients");
}
}

1
tests/codeception/api/codeception.yml
View File

@@ -22,7 +22,6 @@ coverage:
- ../../../api/*
exclude:
- ../../../api/config/*
- ../../../api/mails/*
- ../../../api/web/*
- ../../../api/runtime/*
c3url: 'http://localhost/api/web/index.php'

92
tests/codeception/api/functional/oauth/CreateClientCest.php Normal file
View File

@@ -0,0 +1,92 @@
<?php
namespace tests\codeception\api\oauth;
use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\FunctionalTester;
class CreateClientCest {
/**
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I);
}
public function testCreateApplicationWithWrongParams(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->createClient('application', []);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'name' => 'error.name_required',
'redirectUri' => 'error.redirectUri_required',
],
]);
$this->route->createClient('application', [
'name' => 'my test oauth client',
'redirectUri' => 'localhost',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'redirectUri' => 'error.redirectUri_invalid',
],
]);
}
public function testCreateApplication(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->createClient('application', [
'name' => 'My admin application',
'description' => 'Application description.',
'redirectUri' => 'http://some-site.com/oauth/ely',
'websiteUrl' => 'http://some-site.com',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'my-admin-application',
'name' => 'My admin application',
'description' => 'Application description.',
'websiteUrl' => 'http://some-site.com',
'countUsers' => 0,
'redirectUri' => 'http://some-site.com/oauth/ely',
],
]);
$I->canSeeResponseJsonMatchesJsonPath('$.data.clientSecret');
$I->canSeeResponseJsonMatchesJsonPath('$.data.createdAt');
}
public function testCreateMinecraftServer(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->createClient('minecraft-server', [
'name' => 'My amazing server',
'websiteUrl' => 'http://some-site.com',
'minecraftServerIp' => 'hypixel.com:25565',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'my-amazing-server',
'name' => 'My amazing server',
'websiteUrl' => 'http://some-site.com',
'countUsers' => 0,
'minecraftServerIp' => 'hypixel.com:25565',
],
]);
$I->canSeeResponseJsonMatchesJsonPath('$.data.clientSecret');
$I->canSeeResponseJsonMatchesJsonPath('$.data.createdAt');
}
}

28
tests/codeception/api/functional/oauth/DeleteClientCest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
namespace tests\codeception\api\oauth;
use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\FunctionalTester;
class DeleteClientCest {
/**
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I);
}
public function testDelete(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->deleteClient('first-test-oauth-client');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
]);
}
}

89
tests/codeception/api/functional/oauth/GetClientsCest.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
namespace tests\codeception\api\oauth;
use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\FunctionalTester;
class GetClientsCest {
/**
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I);
}
public function testGet(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->getClient('admin-oauth-client');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'clientId' => 'admin-oauth-client',
'clientSecret' => 'FKyO71iCIlv4YM2IHlLbhsvYoIJScUzTZt1kEK7DQLXXYISLDvURVXK32Q58sHWS',
'type' => 'application',
'name' => 'Admin\'s oauth client',
'description' => 'Personal oauth client',
'redirectUri' => 'http://some-site.com/oauth/ely',
'websiteUrl' => '',
'createdAt' => 1519254133,
]);
}
public function testGetNotOwn(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->getClient('another-test-oauth-client');
$I->canSeeResponseCodeIs(403);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'name' => 'Forbidden',
'status' => 403,
'message' => 'You are not allowed to perform this action.',
]);
}
public function testGetAllPerAccountList(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->getPerAccount(14);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
[
'clientId' => 'first-test-oauth-client',
'clientSecret' => 'Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT',
'type' => 'application',
'name' => 'First test oauth client',
'description' => 'Some description to the first oauth client',
'redirectUri' => 'http://some-site-1.com/oauth/ely',
'websiteUrl' => '',
'countUsers' => 0,
'createdAt' => 1519487434,
],
[
'clientId' => 'another-test-oauth-client',
'clientSecret' => 'URVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXXYISLDvIHlLbhsvYoIJScUzT',
'type' => 'minecraft-server',
'name' => 'Another test oauth client',
'websiteUrl' => '',
'minecraftServerIp' => '136.243.88.97:25565',
'countUsers' => 0,
'createdAt' => 1519487472,
],
]);
}
public function testGetAllPerNotOwnAccount(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->getPerAccount(1);
$I->canSeeResponseCodeIs(403);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'name' => 'Forbidden',
'status' => 403,
'message' => 'You are not allowed to perform this action.',
]);
}
}

60
tests/codeception/api/functional/oauth/ResetClientCest.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
namespace tests\codeception\api\oauth;
use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\FunctionalTester;
class ResetClientCest {
/**
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I);
}
public function testReset(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->resetClient('first-test-oauth-client');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'first-test-oauth-client',
'clientSecret' => 'Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT',
'name' => 'First test oauth client',
'description' => 'Some description to the first oauth client',
'redirectUri' => 'http://some-site-1.com/oauth/ely',
'websiteUrl' => '',
'countUsers' => 0,
'createdAt' => 1519487434,
],
]);
}
public function testResetWithSecretChanging(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->resetClient('first-test-oauth-client', true);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'first-test-oauth-client',
'name' => 'First test oauth client',
'description' => 'Some description to the first oauth client',
'redirectUri' => 'http://some-site-1.com/oauth/ely',
'websiteUrl' => '',
'countUsers' => 0,
'createdAt' => 1519487434,
],
]);
$I->canSeeResponseJsonMatchesJsonPath('$.data.clientSecret');
$secret = $I->grabDataFromResponseByJsonPath('$.data.clientSecret')[0];
$I->assertNotEquals('Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT', $secret);
}
}

65
tests/codeception/api/functional/oauth/UpdateClientCest.php Normal file
View File

@@ -0,0 +1,65 @@
<?php
namespace tests\codeception\api\oauth;
use tests\codeception\api\_pages\OauthRoute;
use tests\codeception\api\FunctionalTester;
class UpdateClientCest {
/**
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I);
}
public function testUpdateApplication(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->updateClient('first-test-oauth-client', [
'name' => 'Updated name',
'description' => 'Updated description.',
'redirectUri' => 'http://new-site.com/oauth/ely',
'websiteUrl' => 'http://new-site.com',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'first-test-oauth-client',
'clientSecret' => 'Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT',
'name' => 'Updated name',
'description' => 'Updated description.',
'redirectUri' => 'http://new-site.com/oauth/ely',
'websiteUrl' => 'http://new-site.com',
'createdAt' => 1519487434,
'countUsers' => 0,
],
]);
}
public function testUpdateMinecraftServer(FunctionalTester $I) {
$I->amAuthenticated('TwoOauthClients');
$this->route->updateClient('another-test-oauth-client', [
'name' => 'Updated server name',
'websiteUrl' => 'http://new-site.com',
'minecraftServerIp' => 'hypixel.com:25565',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'another-test-oauth-client',
'clientSecret' => 'URVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXXYISLDvIHlLbhsvYoIJScUzT',
'name' => 'Updated server name',
'websiteUrl' => 'http://new-site.com',
'minecraftServerIp' => 'hypixel.com:25565',
'createdAt' => 1519487472,
],
]);
}
}

27
tests/codeception/api/unit/modules/oauth/models/ApplicationTypeTest.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
namespace tests\codeception\api\unit\modules\oauth\models;
use api\modules\oauth\models\ApplicationType;
use common\models\OauthClient;
use tests\codeception\api\unit\TestCase;
class ApplicationTypeTest extends TestCase {
public function testApplyToClient(): void {
$model = new ApplicationType();
$model->name = 'Application name';
$model->websiteUrl = 'http://example.com';
$model->redirectUri = 'http://example.com/oauth/ely';
$model->description = 'Application description.';
$client = new OauthClient();
$model->applyToClient($client);
$this->assertSame('Application name', $client->name);
$this->assertSame('Application description.', $client->description);
$this->assertSame('http://example.com/oauth/ely', $client->redirect_uri);
$this->assertSame('http://example.com', $client->website_url);
}
}

24
tests/codeception/api/unit/modules/oauth/models/BaseOauthClientTypeTest.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace tests\codeception\api\unit\modules\oauth\models;
use api\modules\oauth\models\BaseOauthClientType;
use common\models\OauthClient;
use tests\codeception\api\unit\TestCase;
class BaseOauthClientTypeTest extends TestCase {
public function testApplyTyClient(): void {
$client = new OauthClient();
/** @var BaseOauthClientType|\Mockery\MockInterface $form */
$form = mock(BaseOauthClientType::class);
$form->makePartial();
$form->name = 'Application name';
$form->websiteUrl = 'http://example.com';
$form->applyToClient($client);
$this->assertSame('Application name', $client->name);
$this->assertSame('http://example.com', $client->website_url);
}
}

25
tests/codeception/api/unit/modules/oauth/models/MinecraftServerTypeTest.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace tests\codeception\api\unit\modules\oauth\models;
use api\modules\oauth\models\MinecraftServerType;
use common\models\OauthClient;
use tests\codeception\api\unit\TestCase;
class MinecraftServerTypeTest extends TestCase {
public function testApplyToClient(): void {
$model = new MinecraftServerType();
$model->name = 'Server name';
$model->websiteUrl = 'http://example.com';
$model->minecraftServerIp = 'localhost:12345';
$client = new OauthClient();
$model->applyToClient($client);
$this->assertSame('Server name', $client->name);
$this->assertSame('http://example.com', $client->website_url);
$this->assertSame('localhost:12345', $client->minecraft_server_ip);
}
}

49
tests/codeception/api/unit/modules/oauth/models/OauthClientFormFactoryTest.php Normal file
View File

@@ -0,0 +1,49 @@
<?php
namespace tests\codeception\api\unit\modules\oauth\models;
use api\modules\oauth\models\ApplicationType;
use api\modules\oauth\models\MinecraftServerType;
use api\modules\oauth\models\OauthClientFormFactory;
use common\models\OauthClient;
use tests\codeception\api\unit\TestCase;
class OauthClientFormFactoryTest extends TestCase {
public function testCreate() {
$client = new OauthClient();
$client->type = OauthClient::TYPE_APPLICATION;
$client->name = 'Application name';
$client->description = 'Application description.';
$client->website_url = 'http://example.com';
$client->redirect_uri = 'http://example.com/oauth/ely';
/** @var ApplicationType $requestForm */
$requestForm = OauthClientFormFactory::create($client);
$this->assertInstanceOf(ApplicationType::class, $requestForm);
$this->assertSame('Application name', $requestForm->name);
$this->assertSame('Application description.', $requestForm->description);
$this->assertSame('http://example.com', $requestForm->websiteUrl);
$this->assertSame('http://example.com/oauth/ely', $requestForm->redirectUri);
$client = new OauthClient();
$client->type = OauthClient::TYPE_MINECRAFT_SERVER;
$client->name = 'Server name';
$client->website_url = 'http://example.com';
$client->minecraft_server_ip = 'localhost:12345';
/** @var MinecraftServerType $requestForm */
$requestForm = OauthClientFormFactory::create($client);
$this->assertInstanceOf(MinecraftServerType::class, $requestForm);
$this->assertSame('Server name', $requestForm->name);
$this->assertSame('http://example.com', $requestForm->websiteUrl);
$this->assertSame('localhost:12345', $requestForm->minecraftServerIp);
}
/**
* @expectedException \api\modules\oauth\exceptions\UnsupportedOauthClientType
*/
public function testCreateUnknownType() {
$client = new OauthClient();
$client->type = 'unknown-type';
OauthClientFormFactory::create($client);
}
}

140
tests/codeception/api/unit/modules/oauth/models/OauthClientFormTest.php Normal file
View File

@@ -0,0 +1,140 @@
<?php
namespace tests\codeception\api\unit\modules\oauth\models;
use api\modules\oauth\models\OauthClientForm;
use api\modules\oauth\models\OauthClientTypeForm;
use common\models\OauthClient;
use common\tasks\ClearOauthSessions;
use tests\codeception\api\unit\TestCase;
class OauthClientFormTest extends TestCase {
public function testSave() {
/** @var OauthClient|\Mockery\MockInterface $client */
$client = mock(OauthClient::class . '[save]');
$client->shouldReceive('save')->andReturn(true);
$client->account_id = 1;
$client->type = OauthClient::TYPE_APPLICATION;
$client->name = 'Test application';
/** @var OauthClientForm|\Mockery\MockInterface $form */
$form = mock(OauthClientForm::class . '[isClientExists]', [$client]);
$form->shouldAllowMockingProtectedMethods();
$form->shouldReceive('isClientExists')
->times(3)
->andReturnValues([true, true, false]);
/** @var OauthClientTypeForm|\Mockery\MockInterface $requestType */
$requestType = mock(OauthClientTypeForm::class);
$requestType->shouldReceive('validate')->once()->andReturn(true);
$requestType->shouldReceive('applyToClient')->once()->withArgs([$client]);
$this->assertTrue($form->save($requestType));
$this->assertSame('test-application2', $client->id);
$this->assertNotNull($client->secret);
$this->assertSame(64, mb_strlen($client->secret));
}
public function testSaveUpdateExistsModel() {
/** @var OauthClient|\Mockery\MockInterface $client */
$client = mock(OauthClient::class . '[save]');
$client->shouldReceive('save')->andReturn(true);
$client->setIsNewRecord(false);
$client->id = 'application-id';
$client->secret = 'application_secret';
$client->account_id = 1;
$client->type = OauthClient::TYPE_APPLICATION;
$client->name = 'Application name';
$client->description = 'Application description';
$client->redirect_uri = 'http://example.com/oauth/ely';
$client->website_url = 'http://example.com';
/** @var OauthClientForm|\Mockery\MockInterface $form */
$form = mock(OauthClientForm::class . '[isClientExists]', [$client]);
$form->shouldAllowMockingProtectedMethods();
$form->shouldReceive('isClientExists')->andReturn(false);
$request = new class implements OauthClientTypeForm {
public function load($data): bool {
return true;
}
public function validate(): bool {
return true;
}
public function getValidationErrors(): array {
return [];
}
public function applyToClient(OauthClient $client): void {
$client->name = 'New name';
$client->description = 'New description.';
}
};
$this->assertTrue($form->save($request));
$this->assertSame('application-id', $client->id);
$this->assertSame('application_secret', $client->secret);
$this->assertSame('New name', $client->name);
$this->assertSame('New description.', $client->description);
$this->assertSame('http://example.com/oauth/ely', $client->redirect_uri);
$this->assertSame('http://example.com', $client->website_url);
}
public function testDelete() {
/** @var OauthClient|\Mockery\MockInterface $client */
$client = mock(OauthClient::class . '[save]');
$client->id = 'mocked-id';
$client->type = OauthClient::TYPE_APPLICATION;
$client->shouldReceive('save')->andReturn(true);
$form = new OauthClientForm($client);
$this->assertTrue($form->delete());
$this->assertTrue($form->getClient()->is_deleted);
/** @var ClearOauthSessions $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(ClearOauthSessions::class, $job);
$this->assertSame('mocked-id', $job->clientId);
$this->assertNull($job->notSince);
}
public function testReset() {
/** @var OauthClient|\Mockery\MockInterface $client */
$client = mock(OauthClient::class . '[save]');
$client->id = 'mocked-id';
$client->secret = 'initial_secret';
$client->type = OauthClient::TYPE_APPLICATION;
$client->shouldReceive('save')->andReturn(true);
$form = new OauthClientForm($client);
$this->assertTrue($form->reset());
$this->assertSame('initial_secret', $form->getClient()->secret);
/** @var ClearOauthSessions $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(ClearOauthSessions::class, $job);
$this->assertSame('mocked-id', $job->clientId);
$this->assertEquals(time(), $job->notSince, '', 2);
}
public function testResetWithSecret() {
/** @var OauthClient|\Mockery\MockInterface $client */
$client = mock(OauthClient::class . '[save]');
$client->id = 'mocked-id';
$client->secret = 'initial_secret';
$client->type = OauthClient::TYPE_APPLICATION;
$client->shouldReceive('save')->andReturn(true);
$form = new OauthClientForm($client);
$this->assertTrue($form->reset(true));
$this->assertNotSame('initial_secret', $form->getClient()->secret);
/** @var ClearOauthSessions $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(ClearOauthSessions::class, $job);
$this->assertSame('mocked-id', $job->clientId);
$this->assertEquals(time(), $job->notSince, '', 2);
}
}

16
tests/codeception/common/fixtures/data/accounts.php
View File

@@ -186,4 +186,20 @@ return [
'updated_at' => 1485124685,
'password_changed_at' => 1485124685,
],
'account-with-two-oauth-clients' => [
'id' => 14,
'uuid' => '1b946267-b1a9-4409-ae83-94f84a329883',
'username' => 'TwoOauthClients',
'email' => 'oauth2-two@gmail.com',
'password_hash' => '$2y$13$2rYkap5T6jG8z/mMK8a3Ou6aZxJcmAaTha6FEuujvHEmybSHRzW5e', # password_0
'password_hash_strategy' => \common\models\Account::PASS_HASH_STRATEGY_YII2,
'lang' => 'ru',
'status' => \common\models\Account::STATUS_ACTIVE,
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'otp_secret' => null,
'is_otp_enabled' => false,
'created_at' => 1519487320,
'updated_at' => 1519487320,
'password_changed_at' => 1519487320,
],
];

90
tests/codeception/common/fixtures/data/oauth-clients.php
View File

@@ -3,51 +3,141 @@ return [
'ely' => [
'id' => 'ely',
'secret' => 'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
'type' => 'application',
'name' => 'Ely.by',
'description' => 'Всем знакомое елуби',
'redirect_uri' => 'http://ely.by',
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => null,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1455309271,
],
'tlauncher' => [
'id' => 'tlauncher',
'secret' => 'HsX-xXzdGiz3mcsqeEvrKHF47sqiaX94',
'type' => 'application',
'name' => 'TLauncher',
'description' => 'Лучший альтернативный лаунчер для Minecraft с большим количеством версий и их модификаций, а также возмоностью входа как с лицензионным аккаунтом, так и без него.',
'redirect_uri' => '',
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => null,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1455318468,
],
'test1' => [
'id' => 'test1',
'secret' => 'eEvrKHF47sqiaX94HsX-xXzdGiz3mcsq',
'type' => 'application',
'name' => 'Test1',
'description' => 'Some description',
'redirect_uri' => 'http://test1.net',
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => null,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1479937982,
],
'trustedClient' => [
'id' => 'trusted-client',
'secret' => 'tXBbyvMcyaOgHMOAXBpN2EC7uFoJAaL9',
'type' => 'application',
'name' => 'Trusted client',
'description' => 'Это клиент, которому мы доверяем',
'redirect_uri' => null,
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => null,
'is_trusted' => 1,
'is_deleted' => 0,
'created_at' => 1482922663,
],
'defaultClient' => [
'id' => 'default-client',
'secret' => 'AzWRy7ZjS1yRQUk2vRBDic8fprOKDB1W',
'type' => 'application',
'name' => 'Default client',
'description' => 'Это обычный клиент, каких может быть много',
'redirect_uri' => null,
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => null,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1482922711,
],
'admin_oauth_client' => [
'id' => 'admin-oauth-client',
'secret' => 'FKyO71iCIlv4YM2IHlLbhsvYoIJScUzTZt1kEK7DQLXXYISLDvURVXK32Q58sHWS',
'type' => 'application',
'name' => 'Admin\'s oauth client',
'description' => 'Personal oauth client',
'redirect_uri' => 'http://some-site.com/oauth/ely',
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => 1,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1519254133,
],
'first_test_oauth_client' => [
'id' => 'first-test-oauth-client',
'secret' => 'Zt1kEK7DQLXXYISLDvURVXK32Q58sHWSFKyO71iCIlv4YM2IHlLbhsvYoIJScUzT',
'type' => 'application',
'name' => 'First test oauth client',
'description' => 'Some description to the first oauth client',
'redirect_uri' => 'http://some-site-1.com/oauth/ely',
'website_url' => '',
'minecraft_server_ip' => '',
'account_id' => 14,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1519487434,
],
'another_test_oauth_client' => [
'id' => 'another-test-oauth-client',
'secret' => 'URVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXXYISLDvIHlLbhsvYoIJScUzT',
'type' => 'minecraft-server',
'name' => 'Another test oauth client',
'description' => null,
'redirect_uri' => null,
'website_url' => '',
'minecraft_server_ip' => '136.243.88.97:25565',
'account_id' => 14,
'is_trusted' => 0,
'is_deleted' => 0,
'created_at' => 1519487472,
],
'deleted_oauth_client' => [
'id' => 'deleted-oauth-client',
'secret' => 'YISLDvIHlLbhsvYoIJScUzTURVXK32Q58sHWSFKyO71iCIlv4YM2Zt1kEK7DQLXX',
'type' => 'application',
'name' => 'I was deleted :(',
'description' => null,
'redirect_uri' => 'http://not-exists-site.com/oauth/ely',
'website_url' => '',
'minecraft_server_ip' => null,
'account_id' => 1,
'is_trusted' => 0,
'is_deleted' => 1,
'created_at' => 1519504563,
],
'deleted_oauth_client_with_sessions' => [
'id' => 'deleted-oauth-client-with-sessions',
'secret' => 'EK7DQLXXYISLDvIHlLbhsvYoIJScUzTURVXK32Q58sHWSFKyO71iCIlv4YM2Zt1k',
'type' => 'application',
'name' => 'I still have some sessions ^_^',
'description' => null,
'redirect_uri' => 'http://not-exists-site.com/oauth/ely',
'website_url' => '',
'minecraft_server_ip' => null,
'account_id' => 1,
'is_trusted' => 0,
'is_deleted' => 1,
'created_at' => 1519507190,
],
];

18
tests/codeception/common/fixtures/data/oauth-sessions.php
View File

@@ -6,6 +6,7 @@ return [
'owner_id' => 1,
'client_id' => 'test1',
'client_redirect_uri' => 'http://test1.net/oauth',
'created_at' => 1479944472,
],
'banned-account-session' => [
'id' => 2,
@@ -13,5 +14,22 @@ return [
'owner_id' => 10,
'client_id' => 'test1',
'client_redirect_uri' => 'http://test1.net/oauth',
'created_at' => 1481421663,
],
'deleted-client-session' => [
'id' => 3,
'owner_type' => 'user',
'owner_id' => 1,
'client_id' => 'deleted-oauth-client-with-sessions',
'client_redirect_uri' => 'http://not-exists-site.com/oauth/ely',
'created_at' => 1519510065,
],
'actual-deleted-client-session' => [
'id' => 4,
'owner_type' => 'user',
'owner_id' => 2,
'client_id' => 'deleted-oauth-client-with-sessions',
'client_redirect_uri' => 'http://not-exists-site.com/oauth/ely',
'created_at' => 1519511568,
],
];

42
tests/codeception/common/unit/models/OauthClientQueryTest.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
namespace tests\codeception\common\unit\models;
use common\models\OauthClient;
use tests\codeception\common\fixtures\OauthClientFixture;
use tests\codeception\common\unit\TestCase;
class OauthClientQueryTest extends TestCase {
public function _fixtures() {
return [
'oauthClients' => OauthClientFixture::class,
];
}
public function testDefaultHideDeletedEntries() {
/** @var OauthClient[] $clients */
$clients = OauthClient::find()->all();
$this->assertEmpty(array_filter($clients, function(OauthClient $client) {
return (bool)$client->is_deleted === true;
}));
$this->assertNull(OauthClient::findOne('deleted-oauth-client'));
}
public function testAllowFindDeletedEntries() {
/** @var OauthClient[] $clients */
$clients = OauthClient::find()->includeDeleted()->all();
$this->assertNotEmpty(array_filter($clients, function(OauthClient $client) {
return (bool)$client->is_deleted === true;
}));
$client = OauthClient::find()
->includeDeleted()
->andWhere(['id' => 'deleted-oauth-client'])
->one();
$this->assertInstanceOf(OauthClient::class, $client);
$deletedClients = OauthClient::find()->onlyDeleted()->all();
$this->assertEmpty(array_filter($deletedClients, function(OauthClient $client) {
return (bool)$client->is_deleted === false;
}));
}
}

8
tests/codeception/common/unit/rbac/rules/AccountOwnerTest.php
View File

@@ -40,6 +40,7 @@ class AccountOwnerTest extends TestCase {
Yii::$app->set('user', $component);
$this->assertFalse($rule->execute('token', $item, []));
$this->assertFalse($rule->execute('token', $item, ['accountId' => 2]));
$this->assertFalse($rule->execute('token', $item, ['accountId' => '2']));
$this->assertTrue($rule->execute('token', $item, ['accountId' => 1]));
@@ -53,11 +54,4 @@ class AccountOwnerTest extends TestCase {
$this->assertFalse($rule->execute('token', $item, ['accountId' => 1, 'optionalRules' => true]));
}
/**
* @expectedException \yii\base\InvalidParamException
*/
public function testExecuteWithException() {
(new AccountOwner())->execute('', new Item(), []);
}
}

53
tests/codeception/common/unit/rbac/rules/OauthClientOwnerTest.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
namespace tests\codeception\common\unit\rbac\rules;
use api\components\User\Component;
use api\components\User\IdentityInterface;
use common\models\Account;
use common\rbac\Permissions as P;
use common\rbac\rules\OauthClientOwner;
use tests\codeception\common\fixtures\OauthClientFixture;
use tests\codeception\common\unit\TestCase;
use Yii;
use yii\rbac\Item;
use const common\LATEST_RULES_VERSION;
class OauthClientOwnerTest extends TestCase {
public function _fixtures() {
return [
'oauthClients' => OauthClientFixture::class,
];
}
public function testExecute() {
$rule = new OauthClientOwner();
$item = new Item();
$account = new Account();
$account->id = 1;
$account->status = Account::STATUS_ACTIVE;
$account->rules_agreement_version = LATEST_RULES_VERSION;
/** @var IdentityInterface|\Mockery\MockInterface $identity */
$identity = mock(IdentityInterface::class);
$identity->shouldReceive('getAccount')->andReturn($account);
/** @var Component|\Mockery\MockInterface $component */
$component = mock(Component::class . '[findIdentityByAccessToken]', [['secret' => 'secret']]);
$component->shouldDeferMissing();
$component->shouldReceive('findIdentityByAccessToken')->withArgs(['token'])->andReturn($identity);
Yii::$app->set('user', $component);
$this->assertFalse($rule->execute('token', $item, []));
$this->assertTrue($rule->execute('token', $item, ['clientId' => 'admin-oauth-client']));
$this->assertFalse($rule->execute('token', $item, ['clientId' => 'not-exists-client']));
$account->id = 2;
$this->assertFalse($rule->execute('token', $item, ['clientId' => 'admin-oauth-client']));
$item->name = P::VIEW_OWN_OAUTH_CLIENTS;
$this->assertTrue($rule->execute('token', $item, ['accountId' => 2]));
$this->assertFalse($rule->execute('token', $item, ['accountId' => 1]));
}
}

55
tests/codeception/common/unit/tasks/ClearOauthSessionsTest.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
namespace tests\codeception\common\unit\tasks;
use common\models\OauthClient;
use common\models\OauthSession;
use common\tasks\ClearOauthSessions;
use tests\codeception\common\fixtures;
use tests\codeception\common\unit\TestCase;
use yii\queue\Queue;
class ClearOauthSessionsTest extends TestCase {
public function _fixtures() {
return [
'oauthClients' => fixtures\OauthClientFixture::class,
'oauthSessions' => fixtures\OauthSessionFixture::class,
];
}
public function testCreateFromClient() {
$client = new OauthClient();
$client->id = 'mocked-id';
$result = ClearOauthSessions::createFromOauthClient($client);
$this->assertInstanceOf(ClearOauthSessions::class, $result);
$this->assertSame('mocked-id', $result->clientId);
$this->assertNull($result->notSince);
$result = ClearOauthSessions::createFromOauthClient($client, time());
$this->assertInstanceOf(ClearOauthSessions::class, $result);
$this->assertSame('mocked-id', $result->clientId);
$this->assertEquals(time(), $result->notSince, '', 1);
}
public function testExecute() {
$task = new ClearOauthSessions();
$task->clientId = 'deleted-oauth-client-with-sessions';
$task->notSince = 1519510065;
$task->execute(mock(Queue::class));
$this->assertFalse(OauthSession::find()->andWhere(['id' => 3])->exists());
$this->assertTrue(OauthSession::find()->andWhere(['id' => 4])->exists());
$task = new ClearOauthSessions();
$task->clientId = 'deleted-oauth-client-with-sessions';
$task->execute(mock(Queue::class));
$this->assertFalse(OauthSession::find()->andWhere(['id' => 4])->exists());
$task = new ClearOauthSessions();
$task->clientId = 'some-not-exists-client-id';
$task->execute(mock(Queue::class));
}
}

33
tests/codeception/common/unit/validators/MinecraftServerAddressValidatorTest.php Normal file
View File

@@ -0,0 +1,33 @@
<?php
namespace tests\codeception\common\unit\validators;
use common\validators\MinecraftServerAddressValidator;
use tests\codeception\common\unit\TestCase;
class MinecraftServerAddressValidatorTest extends TestCase {
/**
* @dataProvider domainNames
*/
public function testValidate($address, $shouldBeValid) {
$validator = new MinecraftServerAddressValidator();
$validator->validate($address, $errors);
$this->assertEquals($shouldBeValid, $errors === null);
}
public function domainNames() {
return [
['localhost', true ],
['localhost:25565', true ],
['mc.hypixel.net', true ],
['mc.hypixel.net:25565', true ],
['136.243.88.97', true ],
['136.243.88.97:25565', true ],
['http://ely.by', false],
['http://ely.by:80', false],
['ely.by/abcd', false],
['ely.by?abcd', false],
];
}
}

1
tests/codeception/console/unit.suite.yml
View File

@@ -4,6 +4,7 @@ modules:
- Yii2:
part: [orm, email, fixtures]
- tests\codeception\common\_support\Mockery
- tests\codeception\common\_support\queue\CodeceptionQueueHelper
config:
Yii2:
configFile: '../config/console/unit.php'

32
tests/codeception/console/unit/controllers/CleanupControllerTest.php
View File

@@ -4,10 +4,10 @@ namespace codeception\console\unit\controllers;
use common\models\AccountSession;
use common\models\EmailActivation;
use common\models\MinecraftAccessKey;
use common\models\OauthClient;
use common\tasks\ClearOauthSessions;
use console\controllers\CleanupController;
use tests\codeception\common\fixtures\AccountSessionFixture;
use tests\codeception\common\fixtures\EmailActivationFixture;
use tests\codeception\common\fixtures\MinecraftAccessKeyFixture;
use tests\codeception\common\fixtures;
use tests\codeception\console\unit\TestCase;
use Yii;
@@ -15,9 +15,11 @@ class CleanupControllerTest extends TestCase {
public function _fixtures() {
return [
'emailActivations' => EmailActivationFixture::class,
'minecraftSessions' => MinecraftAccessKeyFixture::class,
'accountsSessions' => AccountSessionFixture::class,
'emailActivations' => fixtures\EmailActivationFixture::class,
'minecraftSessions' => fixtures\MinecraftAccessKeyFixture::class,
'accountsSessions' => fixtures\AccountSessionFixture::class,
'oauthClients' => fixtures\OauthClientFixture::class,
'oauthSessions' => fixtures\OauthSessionFixture::class,
];
}
@@ -56,4 +58,22 @@ class CleanupControllerTest extends TestCase {
$this->assertEquals($totalSessionsCount - 2, AccountSession::find()->count());
}
public function testActionOauthClients() {
/** @var OauthClient $deletedClient */
$totalClientsCount = OauthClient::find()->includeDeleted()->count();
$controller = new CleanupController('cleanup', Yii::$app);
$this->assertEquals(0, $controller->actionOauthClients());
$this->assertNull(OauthClient::find()->includeDeleted()->andWhere(['id' => 'deleted-oauth-client'])->one());
$this->assertNotNull(OauthClient::find()->includeDeleted()->andWhere(['id' => 'deleted-oauth-client-with-sessions'])->one());
$this->assertEquals($totalClientsCount - 1, OauthClient::find()->includeDeleted()->count());
/** @var ClearOauthSessions $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(ClearOauthSessions::class, $job);
$this->assertSame('deleted-oauth-client-with-sessions', $job->clientId);
$this->assertNull($job->notSince);
}
}