ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fix revokation validation. Add additional tests cases

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-10 22:51:11 +03:00
parent 016a193263
commit d27070630c
9 changed files with 85 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/components/User/Component.php
View File

@@ -81,7 +81,7 @@ class Component extends YiiUserComponent {
if (!($mode & self::KEEP_MINECRAFT_SESSIONS)) {
/** @var \common\models\OauthSession|null $minecraftSession */
$minecraftSession = $account->getSessions()
$minecraftSession = $account->getOauthSessions()
->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])
->one();
if ($minecraftSession !== null) {

28
api/components/User/JwtIdentity.php
View File

@@ -54,23 +54,24 @@ class JwtIdentity implements IdentityInterface {
$tokenReader = new TokenReader($token);
$accountId = $tokenReader->getAccountId();
$iat = $token->getClaim('iat');
if ($tokenReader->getMinecraftClientToken() !== null && self::isRevoked($accountId, OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER, $iat)) {
throw new UnauthorizedHttpException('Token has been revoked');
}
if ($accountId !== null) {
$iat = $token->getClaim('iat');
if ($tokenReader->getMinecraftClientToken() !== null
&& self::isRevoked($accountId, OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER, $iat)
) {
throw new UnauthorizedHttpException('Token has been revoked');
}
if ($tokenReader->getClientId() !== null && self::isRevoked($accountId, $tokenReader->getClientId(), $iat)) {
throw new UnauthorizedHttpException('Token has been revoked');
if ($tokenReader->getClientId() !== null
&& self::isRevoked($accountId, $tokenReader->getClientId(), $iat)
) {
throw new UnauthorizedHttpException('Token has been revoked');
}
}
return new self($token);
}
private static function isRevoked(int $accountId, string $clientId, int $iat): bool {
$session = OauthSession::findOne(['account_id' => $accountId, 'client_id' => $clientId]);
return $session !== null && $session->revoked_at !== null && $session->revoked_at > $iat;
}
public function getToken(): Token {
return $this->token;
}
@@ -100,6 +101,11 @@ class JwtIdentity implements IdentityInterface {
throw new NotSupportedException('This method used for cookie auth, except we using Bearer auth');
}
private static function isRevoked(int $accountId, string $clientId, int $iat): bool {
$session = OauthSession::findOne(['account_id' => $accountId, 'client_id' => $clientId]);
return $session !== null && $session->revoked_at !== null && $session->revoked_at > $iat;
}
// @codeCoverageIgnoreEnd
private function getReader(): TokenReader {