ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Set access tokens TTL depending on the requested scopes

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-06 19:07:08 +03:00
parent f0a73f2b7a
commit efb97a2006
4 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/components/OAuth2/Component.php
View File

@@ -25,7 +25,7 @@ class Component extends BaseComponent {
$authCodesRepo = new Repositories\AuthCodeRepository();
$refreshTokensRepo = new Repositories\RefreshTokenRepository();
$accessTokenTTL = CarbonInterval::day();
$accessTokenTTL = CarbonInterval::days(2);
$authServer = new AuthorizationServer(
$clientsRepo,

20
api/components/OAuth2/Entities/AccessTokenEntity.php
View File

@@ -4,6 +4,8 @@ declare(strict_types=1);
namespace api\components\OAuth2\Entities;
use api\components\OAuth2\Repositories\PublicScopeRepository;
use api\rbac\Permissions;
use Carbon\CarbonImmutable;
use DateTimeImmutable;
use League\OAuth2\Server\CryptKeyInterface;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
@@ -43,8 +45,22 @@ class AccessTokenEntity implements AccessTokenEntityInterface {
}
public function getExpiryDateTime(): DateTimeImmutable {
// TODO: extend token life depending on scopes list
return $this->parentGetExpiryDateTime();
$expiryTime = $this->parentGetExpiryDateTime();
if ($this->hasScope(PublicScopeRepository::CHANGE_SKIN) || $this->hasScope(Permissions::OBTAIN_ACCOUNT_EMAIL)) {
$expiryTime = min($expiryTime, CarbonImmutable::now()->addHour());
}
return $expiryTime;
}
private function hasScope(string $scopeIdentifier): bool {
foreach ($this->getScopes() as $scope) {
if ($scope->getIdentifier() === $scopeIdentifier) {
return true;
}
}
return false;
}
}

2
api/components/OAuth2/Repositories/PublicScopeRepository.php
View File

@@ -12,8 +12,8 @@ use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
class PublicScopeRepository implements ScopeRepositoryInterface {
public const OFFLINE_ACCESS = 'offline_access';
public const CHANGE_SKIN = 'change_skin';
private const CHANGE_SKIN = 'change_skin';
private const ACCOUNT_INFO = 'account_info';
private const ACCOUNT_EMAIL = 'account_email';