ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-02-08 09:46:13 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop'

Browse Source
This commit is contained in:
ErickSkrauch 2018-01-01 23:35:10 +03:00
commit fa3b8f1cd8
83 changed files with 1338 additions and 426 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env-dist
View File

@ -2,6 +2,7 @@
## Env приложения
YII_DEBUG=true
YII_ENV=dev
DOMAIN=https://account.ely.by
## Параметры, отвечающие за безопасность
JWT_USER_SECRET=
@ -35,6 +36,12 @@ RABBITMQ_USER=ely-accounts-app
RABBITMQ_PASS=ely-accounts-app-password
RABBITMQ_VHOST=/ely.by
## Параметры Statsd
STATSD_HOST=statsd.ely.by
STATSD_PORT=8125
# This value can be blank
STATSD_NAMESPACE=
## Конфигурация для Dev.
XDEBUG_CONFIG=remote_host=10.254.254.254
PHP_IDE_CONFIG=serverName=docker

19
.gitlab-ci.yml
View File

@ -9,7 +9,7 @@ variables:
test:backend:
image: docker:latest
services:
- mariadb:10.0
- mariadb:10.2.11
- redis:3.0-alpine
variables:
# mariadb config
@ -39,17 +39,24 @@ test:backend:
php vendor/bin/codecept run -c tests
test:frontend:
image: node:8.2.1
image: node:9.2.1-alpine
stage: test
cache:
paths:
- frontend/node_modules
before_script:
# Enable SSL support for wget
- apk add --update openssl
# https://github.com/facebook/flow/issues/3649#issuecomment-308070179
- wget -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
- wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.25-r0/glibc-2.25-r0.apk
- apk add glibc-2.25-r0.apk
script:
- cd frontend
- npm run build:install --silent
- npm run lint --silent
# - npm run flow --silent # disabled due to missing libelf.so.1 in docker container
- npm run test --silent
- yarn run build:install
- yarn run lint
- yarn flow
- yarn test
build:production:
image: docker:latest

17
Dockerfile
View File

@ -1,4 +1,4 @@
FROM registry.ely.by/elyby/accounts-php:1.5.1
FROM registry.ely.by/elyby/accounts-php:1.6.0
# bootstrap скрипт для проекта
COPY docker/php/bootstrap.sh /bootstrap.sh
@ -21,7 +21,7 @@ COPY ./composer.json /var/www/composer.json
# Устанавливаем зависимости PHP
RUN cd .. \
&& composer install --no-interaction --no-suggest --no-dev --classmap-authoritative \
&& composer install --no-interaction --no-suggest --no-dev --optimize-autoloader \
&& cd -
# Устанавливаем зависимости для Node.js
@ -30,11 +30,12 @@ RUN cd .. \
RUN mkdir -p /var/www/frontend
COPY ./frontend/package.json /var/www/frontend/
COPY ./frontend/yarn.lock /var/www/frontend/
COPY ./frontend/scripts /var/www/frontend/scripts
COPY ./frontend/webpack-utils /var/www/frontend/webpack-utils
RUN cd ../frontend \
&& npm run build:install \
RUN cd /var/www/frontend \
&& yarn run build:install \
&& cd -
# Удаляем ключи из production контейнера на всякий случай
@ -43,12 +44,10 @@ RUN rm -rf /root/.ssh
# Наконец переносим все сорцы внутрь контейнера
COPY . /var/www/html
RUN mkdir -p api/runtime api/web/assets console/runtime \
&& chown www-data:www-data api/runtime api/web/assets console/runtime \
# Билдим фронт
&& cd frontend \
# Билдим фронт
RUN cd frontend \
&& ln -s /var/www/frontend/node_modules $PWD/node_modules \
&& npm run build:quiet \
&& yarn run build:quiet \
&& rm node_modules \
# Копируем билд наружу, чтобы его не затёрло volume в dev режиме
&& cp -r ./dist /var/www/dist \

15
Dockerfile-dev
View File

@ -1,4 +1,4 @@
FROM registry.ely.by/elyby/accounts-php:1.5.1-dev
FROM registry.ely.by/elyby/accounts-php:1.6.0-dev
# bootstrap скрипт для проекта
COPY docker/php/bootstrap.sh /bootstrap.sh
@ -30,22 +30,21 @@ RUN cd .. \
RUN mkdir -p /var/www/frontend
COPY ./frontend/package.json /var/www/frontend/
COPY ./frontend/yarn.lock /var/www/frontend/
COPY ./frontend/scripts /var/www/frontend/scripts
COPY ./frontend/webpack-utils /var/www/frontend/webpack-utils
RUN cd ../frontend \
&& npm run build:install \
RUN cd /var/www/frontend \
&& yarn run build:install \
&& cd -
# Наконец переносим все сорцы внутрь контейнера
COPY . /var/www/html
RUN mkdir -p api/runtime api/web/assets console/runtime \
&& chown www-data:www-data api/runtime api/web/assets console/runtime \
# Билдим фронт
&& cd frontend \
# Билдим фронт
RUN cd frontend \
&& ln -s /var/www/frontend/node_modules $PWD/node_modules \
&& npm run build:quiet \
&& yarn run build:quiet \
&& rm node_modules \
# Копируем билд наружу, чтобы его не затёрло volume в dev режиме
&& cp -r ./dist /var/www/dist \

15
api/aop/AspectKernel.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace api\aop;
use api\aop\aspects;
use Go\Core\AspectContainer;
use Go\Core\AspectKernel as BaseAspectKernel;
class AspectKernel extends BaseAspectKernel {
protected function configureAop(AspectContainer $container): void {
$container->registerAspect(new aspects\MockDataAspect());
$container->registerAspect(new aspects\CollectMetricsAspect());
}
}

19
api/aop/annotations/CollectModelMetrics.php Normal file
View File

@ -0,0 +1,19 @@
<?php
namespace api\aop\annotations;
use Doctrine\Common\Annotations\Annotation;
use Doctrine\Common\Annotations\Annotation\Required;
/**
* @Annotation
* @Target("METHOD")
*/
class CollectModelMetrics {
/**
* @Required()
* @var string задаёт префикс для отправки метрик. Задаётся без ведущей и без завершающей точки.
*/
public $prefix = '';
}

41
api/aop/aspects/CollectMetricsAspect.php Normal file
View File

@ -0,0 +1,41 @@
<?php
namespace api\aop\aspects;
use api\aop\annotations\CollectModelMetrics;
use Go\Aop\Aspect;
use Go\Aop\Intercept\MethodInvocation;
use Go\Lang\Annotation\Around;
use Yii;
class CollectMetricsAspect implements Aspect {
/**
* @param MethodInvocation $invocation Invocation
* @Around("@execution(api\aop\annotations\CollectModelMetrics)")
*/
public function sendMetrics(MethodInvocation $invocation) {
/** @var CollectModelMetrics $annotation */
$annotation = $invocation->getMethod()->getAnnotation(CollectModelMetrics::class);
$prefix = trim($annotation->prefix, '.');
Yii::$app->statsd->inc($prefix . '.attempt');
$result = $invocation->proceed();
if ($result !== false) {
Yii::$app->statsd->inc($prefix . '.success');
return $result;
}
/** @var \yii\base\Model $model */
$model = $invocation->getThis();
$errors = array_values($model->getFirstErrors());
if (!isset($errors[0])) {
Yii::error('Unsuccess result with empty errors list');
return false;
}
Yii::$app->statsd->inc($prefix . '.' . $errors[0]);
return false;
}
}

177
api/aop/aspects/MockDataAspect.php Normal file
View File

@ -0,0 +1,177 @@
<?php
namespace api\aop\aspects;
use Go\Aop\Aspect;
use Go\Aop\Intercept\MethodInvocation;
use Go\Lang\Annotation\Around;
use Yii;
use yii\web\Request;
class MockDataAspect implements Aspect {
/**
* @param MethodInvocation $invocation Invocation
* @Around("execution(public api\controllers\SignupController->actionIndex(*))")
*/
public function beforeSignup(MethodInvocation $invocation) {
$email = $this->getRequest()->post('email');
if ($email === 'let-me-register@ely.by') {
return ['success' => true];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\controllers\SignupController->actionRepeatMessage(*))")
*/
public function beforeRepeatMessage(MethodInvocation $invocation) {
$email = $this->getRequest()->post('email');
if ($email === 'let-me-register@ely.by' || $email === 'let-me-repeat@ely.by') {
return ['success' => true];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\controllers\SignupController->actionConfirm(*))")
*/
public function beforeSignupConfirm(MethodInvocation $invocation) {
$email = $this->getRequest()->post('key');
if ($email === 'LETMEIN') {
return [
'success' => true,
'access_token' => 'dummy_token',
'expires_in' => time() + 60,
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\controllers\AuthenticationController->actionForgotPassword(*))")
*/
public function beforeForgotPassword(MethodInvocation $invocation) {
$login = $this->getRequest()->post('login');
if ($login === 'let-me-recover@ely.by') {
return [
'success' => true,
'data' => [
'canRepeatIn' => time() + 60,
'repeatFrequency' => 60,
],
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\controllers\AuthenticationController->actionRecoverPassword(*))")
*/
public function beforeRecoverPassword(MethodInvocation $invocation) {
$key = $this->getRequest()->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
'access_token' => 'dummy_token',
'expires_in' => time() + 60,
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\modules\accounts\controllers\DefaultController->actionGet(*))")
*/
public function beforeAccountGet(MethodInvocation $invocation) {
$httpAuth = $this->getRequest()->getHeaders()->get('authorization');
if ($httpAuth === 'Bearer dummy_token') {
return [
'id' => 1,
'uuid' => 'f63cd5e1-680f-4c2d-baa2-cc7bb174b71a',
'username' => 'dummy',
'isOtpEnabled' => false,
'registeredAt' => time(),
'lang' => 'en',
'elyProfileLink' => 'http://ely.by/u1',
'email' => 'let-me-register@ely.by',
'isActive' => true,
'passwordChangedAt' => time(),
'hasMojangUsernameCollision' => false,
'shouldAcceptRules' => false,
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\modules\accounts\actions\EmailVerificationAction->run(*))")
*/
public function beforeAccountEmailVerification(MethodInvocation $invocation) {
$httpAuth = $this->getRequest()->getHeaders()->get('authorization');
if ($httpAuth === 'Bearer dummy_token') {
$password = $this->getRequest()->post('password');
if (empty($password)) {
return [
'success' => false,
'errors' => [
'password' => 'error.password_required',
],
];
}
return [
'success' => true,
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\modules\accounts\actions\NewEmailVerificationAction->run(*))")
*/
public function beforeAccountNewEmailVerification(MethodInvocation $invocation) {
$key = $this->getRequest()->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
];
}
return $invocation->proceed();
}
/**
* @param MethodInvocation $invocation
* @Around("execution(public api\modules\accounts\actions\ChangeEmailAction->run(*))")
*/
public function beforeAccountChangeEmail(MethodInvocation $invocation) {
$key = $this->getRequest()->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
'email' => 'brand-new-email@ely.by',
];
}
return $invocation->proceed();
}
private function getRequest(): Request {
return Yii::$app->getRequest();
}
}

174
api/components/TestData.php
View File

@ -1,174 +0,0 @@
<?php
namespace api\components;
use Closure;
use Yii;
use yii\base\ActionEvent;
use yii\helpers\Json;
use yii\web\Request;
class TestData {
private const MAP = [
'signup/index' => 'beforeSignup',
'signup/repeat-message' => 'beforeRepeatMessage',
'signup/confirm' => 'beforeSignupConfirm',
'authentication/forgot-password' => 'beforeForgotPassword',
'authentication/recover-password' => 'beforeRecoverPassword',
'default/get' => 'beforeAccountGet',
'default/email-verification' => 'beforeAccountEmailVerification',
'default/new-email-verification' => 'beforeAccountNewEmailVerification',
'default/email' => 'beforeAccountChangeEmail',
];
public static function getInstance(): callable {
return Closure::fromCallable([new static(), 'beforeAction']);
}
public function beforeAction(ActionEvent $event): void {
$id = $event->action->controller->id . '/' . $event->action->id;
if (!isset(self::MAP[$id])) {
return;
}
$handler = self::MAP[$id];
$request = Yii::$app->request;
$response = Yii::$app->response;
$result = $this->$handler($request, $response);
if ($result === null) {
return;
}
$response->content = Json::encode($result);
// Prevent request execution
$event->isValid = false;
$event->handled = true;
}
public function beforeSignup(Request $request): ?array {
$email = $request->post('email');
if ($email === 'let-me-register@ely.by') {
return ['success' => true];
}
return null;
}
public function beforeRepeatMessage(Request $request): ?array {
$email = $request->post('email');
if ($email === 'let-me-register@ely.by' || $email === 'let-me-repeat@ely.by') {
return ['success' => true];
}
return null;
}
public function beforeSignupConfirm(Request $request): ?array {
$email = $request->post('key');
if ($email === 'LETMEIN') {
return [
'success' => true,
'access_token' => 'dummy_token',
'expires_in' => time() + 60,
];
}
return null;
}
public function beforeForgotPassword(Request $request): ?array {
$login = $request->post('login');
if ($login === 'let-me-recover@ely.by') {
return [
'success' => true,
'data' => [
'canRepeatIn' => time() + 60,
'repeatFrequency' => 60,
],
];
}
return null;
}
public function beforeRecoverPassword(Request $request): ?array {
$key = $request->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
'access_token' => 'dummy_token',
'expires_in' => time() + 60,
];
}
return null;
}
public function beforeAccountGet(Request $request): ?array {
$httpAuth = $request->getHeaders()->get('authorization');
if ($httpAuth === 'Bearer dummy_token') {
return [
'id' => 1,
'uuid' => 'f63cd5e1-680f-4c2d-baa2-cc7bb174b71a',
'username' => 'dummy',
'isOtpEnabled' => false,
'registeredAt' => time(),
'lang' => 'en',
'elyProfileLink' => 'http://ely.by/u1',
'email' => 'let-me-register@ely.by',
'isActive' => true,
'passwordChangedAt' => time(),
'hasMojangUsernameCollision' => false,
'shouldAcceptRules' => false,
];
}
return null;
}
public function beforeAccountEmailVerification(Request $request): ?array {
$httpAuth = $request->getHeaders()->get('authorization');
if ($httpAuth === 'Bearer dummy_token') {
$password = $request->post('password');
if (empty($password)) {
return [
'success' => false,
'errors' => [
'password' => 'error.password_required',
],
];
}
return [
'success' => true,
];
}
return null;
}
public function beforeAccountNewEmailVerification(Request $request): ?array {
$key = $request->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
];
}
return null;
}
public function beforeAccountChangeEmail(Request $request): ?array {
$key = $request->post('key');
if ($key === 'LETMEIN') {
return [
'success' => true,
'email' => 'brand-new-email@ely.by',
];
}
return null;
}
}

29
api/components/User/Component.php
View File

@ -17,6 +17,7 @@ use Emarref\Jwt\Verification\Context as VerificationContext;
use Exception;
use Yii;
use yii\base\InvalidConfigException;
use yii\web\UnauthorizedHttpException;
use yii\web\User as YiiUserComponent;
/**
@ -28,11 +29,11 @@ use yii\web\User as YiiUserComponent;
*/
class Component extends YiiUserComponent {
const KEEP_MINECRAFT_SESSIONS = 1;
const KEEP_SITE_SESSIONS = 2;
const KEEP_CURRENT_SESSION = 4;
public const KEEP_MINECRAFT_SESSIONS = 1;
public const KEEP_SITE_SESSIONS = 2;
public const KEEP_CURRENT_SESSION = 4;
const JWT_SUBJECT_PREFIX = 'ely|';
public const JWT_SUBJECT_PREFIX = 'ely|';
public $enableSession = false;
@ -59,7 +60,7 @@ class Component extends YiiUserComponent {
}
public function findIdentityByAccessToken($accessToken): ?IdentityInterface {
if ($accessToken === null) {
if (empty($accessToken)) {
return null;
}
@ -67,10 +68,13 @@ class Component extends YiiUserComponent {
$identityClass = $this->identityClass;
try {
return $identityClass::findIdentityByAccessToken($accessToken);
} catch (UnauthorizedHttpException $e) {
// Do nothing. It's okay to catch this.
} catch (Exception $e) {
Yii::error($e);
return null;
}
return null;
}
public function createJwtAuthenticationToken(Account $account, bool $rememberMe): AuthenticationResult {
@ -127,14 +131,14 @@ class Component extends YiiUserComponent {
public function parseToken(string $jwtString): Token {
$token = &self::$parsedTokensCache[$jwtString];
if ($token === null) {
$hostInfo = Yii::$app->request->hostInfo;
$jwt = new Jwt();
$notVerifiedToken = $jwt->deserialize($jwtString);
try {
$notVerifiedToken = $jwt->deserialize($jwtString);
} catch (Exception $e) {
throw new VerificationException('Incorrect token encoding', 0, $e);
}
$context = new VerificationContext(EncryptionFactory::create($this->getAlgorithm()));
$context->setAudience($hostInfo);
$context->setIssuer($hostInfo);
$context->setSubject(self::JWT_SUBJECT_PREFIX);
$jwt->verify($notVerifiedToken, $context);
@ -223,12 +227,9 @@ class Component extends YiiUserComponent {
*/
protected function getClaims(Account $account): array {
$currentTime = new DateTime();
$hostInfo = Yii::$app->request->hostInfo;
return [
new ScopesClaim([R::ACCOUNTS_WEB_USER]),
new Claim\Audience($hostInfo),
new Claim\Issuer($hostInfo),
new Claim\IssuedAt($currentTime),
new Claim\Expiration($currentTime->add(new DateInterval($this->expirationTimeout))),
new Claim\Subject(self::JWT_SUBJECT_PREFIX . $account->id),

7
api/components/User/IdentityInterface.php
View File

@ -5,6 +5,13 @@ use common\models\Account;
interface IdentityInterface extends \yii\web\IdentityInterface {
/**
* @param string $token
* @param string $type
*
* @throws \yii\web\UnauthorizedHttpException
* @return IdentityInterface
*/
public static function findIdentityByAccessToken($token, $type = null): IdentityInterface;
/**

4
api/components/User/JwtIdentity.php
View File

@ -4,7 +4,6 @@ namespace api\components\User;
use common\models\Account;
use Emarref\Jwt\Claim\Subject;
use Emarref\Jwt\Exception\ExpiredException;
use Emarref\Jwt\Exception\InvalidSubjectException;
use Emarref\Jwt\Token;
use Exception;
use Yii;
@ -29,8 +28,7 @@ class JwtIdentity implements IdentityInterface {
$component = Yii::$app->user;
try {
$token = $component->parseToken($rawToken);
} catch (ExpiredException | InvalidSubjectException $e) {
// InvalidSubjectException is temporary solution and should be removed in the next release
} catch (ExpiredException $e) {
throw new UnauthorizedHttpException('Token expired');
} catch (Exception $e) {
Yii::error($e);

1
api/config/config.php
View File

@ -87,5 +87,4 @@ return [
'internal' => api\modules\internal\Module::class,
'accounts' => api\modules\accounts\Module::class,
],
'on beforeAction' => api\components\TestData::getInstance(),
];

10
api/models/OauthProcess.php
View File

@ -87,6 +87,7 @@ class OauthProcess {
*/
public function complete(): array {
try {
Yii::$app->statsd->inc('oauth.complete.attempt');
$grant = $this->getAuthorizationCodeGrant();
$authParams = $grant->checkAuthorizeParams();
$account = Yii::$app->user->identity->getAccount();
@ -94,6 +95,7 @@ class OauthProcess {
$clientModel = OauthClient::findOne($authParams->getClient()->getId());
if (!$this->canAutoApprove($account, $clientModel, $authParams)) {
Yii::$app->statsd->inc('oauth.complete.approve_required');
$isAccept = Yii::$app->request->post('accept');
if ($isAccept === null) {
throw new AcceptRequiredException();
@ -109,7 +111,12 @@ class OauthProcess {
'success' => true,
'redirectUri' => $redirectUri,
];
Yii::$app->statsd->inc('oauth.complete.success');
} catch (OAuthException $e) {
if (!$e instanceof AcceptRequiredException) {
Yii::$app->statsd->inc('oauth.complete.fail');
}
$response = $this->buildErrorResponse($e);
}
@ -139,8 +146,11 @@ class OauthProcess {
*/
public function getToken(): array {
try {
Yii::$app->statsd->inc('oauth.issueToken.attempt');
$response = $this->server->issueAccessToken();
Yii::$app->statsd->inc('oauth.issueToken.success');
} catch (OAuthException $e) {
Yii::$app->statsd->inc('oauth.issueToken.fail');
Yii::$app->response->statusCode = $e->httpStatusCode;
$response = [
'error' => $e->errorType,

2
api/models/authentication/ConfirmEmailForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
use api\modules\accounts\models\ChangeUsernameForm;
use api\validators\EmailActivationKeyValidator;
@ -20,6 +21,7 @@ class ConfirmEmailForm extends ApiForm {
}
/**
* @CollectModelMetrics(prefix="signup.confirmEmail")
* @return \api\components\User\AuthenticationResult|bool
* @throws ErrorException
*/

11
api/models/authentication/ForgotPasswordForm.php
View File

@ -1,15 +1,17 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\components\ReCaptcha\Validator as ReCaptchaValidator;
use api\models\base\ApiForm;
use common\emails\EmailHelper;
use common\helpers\Error as E;
use api\traits\AccountFinder;
use common\components\UserFriendlyRandomKey;
use common\models\Account;
use common\models\confirmations\ForgotPassword;
use common\models\EmailActivation;
use common\tasks\SendPasswordRecoveryEmail;
use Yii;
use yii\base\ErrorException;
class ForgotPasswordForm extends ApiForm {
@ -55,6 +57,11 @@ class ForgotPasswordForm extends ApiForm {
}
}
/**
* @CollectModelMetrics(prefix="authentication.forgotPassword")
* @return bool
* @throws ErrorException
*/
public function forgotPassword() {
if (!$this->validate()) {
return false;
@ -74,7 +81,7 @@ class ForgotPasswordForm extends ApiForm {
throw new ErrorException('Cannot create email activation for forgot password form');
}
EmailHelper::forgotPassword($emailActivation);
Yii::$app->queue->push(SendPasswordRecoveryEmail::createFromConfirmation($emailActivation));
return true;
}

2
api/models/authentication/LoginForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
use api\validators\TotpValidator;
use common\helpers\Error as E;
@ -87,6 +88,7 @@ class LoginForm extends ApiForm {
}
/**
* @CollectModelMetrics(prefix="authentication.login")
* @return \api\components\User\AuthenticationResult|bool
*/
public function login() {

8
api/models/authentication/LogoutForm.php
View File

@ -1,12 +1,18 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
use Yii;
class LogoutForm extends ApiForm {
/**
* @CollectModelMetrics(prefix="authentication.logout")
* @return bool
*/
public function logout() : bool {
$component = \Yii::$app->user;
$component = Yii::$app->user;
$session = $component->getActiveSession();
if ($session === null) {
return true;

2
api/models/authentication/RecoverPasswordForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Error as E;
@ -36,6 +37,7 @@ class RecoverPasswordForm extends ApiForm {
}
/**
* @CollectModelMetrics(prefix="authentication.recoverPassword")
* @return \api\components\User\AuthenticationResult|bool
* @throws ErrorException
*/

2
api/models/authentication/RefreshTokenForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
use common\helpers\Error as E;
use common\models\AccountSession;
@ -32,6 +33,7 @@ class RefreshTokenForm extends ApiForm {
}
/**
* @CollectModelMetrics(prefix="authentication.renew")
* @return \api\components\User\AuthenticationResult|bool
*/
public function renew() {

6
api/models/authentication/RegistrationForm.php
View File

@ -1,14 +1,15 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\components\ReCaptcha\Validator as ReCaptchaValidator;
use common\emails\EmailHelper;
use api\models\base\ApiForm;
use common\helpers\Error as E;
use common\components\UserFriendlyRandomKey;
use common\models\Account;
use common\models\confirmations\RegistrationConfirmation;
use common\models\UsernameHistory;
use common\tasks\SendRegistrationEmail;
use common\validators\EmailValidator;
use common\validators\LanguageValidator;
use common\validators\PasswordValidator;
@ -63,6 +64,7 @@ class RegistrationForm extends ApiForm {
}
/**
* @CollectModelMetrics(prefix="signup.register")
* @return Account|null the saved model or null if saving fails
* @throws Exception
*/
@ -102,7 +104,7 @@ class RegistrationForm extends ApiForm {
throw new ErrorException('Cannot save username history record');
}
EmailHelper::registration($emailActivation);
Yii::$app->queue->push(SendRegistrationEmail::createFromConfirmation($emailActivation));
$transaction->commit();
} catch (Exception $e) {

41
api/models/authentication/RepeatAccountActivationForm.php
View File

@ -1,16 +1,17 @@
<?php
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\components\ReCaptcha\Validator as ReCaptchaValidator;
use common\emails\EmailHelper;
use api\exceptions\ThisShouldNotHappenException;
use api\models\base\ApiForm;
use common\helpers\Error as E;
use common\components\UserFriendlyRandomKey;
use common\models\Account;
use common\models\confirmations\RegistrationConfirmation;
use common\models\EmailActivation;
use common\tasks\SendRegistrationEmail;
use Yii;
use yii\base\ErrorException;
class RepeatAccountActivationForm extends ApiForm {
@ -53,6 +54,10 @@ class RepeatAccountActivationForm extends ApiForm {
}
}
/**
* @CollectModelMetrics(prefix="signup.repeatEmail")
* @return bool
*/
public function sendRepeatMessage() {
if (!$this->validate()) {
return false;
@ -60,27 +65,25 @@ class RepeatAccountActivationForm extends ApiForm {
$account = $this->getAccount();
$transaction = Yii::$app->db->beginTransaction();
try {
EmailActivation::deleteAll([
'account_id' => $account->id,
'type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION,
]);
$activation = new RegistrationConfirmation();
$activation->account_id = $account->id;
$activation->key = UserFriendlyRandomKey::make();
if (!$activation->save()) {
throw new ErrorException('Unable save email-activation model.');
}
EmailActivation::deleteAll([
'account_id' => $account->id,
'type' => EmailActivation::TYPE_REGISTRATION_EMAIL_CONFIRMATION,
]);
EmailHelper::registration($activation);
$transaction->commit();
} catch (ErrorException $e) {
$transaction->rollBack();
throw $e;
$activation = new RegistrationConfirmation();
$activation->account_id = $account->id;
$activation->key = UserFriendlyRandomKey::make();
if (!$activation->save()) {
throw new ThisShouldNotHappenException('Unable save email-activation model.');
}
$this->emailActivation = $activation;
Yii::$app->queue->push(SendRegistrationEmail::createFromConfirmation($activation));
$transaction->commit();
return true;
}

3
api/modules/accounts/actions/BaseAccountAction.php
View File

@ -9,7 +9,8 @@ use yii\web\NotFoundHttpException;
abstract class BaseAccountAction extends Action {
final public function run(int $id): array {
// TODO: вернуть final модификатор метода после того, как в GoAOP добавят поддержку аспектов для final методов
public function run(int $id): array {
$className = $this->getFormClassName();
/** @var AccountActionForm $model */
$model = new $className($this->findAccount($id));

4
api/modules/accounts/models/AcceptRulesForm.php
View File

@ -1,11 +1,15 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use yii\base\ErrorException;
use const \common\LATEST_RULES_VERSION;
class AcceptRulesForm extends AccountActionForm {
/**
* @CollectModelMetrics(prefix="accounts.acceptRules")
*/
public function performAction(): bool {
$account = $this->getAccount();
$account->rules_agreement_version = LATEST_RULES_VERSION;

4
api/modules/accounts/models/ChangeEmailForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\validators\EmailActivationKeyValidator;
use common\helpers\Amqp;
use common\models\amqp\EmailChanged;
@ -19,6 +20,9 @@ class ChangeEmailForm extends AccountActionForm {
];
}
/**
* @CollectModelMetrics(prefix="accounts.changeEmail")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

4
api/modules/accounts/models/ChangeLanguageForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\exceptions\ThisShouldNotHappenException;
use common\validators\LanguageValidator;
@ -15,6 +16,9 @@ class ChangeLanguageForm extends AccountActionForm {
];
}
/**
* @CollectModelMetrics(prefix="accounts.switchLanguage")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

4
api/modules/accounts/models/ChangePasswordForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\components\User\Component;
use api\exceptions\ThisShouldNotHappenException;
use api\validators\PasswordRequiredValidator;
@ -43,6 +44,9 @@ class ChangePasswordForm extends AccountActionForm {
}
}
/**
* @CollectModelMetrics(prefix="accounts.changePassword")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

4
api/modules/accounts/models/ChangeUsernameForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\exceptions\ThisShouldNotHappenException;
use api\validators\PasswordRequiredValidator;
use common\helpers\Amqp;
@ -26,6 +27,9 @@ class ChangeUsernameForm extends AccountActionForm {
];
}
/**
* @CollectModelMetrics(prefix="accounts.changeUsername")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

4
api/modules/accounts/models/DisableTwoFactorAuthForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\exceptions\ThisShouldNotHappenException;
use api\validators\PasswordRequiredValidator;
use api\validators\TotpValidator;
@ -21,6 +22,9 @@ class DisableTwoFactorAuthForm extends AccountActionForm {
];
}
/**
* @CollectModelMetrics(prefix="accounts.disableTwoFactorAuth")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

6
api/modules/accounts/models/EnableTwoFactorAuthForm.php
View File

@ -1,6 +1,7 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\components\User\Component;
use api\exceptions\ThisShouldNotHappenException;
use api\validators\PasswordRequiredValidator;
@ -18,11 +19,14 @@ class EnableTwoFactorAuthForm extends AccountActionForm {
return [
['account', 'validateOtpDisabled'],
['totp', 'required', 'message' => E::TOTP_REQUIRED],
['totp', TotpValidator::class, 'account' => $this->getAccount()],
['totp', TotpValidator::class, 'account' => $this->getAccount(), 'window' => 2],
['password', PasswordRequiredValidator::class, 'account' => $this->getAccount()],
];
}
/**
* @CollectModelMetrics(prefix="accounts.enableTwoFactorAuth")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;

8
api/modules/accounts/models/SendEmailVerificationForm.php
View File

@ -1,12 +1,13 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\exceptions\ThisShouldNotHappenException;
use common\emails\EmailHelper;
use api\validators\PasswordRequiredValidator;
use common\helpers\Error as E;
use common\models\confirmations\CurrentEmailConfirmation;
use common\models\EmailActivation;
use common\tasks\SendCurrentEmailConfirmation;
use Yii;
class SendEmailVerificationForm extends AccountActionForm {
@ -34,6 +35,9 @@ class SendEmailVerificationForm extends AccountActionForm {
}
}
/**
* @CollectModelMetrics(prefix="accounts.sendEmailVerification")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;
@ -44,7 +48,7 @@ class SendEmailVerificationForm extends AccountActionForm {
$this->removeOldCode();
$activation = $this->createCode();
EmailHelper::changeEmailConfirmCurrent($activation);
Yii::$app->queue->push(SendCurrentEmailConfirmation::createFromConfirmation($activation));
$transaction->commit();

8
api/modules/accounts/models/SendNewEmailVerificationForm.php
View File

@ -1,11 +1,12 @@
<?php
namespace api\modules\accounts\models;
use api\aop\annotations\CollectModelMetrics;
use api\exceptions\ThisShouldNotHappenException;
use common\emails\EmailHelper;
use api\validators\EmailActivationKeyValidator;
use common\models\confirmations\NewEmailConfirmation;
use common\models\EmailActivation;
use common\tasks\SendNewEmailConfirmation;
use common\validators\EmailValidator;
use Yii;
@ -22,6 +23,9 @@ class SendNewEmailVerificationForm extends AccountActionForm {
];
}
/**
* @CollectModelMetrics(prefix="accounts.sendNewEmailVerification")
*/
public function performAction(): bool {
if (!$this->validate()) {
return false;
@ -35,7 +39,7 @@ class SendNewEmailVerificationForm extends AccountActionForm {
$activation = $this->createCode();
EmailHelper::changeEmailConfirmNew($activation);
Yii::$app->queue->push(SendNewEmailConfirmation::createFromConfirmation($activation));
$transaction->commit();

12
api/modules/session/models/HasJoinedForm.php
View File

@ -6,6 +6,7 @@ use api\modules\session\exceptions\IllegalArgumentException;
use api\modules\session\models\protocols\HasJoinedInterface;
use api\modules\session\Module as Session;
use common\models\Account;
use Yii;
use yii\base\ErrorException;
use yii\base\Model;
@ -19,6 +20,7 @@ class HasJoinedForm extends Model {
}
public function hasJoined(): Account {
Yii::$app->statsd->inc('sessionserver.hasJoined.attempt');
if (!$this->protocol->validate()) {
throw new IllegalArgumentException();
}
@ -26,13 +28,12 @@ class HasJoinedForm extends Model {
$serverId = $this->protocol->getServerId();
$username = $this->protocol->getUsername();
Session::info(
"Server with server_id = '{$serverId}' trying to verify has joined user with username = '{$username}'."
);
Session::info("Server with server_id = '{$serverId}' trying to verify has joined user with username = '{$username}'.");
$joinModel = SessionModel::find($username, $serverId);
if ($joinModel === null) {
Session::error("Not found join operation for username = '{$username}'.");
Yii::$app->statsd->inc('sessionserver.hasJoined.fail_no_join');
throw new ForbiddenOperationException('Invalid token.');
}
@ -42,9 +43,8 @@ class HasJoinedForm extends Model {
throw new ErrorException('Account must exists');
}
Session::info(
"User with username = '{$username}' successfully verified by server with server_id = '{$serverId}'."
);
Session::info("User with username = '{$username}' successfully verified by server with server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.hasJoined.success');
return $account;
}

24
api/modules/session/models/JoinForm.php
View File

@ -53,6 +53,7 @@ class JoinForm extends Model {
$serverId = $this->serverId;
$accessToken = $this->accessToken;
Session::info("User with access_token = '{$accessToken}' trying join to server with server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.join.attempts');
if (!$this->validate()) {
return false;
}
@ -63,10 +64,8 @@ class JoinForm extends Model {
throw new ErrorException('Cannot save join session model');
}
Session::info(
"User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to " .
"server_id = '{$serverId}'."
);
Session::info("User with access_token = '{$accessToken}' and nickname = '{$account->username}' successfully joined to server_id = '{$serverId}'.");
Yii::$app->statsd->inc('sessionserver.join.success');
return true;
}
@ -97,9 +96,11 @@ class JoinForm extends Model {
/** @var MinecraftAccessKey|null $accessModel */
$accessModel = MinecraftAccessKey::findOne($accessToken);
if ($accessModel !== null) {
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol');
/** @var MinecraftAccessKey|\api\components\OAuth2\Entities\AccessTokenEntity $accessModel */
if ($accessModel->isExpired()) {
Session::error("User with access_token = '{$accessToken}' failed join by expired access_token.");
Yii::$app->statsd->inc('sessionserver.authentication.legacy_minecraft_protocol_token_expired');
throw new ForbiddenOperationException('Expired access_token.');
}
@ -113,11 +114,14 @@ class JoinForm extends Model {
if ($identity === null) {
Session::error("User with access_token = '{$accessToken}' failed join by wrong access_token.");
Yii::$app->statsd->inc('sessionserver.join.fail_wrong_token');
throw new ForbiddenOperationException('Invalid access_token.');
}
Yii::$app->statsd->inc('sessionserver.authentication.oauth2');
if (!Yii::$app->user->can(P::MINECRAFT_SERVER_SESSION)) {
Session::error("User with access_token = '{$accessToken}' doesn't have enough scopes to make join.");
Yii::$app->statsd->inc('sessionserver.authentication.oauth2_not_enough_scopes');
throw new ForbiddenOperationException('The token does not have required scope.');
}
@ -127,18 +131,14 @@ class JoinForm extends Model {
$selectedProfile = $this->selectedProfile;
$isUuid = StringHelper::isUuid($selectedProfile);
if ($isUuid && $account->uuid !== $this->normalizeUUID($selectedProfile)) {
Session::error(
"User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
" but access_token issued to account with id = '{$account->uuid}'."
);
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with id = '{$account->uuid}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_uuid_mismatch');
throw new ForbiddenOperationException('Wrong selected_profile.');
}
if (!$isUuid && mb_strtolower($account->username) !== mb_strtolower($selectedProfile)) {
Session::error(
"User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}'," .
" but access_token issued to account with username = '{$account->username}'."
);
Session::error("User with access_token = '{$accessToken}' trying to join with identity = '{$selectedProfile}', but access_token issued to account with username = '{$account->username}'.");
Yii::$app->statsd->inc('sessionserver.join.fail_username_mismatch');
throw new ForbiddenOperationException('Invalid credentials');
}

2
api/validators/TotpValidator.php
View File

@ -20,7 +20,7 @@ class TotpValidator extends Validator {
* @var int|null Задаёт окно, в промежуток которого будет проверяться код.
* Позволяет избежать ситуации, когда пользователь ввёл код в последнюю секунду
* его существования и пока шёл запрос, тот протух.
* Значение задаётся в +- кодах, а не секундах.
* Значение задаётся в +- периодах, а не секундах.
*/
public $window;

29
api/web/index.php
View File

@ -1,14 +1,37 @@
<?php
use api\aop\AspectKernel;
use common\config\ConfigLoader;
use yii\web\Application;
$time = microtime(true);
require __DIR__ . '/../../vendor/autoload.php';
defined('YII_DEBUG') or define('YII_DEBUG', in_array(getenv('YII_DEBUG'), ['false', '1']));
defined('YII_DEBUG') or define('YII_DEBUG', in_array(getenv('YII_DEBUG'), ['true', '1']));
defined('YII_ENV') or define('YII_ENV', getenv('YII_ENV'));
// Initialize an application aspect container
AspectKernel::getInstance()->init([
'debug' => YII_DEBUG,
'appDir' => __DIR__ . '/../../',
'cacheDir' => __DIR__ . '/../runtime/aspect',
'excludePaths' => [
__DIR__ . '/../runtime/aspect',
__DIR__ . '/../../vendor',
],
]);
require __DIR__ . '/../../vendor/yiisoft/yii2/Yii.php';
spl_autoload_unregister(['Yii', 'autoload']);
require __DIR__ . '/../../common/config/bootstrap.php';
require __DIR__ . '/../config/bootstrap.php';
$config = \common\config\ConfigLoader::load('api');
$config = ConfigLoader::load('api');
$application = new yii\web\Application($config);
$application = new Application($config);
$application->run();
$timeDifference = (microtime(true) - $time) * 1000;
fastcgi_finish_request();
Yii::$app->statsd->time('request.time', $timeDifference);

3
autocompletion.php
View File

@ -16,6 +16,7 @@ class Yii extends \yii\BaseYii {
* Class BaseApplication
* Used for properties that are identical for both WebApplication and ConsoleApplication
*
* @property \yii\db\Connection $unbufferedDb
* @property \yii\swiftmailer\Mailer $mailer
* @property \common\components\Redis\Connection $redis
* @property \common\components\RabbitMQ\Component $amqp
@ -23,6 +24,8 @@ class Yii extends \yii\BaseYii {
* @property \common\components\EmailRenderer $emailRenderer
* @property \mito\sentry\Component $sentry
* @property \api\components\OAuth2\Component $oauth
* @property \common\components\StatsD $statsd
* @property \yii\queue\Queue $queue
*/
abstract class BaseApplication extends yii\base\Application {
}

8
common/components/EmailRenderer.php
View File

@ -29,7 +29,7 @@ class EmailRenderer extends Component {
parent::__construct($config);
if ($this->_baseDomain === null) {
$this->_baseDomain = Yii::$app->request->getHostInfo();
$this->_baseDomain = Yii::$app->urlManager->getHostInfo();
if ($this->_baseDomain === null) {
throw new InvalidConfigException('Cannot automatically obtain base domain');
}
@ -51,7 +51,7 @@ class EmailRenderer extends Component {
* @param string $templateName
* @return TemplateBuilder
*/
public function getTemplate(string $templateName) : TemplateBuilder {
public function getTemplate(string $templateName): TemplateBuilder {
return $this->renderer->getTemplate($templateName);
}
@ -60,11 +60,11 @@ class EmailRenderer extends Component {
* @throws \Ely\Email\RendererException
* @return string
*/
public function render(TemplateBuilder $template) : string {
public function render(TemplateBuilder $template): string {
return $this->renderer->render($template);
}
private function buildBasePath() : string {
private function buildBasePath(): string {
return $this->_baseDomain . $this->basePath;
}

89
common/components/StatsD.php Normal file
View File

@ -0,0 +1,89 @@
<?php
namespace common\components;
use Domnikl\Statsd\Client;
use Domnikl\Statsd\Connection;
use yii\base\Component;
class StatsD extends Component {
/**
* @var string
*/
public $host;
/**
* @var int
*/
public $port = 8125;
/**
* @var string
*/
public $namespace = '';
private $client;
public function inc(string $key): void {
$this->getClient()->increment($key);
}
public function dec(string $key): void {
$this->getClient()->decrement($key);
}
public function count(string $key, int $value): void {
$this->getClient()->count($key, $value);
}
public function time(string $key, float $time): void {
$this->getClient()->timing($key, floor($time));
}
public function startTiming(string $key): void {
$this->getClient()->startTiming($key);
}
public function endTiming(string $key): void {
$this->getClient()->endTiming($key);
}
public function peakMemoryUsage(string $key): void {
$this->getClient()->memory($key);
}
/**
* Pass delta values as a string.
* Accepts both positive (+11) and negative (-4) delta values.
* $statsd->gauge('foobar', 3);
* $statsd->gauge('foobar', '+11');
*
* @param string $key
* @param string|int $value
*/
public function gauge(string $key, $value): void {
$this->getClient()->gauge($key, $value);
}
public function set(string $key, int $value): void {
$this->getClient()->set($key, $value);
}
public function getClient(): Client {
if ($this->client === null) {
$connection = $this->createConnection();
$this->client = new Client($connection, $this->namespace);
}
return $this->client;
}
protected function createConnection(): Connection {
if (!empty($this->host) && !empty($this->port)) {
return new Connection\UdpSocket($this->host, $this->port);
}
return new Connection\Blackhole();
}
}

5
common/config/ConfigLoader.php
View File

@ -5,10 +5,7 @@ use yii\helpers\ArrayHelper;
class ConfigLoader {
/*
* TODO: В PHP 7.1 следует сделать её protected
*/
const ROOT_PATH = __DIR__ . '/../..';
private const ROOT_PATH = __DIR__ . '/../..';
private $application;

32
common/config/config.php
View File

@ -1,6 +1,6 @@
<?php
return [
'version' => '1.1.21',
'version' => '1.1.22',
'vendorPath' => dirname(__DIR__, 2) . '/vendor',
'components' => [
'cache' => [
@ -17,6 +17,19 @@ return [
'mysql' => common\db\mysql\Schema::class,
],
],
'unbufferedDb' => [
'class' => yii\db\Connection::class,
'dsn' => 'mysql:host=' . (getenv('DB_HOST') ?: 'db') . ';dbname=' . getenv('DB_DATABASE'),
'username' => getenv('DB_USER'),
'password' => getenv('DB_PASSWORD'),
'charset' => 'utf8',
'attributes' => [
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false,
],
'schemaMap' => [
'mysql' => common\db\mysql\Schema::class,
],
],
'mailer' => [
'class' => yii\swiftmailer\Mailer::class,
'viewPath' => '@common/mail',
@ -77,6 +90,23 @@ return [
'itemFile' => '@common/rbac/.generated/items.php',
'ruleFile' => '@common/rbac/.generated/rules.php',
],
'statsd' => [
'class' => common\components\StatsD::class,
'host' => getenv('STATSD_HOST'),
'port' => getenv('STATSD_PORT') ?: 8125,
'namespace' => getenv('STATSD_NAMESPACE') ?: 'ely.accounts.' . gethostname() . '.app',
],
'queue' => [
'class' => yii\queue\amqp_interop\Queue::class,
'driver' => yii\queue\amqp_interop\Queue::ENQUEUE_AMQP_LIB,
'host' => getenv('RABBITMQ_HOST') ?: 'rabbitmq',
'port' => getenv('RABBITMQ_PORT') ?: 5672,
'user' => getenv('RABBITMQ_USER'),
'password' => getenv('RABBITMQ_PASS'),
'vhost' => getenv('RABBITMQ_VHOST'),
'queueName' => 'worker',
'exchangeName' => 'tasks',
],
],
'container' => [
'definitions' => [

50
common/emails/EmailHelper.php
View File

@ -1,56 +1,10 @@
<?php
namespace common\emails;
use common\emails\templates\ChangeEmailConfirmCurrentEmail;
use common\emails\templates\ChangeEmailConfirmNewEmail;
use common\emails\templates\ForgotPasswordEmail;
use common\emails\templates\ForgotPasswordParams;
use common\emails\templates\RegistrationEmail;
use common\emails\templates\RegistrationEmailParams;
use common\models\Account;
use common\models\confirmations\CurrentEmailConfirmation;
use common\models\confirmations\ForgotPassword;
use common\models\confirmations\NewEmailConfirmation;
use common\models\confirmations\RegistrationConfirmation;
use Yii;
class EmailHelper {
public static function registration(RegistrationConfirmation $emailActivation): void {
$account = $emailActivation->account;
$locale = $account->lang;
$params = new RegistrationEmailParams(
$account->username,
$emailActivation->key,
Yii::$app->request->getHostInfo() . '/activation/' . $emailActivation->key
);
(new RegistrationEmail(self::buildTo($account), $locale, $params))->send();
}
public static function forgotPassword(ForgotPassword $emailActivation): void {
$account = $emailActivation->account;
$locale = $account->lang;
$params = new ForgotPasswordParams(
$account->username,
$emailActivation->key,
Yii::$app->request->getHostInfo() . '/recover-password/' . $emailActivation->key
);
(new ForgotPasswordEmail(self::buildTo($account), $locale, $params))->send();
}
public static function changeEmailConfirmCurrent(CurrentEmailConfirmation $emailActivation): void {
(new ChangeEmailConfirmCurrentEmail(self::buildTo($emailActivation->account), $emailActivation->key))->send();
}
public static function changeEmailConfirmNew(NewEmailConfirmation $emailActivation): void {
$account = $emailActivation->account;
(new ChangeEmailConfirmNewEmail(self::buildTo($account), $account->username, $emailActivation->key))->send();
}
public static function buildTo(Account $account): array {
return [$account->email => $account->username];
public static function buildTo(string $username, string $email): array {
return [$email => $username];
}
}

5
common/rbac/rules/AccountOwner.php
View File

@ -30,7 +30,10 @@ class AccountOwner extends Rule {
}
$identity = Yii::$app->user->findIdentityByAccessToken($accessToken);
/** @noinspection NullPointerExceptionInspection это исключено, т.к. уже сработал authManager */
if ($identity === null) {
return false;
}
$account = $identity->getAccount();
if ($account === null) {
return false;

44
common/tasks/SendCurrentEmailConfirmation.php Normal file
View File

@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace common\tasks;
use common\emails\EmailHelper;
use common\emails\templates\ChangeEmailConfirmCurrentEmail;
use common\models\confirmations\CurrentEmailConfirmation;
use yii\queue\RetryableJobInterface;
class SendCurrentEmailConfirmation implements RetryableJobInterface {
public $email;
public $username;
public $code;
public static function createFromConfirmation(CurrentEmailConfirmation $confirmation): self {
$result = new self();
$result->email = $confirmation->account->email;
$result->username = $confirmation->account->username;
$result->code = $confirmation->key;
return $result;
}
public function getTtr() {
return 30;
}
public function canRetry($attempt, $error) {
return true;
}
/**
* @param \yii\queue\Queue $queue
*/
public function execute($queue) {
$to = EmailHelper::buildTo($this->username, $this->email);
$template = new ChangeEmailConfirmCurrentEmail($to, $this->code);
$template->send();
}
}

44
common/tasks/SendNewEmailConfirmation.php Normal file
View File

@ -0,0 +1,44 @@
<?php
declare(strict_types=1);
namespace common\tasks;
use common\emails\EmailHelper;
use common\emails\templates\ChangeEmailConfirmNewEmail;
use common\models\confirmations\NewEmailConfirmation;
use yii\queue\RetryableJobInterface;
class SendNewEmailConfirmation implements RetryableJobInterface {
public $email;
public $username;
public $code;
public static function createFromConfirmation(NewEmailConfirmation $confirmation): self {
$result = new self();
$result->email = $confirmation->getNewEmail();
$result->username = $confirmation->account->username;
$result->code = $confirmation->key;
return $result;
}
public function getTtr() {
return 30;
}
public function canRetry($attempt, $error) {
return true;
}
/**
* @param \yii\queue\Queue $queue
*/
public function execute($queue) {
$to = EmailHelper::buildTo($this->username, $this->email);
$template = new ChangeEmailConfirmNewEmail($to, $this->username, $this->code);
$template->send();
}
}

56
common/tasks/SendPasswordRecoveryEmail.php Normal file
View File

@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
namespace common\tasks;
use common\emails\EmailHelper;
use common\emails\templates\ForgotPasswordEmail;
use common\emails\templates\ForgotPasswordParams;
use common\models\confirmations\ForgotPassword;
use Yii;
use yii\queue\RetryableJobInterface;
class SendPasswordRecoveryEmail implements RetryableJobInterface {
public $username;
public $email;
public $code;
public $link;
public $locale;
public static function createFromConfirmation(ForgotPassword $confirmation): self {
$account = $confirmation->account;
$result = new self();
$result->username = $account->username;
$result->email = $account->email;
$result->code = $confirmation->key;
$result->link = Yii::$app->request->getHostInfo() . '/recover-password/' . $confirmation->key;
$result->locale = $account->lang;
return $result;
}
public function getTtr() {
return 30;
}
public function canRetry($attempt, $error) {
return true;
}
/**
* @param \yii\queue\Queue $queue
* @throws \common\emails\exceptions\CannotSendEmailException
*/
public function execute($queue) {
$params = new ForgotPasswordParams($this->username, $this->code, $this->link);
$to = EmailHelper::buildTo($this->username, $this->email);
$template = new ForgotPasswordEmail($to, $this->locale, $params);
$template->send();
}
}

56
common/tasks/SendRegistrationEmail.php Normal file
View File

@ -0,0 +1,56 @@
<?php
declare(strict_types=1);
namespace common\tasks;
use common\emails\EmailHelper;
use common\emails\templates\RegistrationEmail;
use common\emails\templates\RegistrationEmailParams;
use common\models\confirmations\RegistrationConfirmation;
use Yii;
use yii\queue\RetryableJobInterface;
class SendRegistrationEmail implements RetryableJobInterface {
public $username;
public $email;
public $code;
public $link;
public $locale;
public static function createFromConfirmation(RegistrationConfirmation $confirmation): self {
$account = $confirmation->account;
$result = new self();
$result->username = $account->username;
$result->email = $account->email;
$result->code = $confirmation->key;
$result->link = Yii::$app->request->getHostInfo() . '/activation/' . $confirmation->key;
$result->locale = $account->lang;
return $result;
}
public function getTtr() {
return 30;
}
public function canRetry($attempt, $error) {
return true;
}
/**
* @param \yii\queue\Queue $queue
* @throws \common\emails\exceptions\CannotSendEmailException
*/
public function execute($queue) {
$params = new RegistrationEmailParams($this->username, $this->code, $this->link);
$to = EmailHelper::buildTo($this->username, $this->email);
$template = new RegistrationEmail($to, $this->locale, $params);
$template->send();
}
}

21
composer.json
View File

@ -7,7 +7,7 @@
"require": {
"php": "^7.1",
"roave/security-advisories": "dev-master",
"yiisoft/yii2": "2.0.12",
"yiisoft/yii2": "2.0.13.1",
"yiisoft/yii2-swiftmailer": "~2.1.0",
"ramsey/uuid": "^3.5",
"league/oauth2-server": "^4.1",
@ -23,15 +23,19 @@
"spomky-labs/otphp": "^9.0.2",
"bacon/bacon-qr-code": "^1.0",
"paragonie/constant_time_encoding": "^2.0",
"webmozart/assert": "^1.2.0"
"webmozart/assert": "^1.2.0",
"goaop/framework": "~2.1.2",
"domnikl/statsd": "^2.6",
"yiisoft/yii2-queue": "~2.0.2",
"enqueue/amqp-lib": "^0.8.11"
},
"require-dev": {
"yiisoft/yii2-debug": "*",
"yiisoft/yii2-faker": "*",
"flow/jsonpath": "^0.3.1",
"phpunit/phpunit": "^6.0",
"codeception/codeception": "2.3.6",
"codeception/specify": "*",
"codeception/codeception": "dev-reset_yii2_app#6045eed00f7b163226d04fe40333f076b0f132e3",
"codeception/specify": "^1.0.0",
"codeception/verify": "*",
"mockery/mockery": "^1.0.0",
"php-mock/php-mock-mockery": "^1.2.0"
@ -48,9 +52,18 @@
{
"type": "git",
"url": "git@gitlab.ely.by:elyby/email-renderer.git"
},
{
"type": "git",
"url": "git@github.com:erickskrauch/Codeception.git"
}
],
"autoload": {
"psr-4": {
"api\\": "api",
"common\\": "common",
"console\\": "console"
},
"files": [
"common/consts.php"
]

20
console/components/ErrorHandler.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace console\components;
use Swift_TransportException;
use Yii;
use yii\queue\ErrorEvent;
class ErrorHandler {
public function handleQueueError(ErrorEvent $error): void {
$exception = $error->error;
if ($exception instanceof Swift_TransportException) {
Yii::warning($exception);
return;
}
Yii::error($exception);
}
}

14
console/config/config.php
View File

@ -1,13 +1,13 @@
<?php
$params = array_merge(
require(__DIR__ . '/../../common/config/params.php'),
require(__DIR__ . '/params.php')
require __DIR__ . '/../../common/config/params.php',
require __DIR__ . '/params.php'
);
return [
'id' => 'accounts-console',
'basePath' => dirname(__DIR__),
'bootstrap' => ['log'],
'bootstrap' => ['log', 'queue'],
'controllerNamespace' => 'console\controllers',
'params' => $params,
'components' => [
@ -23,10 +23,16 @@ return [
],
],
],
'urlManager' => [
'hostInfo' => getenv('DOMAIN') ?: 'https://account.ely.by',
],
'queue' => [
'on afterError' => [new console\components\ErrorHandler(), 'handleQueueError'],
],
],
'controllerMap' => [
'migrate' => [
'class' => yii\console\controllers\MigrateController::class,
'class' => yii\console\controllers\MigrateController::class,
'templateFile' => '@console/views/migration.php',
],
],

3
console/controllers/AccountQueueController.php
View File

@ -32,11 +32,14 @@ class AccountQueueController extends AmqpController {
}
public function routeUsernameChanged(UsernameChanged $body): bool {
Yii::$app->statsd->inc('worker.account.usernameChanged.attempt');
$mojangApi = $this->createMojangApi();
try {
$response = $mojangApi->usernameToUUID($body->newUsername);
Yii::$app->statsd->inc('worker.account.usernameChanged.found');
} catch (NoContentException $e) {
$response = false;
Yii::$app->statsd->inc('worker.account.usernameChanged.not_found');
} catch (RequestException $e) {
return true;
}

20
console/controllers/AmqpController.php
View File

@ -2,19 +2,21 @@
namespace console\controllers;
use Ely\Amqp\ControllerTrait;
use Exception;
use PhpAmqpLib\Message\AMQPMessage;
use Yii;
use yii\console\Controller;
use yii\db\Exception as YiiDbException;
use yii\helpers\ArrayHelper;
use yii\helpers\Inflector;
use yii\helpers\StringHelper;
abstract class AmqpController extends Controller {
use ControllerTrait {
callback as _callback;
}
private $reconnected = false;
public final function actionIndex() {
$this->start();
}
@ -35,12 +37,17 @@ abstract class AmqpController extends Controller {
try {
$this->_callback($msg);
} catch (YiiDbException $e) {
if (StringHelper::startsWith($e->getMessage(), 'Error while sending QUERY packet')) {
exit(self::EXIT_CODE_ERROR);
if ($this->reconnected || !$this->isRestorableException($e)) {
throw $e;
}
throw $e;
$this->reconnected = true;
Yii::$app->db->close();
Yii::$app->db->open();
$this->callback($msg);
}
$this->reconnected = false;
}
/**
@ -57,4 +64,9 @@ abstract class AmqpController extends Controller {
return ArrayHelper::getValue($this->getRoutesMap(), $route, 'route' . Inflector::camelize($route));
}
private function isRestorableException(Exception $e): bool {
return strpos($e->getMessage(), 'MySQL server has gone away') !== false
|| strcmp($e->getMessage(), 'Error while sending QUERY packet') !== false;
}
}

21
console/controllers/CleanupController.php
View File

@ -4,24 +4,23 @@ namespace console\controllers;
use common\models\AccountSession;
use common\models\EmailActivation;
use common\models\MinecraftAccessKey;
use Yii;
use yii\console\Controller;
class CleanupController extends Controller {
public function actionEmailKeys() {
$query = EmailActivation::find();
$conditions = ['OR'];
foreach ($this->getEmailActivationsDurationsMap() as $typeId => $expiration) {
$conditions[] = [
$query->orWhere([
'AND',
['type' => $typeId],
['<', 'created_at', time() - $expiration],
];
]);
}
/** @var \yii\db\BatchQueryResult|EmailActivation[] $expiredEmails */
$expiredEmails = $query->andWhere($conditions)->each();
foreach ($expiredEmails as $email) {
foreach ($query->each(100, Yii::$app->unbufferedDb) as $email) {
/** @var EmailActivation $email */
$email->delete();
}
@ -29,12 +28,11 @@ class CleanupController extends Controller {
}
public function actionMinecraftSessions() {
/** @var \yii\db\BatchQueryResult|MinecraftAccessKey[] $expiredMinecraftSessions */
$expiredMinecraftSessions = MinecraftAccessKey::find()
->andWhere(['<', 'updated_at', time() - 1209600]) // 2 weeks
->each();
$expiredMinecraftSessionsQuery = MinecraftAccessKey::find()
->andWhere(['<', 'updated_at', time() - 1209600]); // 2 weeks
foreach ($expiredMinecraftSessions as $minecraftSession) {
foreach ($expiredMinecraftSessionsQuery->each(100, Yii::$app->unbufferedDb) as $minecraftSession) {
/** @var MinecraftAccessKey $minecraftSession */
$minecraftSession->delete();
}
@ -70,6 +68,7 @@ class CleanupController extends Controller {
$object = new $className;
/** @var \common\behaviors\EmailActivationExpirationBehavior $behavior */
$behavior = $object->getBehavior('expirationBehavior');
/** @noinspection NullPointerExceptionInspection */
$expiration = $behavior->expirationTimeout ?? 1123200; // 13d по умолчанию
// Приращаем 1 день, чтобы пользователи ещё могли получать сообщения об истечении кода активации
/** @noinspection SummerTimeUnsafeTimeManipulationInspection */

2
console/db/Migration.php
View File

@ -11,7 +11,7 @@ class Migration extends YiiMigration {
public function getTableOptions($engine = 'InnoDB') {
$tableOptions = null;
if ($this->db->driverName === 'mysql') {
$tableOptions = 'CHARACTER SET utf8 COLLATE utf8_general_ci ENGINE=' . $engine;
$tableOptions = 'CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci ENGINE=' . $engine;
}
return $tableOptions;

37
console/migrations/m171222_200114_migrate_to_utf8md4_unicode_ci.php Normal file
View File

@ -0,0 +1,37 @@
<?php
use console\db\Migration;
class m171222_200114_migrate_to_utf8md4_unicode_ci extends Migration {
public function safeUp() {
$this->execute('SET FOREIGN_KEY_CHECKS=0');
$dbName = $this->db->createCommand('SELECT DATABASE()')->queryScalar();
$this->execute("ALTER DATABASE {{%$dbName}} CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci");
$tables = $this->db->createCommand('SHOW TABLES')->queryColumn();
foreach ($tables as $table) {
$this->execute("ALTER TABLE {{%$table}} CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci");
}
$this->execute('ALTER TABLE {{%usernames_history}} MODIFY username VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL');
$this->execute('SET FOREIGN_KEY_CHECKS=1');
}
public function safeDown() {
$this->execute('SET FOREIGN_KEY_CHECKS=0');
$dbName = $this->db->createCommand('SELECT DATABASE()')->queryScalar();
$this->execute("ALTER DATABASE {{%$dbName}} CHARACTER SET = utf8 COLLATE = utf8_general_ci");
$tables = $this->db->createCommand('SHOW TABLES')->queryColumn();
foreach ($tables as $table) {
$this->execute("ALTER TABLE {{%$table}} CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci");
}
$this->execute('ALTER TABLE {{%usernames_history}} MODIFY username VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL');
$this->execute('SET FOREIGN_KEY_CHECKS=1');
}
}

2
docker-compose.prod.yml
View File

@ -9,7 +9,7 @@ services:
env_file: .env
web:
image: registry.ely.by/elyby/accounts-nginx:1.0.2
image: registry.ely.by/elyby/accounts-nginx:1.0.3
volumes_from:
- app
links:

2
docker/mariadb/Dockerfile
View File

@ -1,4 +1,4 @@
FROM mariadb:10.0
FROM mariadb:10.2.11
COPY custom.cnf /etc/mysql/conf.d/

8
docker/mariadb/custom.cnf
View File

@ -1,9 +1,9 @@
[mysql]
default-character-set = utf8
default-character-set = utf8mb4
[mysqld]
character-set-server = utf8
collation-server = utf8_general_ci
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
[client]
default-character-set = utf8
default-character-set = utf8mb4

3
docker/php/bootstrap.sh
View File

@ -1,5 +1,8 @@
#!/usr/bin/env bash
mkdir -p api/runtime api/web/assets console/runtime
chown www-data:www-data api/runtime api/web/assets console/runtime
if [ "$YII_ENV" = "test" ]
then
YII_EXEC="/var/www/html/tests/codeception/bin/yii"

6
docker/supervisor/worker-queue.conf Normal file
View File

@ -0,0 +1,6 @@
[program:queue-worker]
directory=/var/www/html
command=wait-for-it rabbitmq:5672 -- php yii queue/listen -v
autostart=true
autorestart=true
priority=10

4
tests/codeception/api/_bootstrap.php
View File

@ -1,6 +1,5 @@
<?php
use Codeception\Configuration;
use Codeception\Specify\Config;
defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'test');
@ -21,5 +20,4 @@ $_SERVER['SCRIPT_NAME'] = API_ENTRY_URL;
$_SERVER['SERVER_NAME'] = parse_url(Configuration::config()['config']['test_entry_url'], PHP_URL_HOST);
$_SERVER['SERVER_PORT'] = parse_url(Configuration::config()['config']['test_entry_url'], PHP_URL_PORT) ?: '80';
Yii::setAlias('@tests', dirname(dirname(__DIR__)));
Config::setDeepClone(false);
Yii::setAlias('@tests', dirname(__DIR__, 2));

11
tests/codeception/api/functional/accounts/EnableTwoFactorAuthCest.php
View File

@ -58,4 +58,15 @@ class EnableTwoFactorAuthCest {
]);
}
public function testSuccessEnableWithNotSoExpiredCode(FunctionalTester $I) {
$accountId = $I->amAuthenticated('AccountWithOtpSecret');
$totp = TOTP::create('AAAA');
$this->route->enableTwoFactorAuth($accountId, $totp->at(time() - 35), 'password_0');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
]);
}
}

5
tests/codeception/api/functional/accounts/GetCest.php
View File

@ -60,9 +60,8 @@ class GetCest {
public function testGetInfoWithExpiredToken(FunctionalTester $I) {
// Устанавливаем заведомо истёкший токен
$I->amBearerAuthenticated(
// TODO: обновить токен
'eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiO' .
'jE0NjQ2Mjc1NDUsImV4cCI6MTQ2NDYzMTE0NSwianRpIjoxfQ.9c1mm0BK-cuW1qh15F12s2Fh37IN43YeeZeU4DFtlrE'
'eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE0NjQ2Mjc1NDUsImV4cCI6MTQ2NDYzMTE0NSwic3ViIjoiZWx5fDEiLCJlbHktc' .
'2NvcGVzIjoiYWNjb3VudHNfd2ViX3VzZXIifQ.v1u8V5wk2RkWmnZtH3jZvM3zO1Gpgbp2DQFfLfy8jHY'
);
$this->route->get(1);

1
tests/codeception/api/unit.suite.yml
View File

@ -4,6 +4,7 @@ modules:
- Yii2:
part: [orm, email, fixtures]
- tests\codeception\common\_support\amqp\Helper
- tests\codeception\common\_support\queue\CodeceptionQueueHelper
- tests\codeception\common\_support\Mockery
config:
Yii2:

2
tests/codeception/api/unit/models/JwtIdentityTest.php
View File

@ -37,8 +37,6 @@ class JwtIdentityTest extends TestCase {
*/
public function testFindIdentityByAccessTokenWithExpiredToken() {
$token = new Token();
$token->addClaim(new Claim\Audience('http://localhost'));
$token->addClaim(new Claim\Issuer('http://localhost'));
$token->addClaim(new Claim\IssuedAt(1464593193));
$token->addClaim(new Claim\Expiration(1464596793));
$token->addClaim(new Claim\Subject('ely|' . $this->tester->grabFixture('accounts', 'admin')['id']));

38
tests/codeception/api/unit/models/authentication/ForgotPasswordFormTest.php
View File

@ -4,7 +4,9 @@ namespace codeception\api\unit\models\authentication;
use api\components\ReCaptcha\Validator as ReCaptchaValidator;
use api\models\authentication\ForgotPasswordForm;
use Codeception\Specify;
use common\models\Account;
use common\models\EmailActivation;
use common\tasks\SendPasswordRecoveryEmail;
use GuzzleHttp\ClientInterface;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\AccountFixture;
@ -78,29 +80,41 @@ class ForgotPasswordFormTest extends TestCase {
}
public function testForgotPassword() {
$model = new ForgotPasswordForm(['login' => $this->tester->grabFixture('accounts', 'admin')['username']]);
/** @var Account $account */
$account = $this->tester->grabFixture('accounts', 'admin');
$model = new ForgotPasswordForm(['login' => $account->username]);
$this->assertTrue($model->forgotPassword(), 'form should be successfully processed');
$activation = $model->getEmailActivation();
$this->assertInstanceOf(EmailActivation::class, $activation, 'getEmailActivation should return valid object instance');
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$body = $email->getSwiftMessage()->getBody();
$this->assertContains($activation->key, $body);
$this->assertContains('/recover-password/' . $activation->key, $body);
$this->assertTaskCreated($this->tester->grabLastQueuedJob(), $account, $activation);
}
public function testForgotPasswordResend() {
$fixture = $this->tester->grabFixture('accounts', 'account-with-expired-forgot-password-message');
$model = new ForgotPasswordForm([
'login' => $fixture['username'],
]);
/** @var Account $account */
$account = $this->tester->grabFixture('accounts', 'account-with-expired-forgot-password-message');
$model = new ForgotPasswordForm(['login' => $account->username]);
$callTime = time();
$this->assertTrue($model->forgotPassword(), 'form should be successfully processed');
$emailActivation = $model->getEmailActivation();
$this->assertInstanceOf(EmailActivation::class, $emailActivation);
$this->assertGreaterThanOrEqual($callTime, $emailActivation->created_at);
$this->tester->canSeeEmailIsSent(1);
$this->assertTaskCreated($this->tester->grabLastQueuedJob(), $account, $emailActivation);
}
/**
* @param SendPasswordRecoveryEmail $job
* @param Account $account
* @param EmailActivation $activation
*/
private function assertTaskCreated($job, Account $account, EmailActivation $activation) {
$this->assertInstanceOf(SendPasswordRecoveryEmail::class, $job);
$this->assertSame($account->username, $job->username);
$this->assertSame($account->email, $job->email);
$this->assertSame($account->lang, $job->locale);
$this->assertSame($activation->key, $job->code);
$this->assertSame('http://localhost/recover-password/' . $activation->key, $job->link);
}
/**

44
tests/codeception/api/unit/models/authentication/RegistrationFormTest.php
View File

@ -7,6 +7,7 @@ use Codeception\Specify;
use common\models\Account;
use common\models\EmailActivation;
use common\models\UsernameHistory;
use common\tasks\SendRegistrationEmail;
use GuzzleHttp\ClientInterface;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\AccountFixture;
@ -40,23 +41,19 @@ class RegistrationFormTest extends TestCase {
}
public function testValidatePasswordAndRePasswordMatch() {
$this->specify('error.rePassword_does_not_match if password and rePassword not match', function() {
$model = new RegistrationForm([
'password' => 'enough-length',
'rePassword' => 'password',
]);
expect($model->validate(['rePassword']))->false();
expect($model->getErrors('rePassword'))->equals(['error.rePassword_does_not_match']);
});
$model = new RegistrationForm([
'password' => 'enough-length',
'rePassword' => 'but-mismatch',
]);
$this->assertFalse($model->validate(['rePassword']));
$this->assertSame(['error.rePassword_does_not_match'], $model->getErrors('rePassword'));
$this->specify('no errors if password and rePassword match', function() {
$model = new RegistrationForm([
'password' => 'enough-length',
'rePassword' => 'enough-length',
]);
expect($model->validate(['rePassword']))->true();
expect($model->getErrors('rePassword'))->isEmpty();
});
$model = new RegistrationForm([
'password' => 'enough-length',
'rePassword' => 'enough-length',
]);
$this->assertTrue($model->validate(['rePassword']));
$this->assertEmpty($model->getErrors('rePassword'));
}
public function testSignup() {
@ -118,12 +115,15 @@ class RegistrationFormTest extends TestCase {
'account_id' => $account->id,
'applied_in' => $account->created_at,
])->exists(), 'username history record exists in database');
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$body = $email->getSwiftMessage()->getBody();
$this->assertContains($activation->key, $body);
$this->assertContains('/activation/' . $activation->key, $body);
/** @var SendRegistrationEmail $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(SendRegistrationEmail::class, $job);
$this->assertSame($account->username, $job->username);
$this->assertSame($account->email, $job->email);
$this->assertSame($account->lang, $job->locale);
$this->assertSame($activation->key, $job->code);
$this->assertSame('http://localhost/activation/' . $activation->key, $job->link);
}
private function mockRequest($ip = '88.225.20.236') {

30
tests/codeception/api/unit/models/authentication/RepeatAccountActivationFormTest.php
View File

@ -5,6 +5,7 @@ use api\components\ReCaptcha\Validator as ReCaptchaValidator;
use api\models\authentication\RepeatAccountActivationForm;
use Codeception\Specify;
use common\models\EmailActivation;
use common\tasks\SendRegistrationEmail;
use GuzzleHttp\ClientInterface;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\AccountFixture;
@ -69,19 +70,24 @@ class RepeatAccountActivationFormTest extends TestCase {
}
public function testSendRepeatMessage() {
$this->specify('no magic if we don\'t pass validation', function() {
$model = new RepeatAccountActivationForm();
expect($model->sendRepeatMessage())->false();
$this->tester->cantSeeEmailIsSent();
});
$model = new RepeatAccountActivationForm();
$this->assertFalse($model->sendRepeatMessage(), 'no magic if we don\'t pass validation');
$this->assertEmpty($this->tester->grabQueueJobs());
$this->specify('successfully send new message if previous message has expired', function() {
$email = $this->tester->grabFixture('accounts', 'not-activated-account-with-expired-message')['email'];
$model = new RepeatAccountActivationForm(['email' => $email]);
expect($model->sendRepeatMessage())->true();
expect($model->getActivation())->notNull();
$this->tester->canSeeEmailIsSent(1);
});
/** @var \common\models\Account $account */
$account = $this->tester->grabFixture('accounts', 'not-activated-account-with-expired-message');
$model = new RepeatAccountActivationForm(['email' => $account->email]);
$this->assertTrue($model->sendRepeatMessage());
$activation = $model->getActivation();
$this->assertNotNull($activation);
/** @var SendRegistrationEmail $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(SendRegistrationEmail::class, $job);
$this->assertSame($account->username, $job->username);
$this->assertSame($account->email, $job->email);
$this->assertSame($account->lang, $job->locale);
$this->assertSame($activation->key, $job->code);
$this->assertSame('http://localhost/activation/' . $activation->key, $job->link);
}
/**

15
tests/codeception/api/unit/modules/accounts/models/SendEmailVerificationFormTest.php
View File

@ -5,6 +5,7 @@ use api\modules\accounts\models\SendEmailVerificationForm;
use common\models\Account;
use common\models\confirmations\CurrentEmailConfirmation;
use common\models\EmailActivation;
use common\tasks\SendCurrentEmailConfirmation;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\AccountFixture;
use tests\codeception\common\fixtures\EmailActivationFixture;
@ -35,11 +36,19 @@ class SendEmailVerificationFormTest extends TestCase {
'password' => 'password_0',
]);
$this->assertTrue($model->performAction());
$this->assertTrue(EmailActivation::find()->andWhere([
/** @var EmailActivation $activation */
$activation = EmailActivation::findOne([
'account_id' => $account->id,
'type' => EmailActivation::TYPE_CURRENT_EMAIL_CONFIRMATION,
])->exists());
$this->tester->canSeeEmailIsSent();
]);
$this->assertInstanceOf(EmailActivation::class, $activation);
/** @var SendCurrentEmailConfirmation $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(SendCurrentEmailConfirmation::class, $job);
$this->assertSame($account->username, $job->username);
$this->assertSame($account->email, $job->email);
$this->assertSame($activation->key, $job->code);
}
}

15
tests/codeception/api/unit/modules/accounts/models/SendNewEmailVerificationFormTest.php
View File

@ -5,6 +5,7 @@ use api\modules\accounts\models\SendNewEmailVerificationForm;
use common\models\Account;
use common\models\confirmations\NewEmailConfirmation;
use common\models\EmailActivation;
use common\tasks\SendNewEmailConfirmation;
use tests\codeception\api\unit\TestCase;
use tests\codeception\common\fixtures\AccountFixture;
use tests\codeception\common\fixtures\EmailActivationFixture;
@ -44,11 +45,19 @@ class SendNewEmailVerificationFormTest extends TestCase {
Mock::func(EmailValidator::class, 'checkdnsrr')->andReturn(true);
$this->assertTrue($model->performAction());
$this->assertNull(EmailActivation::findOne($key));
$this->assertNotNull(EmailActivation::findOne([
/** @var EmailActivation $activation */
$activation = EmailActivation::findOne([
'account_id' => $account->id,
'type' => EmailActivation::TYPE_NEW_EMAIL_CONFIRMATION,
]));
$this->tester->canSeeEmailIsSent();
]);
$this->assertNotNull(EmailActivation::class, $activation);
/** @var SendNewEmailConfirmation $job */
$job = $this->tester->grabLastQueuedJob();
$this->assertInstanceOf(SendNewEmailConfirmation::class, $job);
$this->assertSame($account->username, $job->username);
$this->assertSame('my-new-email@ely.by', $job->email);
$this->assertSame($activation->key, $job->code);
}
}

3
tests/codeception/common/_bootstrap.php
View File

@ -10,5 +10,4 @@ require_once __DIR__ . '/../../../common/config/bootstrap.php';
$_SERVER['SERVER_NAME'] = 'localhost';
$_SERVER['SERVER_PORT'] = '80';
Yii::setAlias('@tests', dirname(dirname(__DIR__)));
\Codeception\Specify\Config::setDeepClone(false);
Yii::setAlias('@tests', dirname(__DIR__, 2));

51
tests/codeception/common/_support/queue/CodeceptionQueueHelper.php Normal file
View File

@ -0,0 +1,51 @@
<?php
namespace tests\codeception\common\_support\queue;
use Codeception\Exception\ModuleException;
use Codeception\Module;
use Codeception\Module\Yii2;
class CodeceptionQueueHelper extends Module {
/**
* Returns last sent message
*
* @return \yii\queue\JobInterface|null
*/
public function grabLastQueuedJob() {
$messages = $this->grabQueueJobs();
return end($messages);
}
/**
* Returns array of all sent amqp messages.
* Each message is `\PhpAmqpLib\Message\AMQPMessage` instance.
* Useful to perform additional checks using `Asserts` module.
*
* @param string|null $exchange
* @return \yii\queue\JobInterface[]
* @throws ModuleException
*/
public function grabQueueJobs() {
$amqp = $this->grabComponent('queue');
if (!$amqp instanceof Queue) {
throw new ModuleException($this, 'AMQP module is not mocked, can\'t test messages');
}
return $amqp->getMessages();
}
private function grabComponent(string $component) {
return $this->getYii2()->grabComponent($component);
}
private function getYii2(): Yii2 {
$yii2 = $this->getModule('Yii2');
if (!$yii2 instanceof Yii2) {
throw new ModuleException($this, 'Yii2 module must be configured');
}
return $yii2;
}
}

32
tests/codeception/common/_support/queue/Queue.php Normal file
View File

@ -0,0 +1,32 @@
<?php
namespace tests\codeception\common\_support\queue;
use yii\base\NotSupportedException;
use yii\queue\Queue as BaseQueue;
class Queue extends BaseQueue {
private $messages = [];
public function push($job) {
$this->messages[] = $job;
}
public function status($id) {
throw new NotSupportedException('Status is not supported in the driver.');
}
public function getMessages() {
return $this->messages;
}
protected function pushMessage($message, $ttr, $delay, $priority) {
// This function is abstract, but will be not called
}
public function __set($name, $value) {
// Yii2 components may contains some configuration
// But we just ignore it for this mock component
}
}

10
tests/codeception/common/fixtures/data/accounts.php
View File

@ -54,6 +54,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1457890086,
'updated_at' => 1457890086,
'password_changed_at' => 1457890086,
],
'account-with-fresh-forgot-password-message' => [
'id' => 5,
@ -67,6 +68,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1462891432,
'updated_at' => 1462891432,
'password_changed_at' => 1462891432,
],
'account-with-expired-forgot-password-message' => [
'id' => 6,
@ -80,6 +82,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1462891612,
'updated_at' => 1462891612,
'password_changed_at' => 1462891612,
],
'account-with-change-email-init-state' => [
'id' => 7,
@ -93,6 +96,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1463427287,
'updated_at' => 1463427287,
'password_changed_at' => 1463427287,
],
'account-with-change-email-finish-state' => [
'id' => 8,
@ -106,6 +110,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1463349615,
'updated_at' => 1463349615,
'password_changed_at' => 1463349615,
],
'account-with-old-rules-version' => [
'id' => 9,
@ -119,6 +124,7 @@ return [
'rules_agreement_version' => null,
'created_at' => 1470499952,
'updated_at' => 1470499952,
'password_changed_at' => 1470499952,
],
'banned-account' => [
'id' => 10,
@ -132,6 +138,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1472682343,
'updated_at' => 1472682343,
'password_changed_at' => 1472682343,
],
'account-with-usernames-history' => [
'id' => 11,
@ -145,6 +152,7 @@ return [
'rules_agreement_version' => \common\LATEST_RULES_VERSION,
'created_at' => 1474404139,
'updated_at' => 1474404149,
'password_changed_at' => 1474404149,
],
'account-with-otp-secret' => [
'id' => 12,
@ -160,6 +168,7 @@ return [
'is_otp_enabled' => false,
'created_at' => 1485124615,
'updated_at' => 1485124615,
'password_changed_at' => 1485124615,
],
'account-with-enabled-otp' => [
'id' => 13,
@ -175,5 +184,6 @@ return [
'is_otp_enabled' => true,
'created_at' => 1485124685,
'updated_at' => 1485124685,
'password_changed_at' => 1485124685,
],
];

7
tests/codeception/common/unit/emails/EmailHelperTest.php
View File

@ -2,17 +2,12 @@
namespace tests\codeception\common\unit\emails;
use common\emails\EmailHelper;
use common\models\Account;
use tests\codeception\common\unit\TestCase;
class EmailHelperTest extends TestCase {
public function testBuildTo() {
/** @var Account|\Mockery\MockInterface $account */
$account = mock(Account::class)->makePartial();
$account->username = 'mock-username';
$account->email = 'mock@ely.by';
$this->assertEquals(['mock@ely.by' => 'mock-username'], EmailHelper::buildTo($account));
$this->assertSame(['mock@ely.by' => 'username'], EmailHelper::buildTo('username', 'mock@ely.by'));
}
}

10
tests/codeception/common/unit/rbac/rules/AccountOwnerTest.php
View File

@ -12,6 +12,16 @@ use const common\LATEST_RULES_VERSION;
class AccountOwnerTest extends TestCase {
public function testIdentityIsNull() {
$component = mock(Component::class . '[findIdentityByAccessToken]', [['secret' => 'secret']]);
$component->shouldDeferMissing();
$component->shouldReceive('findIdentityByAccessToken')->andReturn(null);
Yii::$app->set('user', $component);
$this->assertFalse((new AccountOwner())->execute('some token', new Item(), ['accountId' => 123]));
}
public function testExecute() {
$rule = new AccountOwner();
$item = new Item();

47
tests/codeception/common/unit/tasks/SendCurrentEmailConfirmationTest.php Normal file
View File

@ -0,0 +1,47 @@
<?php
namespace tests\codeception\common\unit\tasks;
use common\models\Account;
use common\models\confirmations\CurrentEmailConfirmation;
use common\tasks\SendCurrentEmailConfirmation;
use tests\codeception\common\unit\TestCase;
use yii\queue\Queue;
class SendCurrentEmailConfirmationTest extends TestCase {
public function testCreateFromConfirmation() {
$account = new Account();
$account->username = 'mock-username';
$account->email = 'mock@ely.by';
$account->lang = 'id';
/** @var \Mockery\Mock|CurrentEmailConfirmation $confirmation */
$confirmation = mock(CurrentEmailConfirmation::class)->makePartial();
$confirmation->key = 'ABCDEFG';
$confirmation->shouldReceive('getAccount')->andReturn($account);
$result = SendCurrentEmailConfirmation::createFromConfirmation($confirmation);
$this->assertInstanceOf(SendCurrentEmailConfirmation::class, $result);
$this->assertSame('mock-username', $result->username);
$this->assertSame('mock@ely.by', $result->email);
$this->assertSame('ABCDEFG', $result->code);
}
public function testExecute() {
$task = new SendCurrentEmailConfirmation();
$task->username = 'mock-username';
$task->email = 'mock@ely.by';
$task->code = 'GFEDCBA';
$task->execute(mock(Queue::class));
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$this->assertSame(['mock@ely.by' => 'mock-username'], $email->getTo());
$this->assertSame('Ely.by Account change E-mail confirmation', $email->getSubject());
$children = $email->getSwiftMessage()->getChildren()[0];
$this->assertContains('GFEDCBA', $children->getBody());
}
}

47
tests/codeception/common/unit/tasks/SendNewEmailConfirmationTest.php Normal file
View File

@ -0,0 +1,47 @@
<?php
namespace tests\codeception\common\unit\tasks;
use common\models\Account;
use common\models\confirmations\NewEmailConfirmation;
use common\tasks\SendNewEmailConfirmation;
use tests\codeception\common\unit\TestCase;
use yii\queue\Queue;
class SendNewEmailConfirmationTest extends TestCase {
public function testCreateFromConfirmation() {
$account = new Account();
$account->username = 'mock-username';
$account->lang = 'id';
/** @var \Mockery\Mock|NewEmailConfirmation $confirmation */
$confirmation = mock(NewEmailConfirmation::class)->makePartial();
$confirmation->key = 'ABCDEFG';
$confirmation->shouldReceive('getAccount')->andReturn($account);
$confirmation->shouldReceive('getNewEmail')->andReturn('new-email@ely.by');
$result = SendNewEmailConfirmation::createFromConfirmation($confirmation);
$this->assertInstanceOf(SendNewEmailConfirmation::class, $result);
$this->assertSame('mock-username', $result->username);
$this->assertSame('new-email@ely.by', $result->email);
$this->assertSame('ABCDEFG', $result->code);
}
public function testExecute() {
$task = new SendNewEmailConfirmation();
$task->username = 'mock-username';
$task->email = 'mock@ely.by';
$task->code = 'GFEDCBA';
$task->execute(mock(Queue::class));
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$this->assertSame(['mock@ely.by' => 'mock-username'], $email->getTo());
$this->assertSame('Ely.by Account new E-mail confirmation', $email->getSubject());
$children = $email->getSwiftMessage()->getChildren()[0];
$this->assertContains('GFEDCBA', $children->getBody());
}
}

53
tests/codeception/common/unit/tasks/SendPasswordRecoveryEmailTest.php Normal file
View File

@ -0,0 +1,53 @@
<?php
namespace tests\codeception\common\unit\tasks;
use common\models\Account;
use common\models\confirmations\ForgotPassword;
use common\tasks\SendPasswordRecoveryEmail;
use tests\codeception\common\unit\TestCase;
use yii\queue\Queue;
class SendPasswordRecoveryEmailTest extends TestCase {
public function testCreateFromConfirmation() {
$account = new Account();
$account->username = 'mock-username';
$account->email = 'mock@ely.by';
$account->lang = 'id';
/** @var \Mockery\Mock|ForgotPassword $confirmation */
$confirmation = mock(ForgotPassword::class)->makePartial();
$confirmation->key = 'ABCDEFG';
$confirmation->shouldReceive('getAccount')->andReturn($account);
$result = SendPasswordRecoveryEmail::createFromConfirmation($confirmation);
$this->assertInstanceOf(SendPasswordRecoveryEmail::class, $result);
$this->assertSame('mock-username', $result->username);
$this->assertSame('mock@ely.by', $result->email);
$this->assertSame('ABCDEFG', $result->code);
$this->assertSame('http://localhost/recover-password/ABCDEFG', $result->link);
$this->assertSame('id', $result->locale);
}
public function testExecute() {
$task = new SendPasswordRecoveryEmail();
$task->username = 'mock-username';
$task->email = 'mock@ely.by';
$task->code = 'GFEDCBA';
$task->link = 'https://account.ely.by/recover-password/ABCDEFG';
$task->locale = 'ru';
$task->execute(mock(Queue::class));
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$this->assertSame(['mock@ely.by' => 'mock-username'], $email->getTo());
$this->assertSame('Ely.by Account forgot password', $email->getSubject());
$body = $email->getSwiftMessage()->getBody();
$this->assertContains('Привет, mock-username', $body);
$this->assertContains('GFEDCBA', $body);
$this->assertContains('https://account.ely.by/recover-password/ABCDEFG', $body);
}
}

53
tests/codeception/common/unit/tasks/SendRegistrationEmailTest.php Normal file
View File

@ -0,0 +1,53 @@
<?php
namespace tests\codeception\common\unit\tasks;
use common\models\Account;
use common\models\confirmations\RegistrationConfirmation;
use common\tasks\SendRegistrationEmail;
use tests\codeception\common\unit\TestCase;
use yii\queue\Queue;
class SendRegistrationEmailTest extends TestCase {
public function testCreateFromConfirmation() {
$account = new Account();
$account->username = 'mock-username';
$account->email = 'mock@ely.by';
$account->lang = 'ru';
/** @var \Mockery\Mock|RegistrationConfirmation $confirmation */
$confirmation = mock(RegistrationConfirmation::class)->makePartial();
$confirmation->key = 'ABCDEFG';
$confirmation->shouldReceive('getAccount')->andReturn($account);
$result = SendRegistrationEmail::createFromConfirmation($confirmation);
$this->assertInstanceOf(SendRegistrationEmail::class, $result);
$this->assertSame('mock-username', $result->username);
$this->assertSame('mock@ely.by', $result->email);
$this->assertSame('ABCDEFG', $result->code);
$this->assertSame('http://localhost/activation/ABCDEFG', $result->link);
$this->assertSame('ru', $result->locale);
}
public function testExecute() {
$task = new SendRegistrationEmail();
$task->username = 'mock-username';
$task->email = 'mock@ely.by';
$task->code = 'GFEDCBA';
$task->link = 'https://account.ely.by/activation/ABCDEFG';
$task->locale = 'ru';
$task->execute(mock(Queue::class));
$this->tester->canSeeEmailIsSent(1);
/** @var \yii\swiftmailer\Message $email */
$email = $this->tester->grabSentEmails()[0];
$this->assertSame(['mock@ely.by' => 'mock-username'], $email->getTo());
$this->assertSame('Ely.by Account registration', $email->getSubject());
$body = $email->getSwiftMessage()->getBody();
$this->assertContains('Привет, mock-username', $body);
$this->assertContains('GFEDCBA', $body);
$this->assertContains('https://account.ely.by/activation/ABCDEFG', $body);
}
}

6
tests/codeception/config/config.php
View File

@ -9,6 +9,9 @@ return [
'namespace' => 'tests\codeception\common\fixtures',
],
],
'params' => [
'fromEmail' => 'ely@ely.by',
],
'components' => [
'urlManager' => [
'showScriptName' => true,
@ -20,6 +23,9 @@ return [
'amqp' => [
'class' => tests\codeception\common\_support\amqp\TestComponent::class,
],
'queue' => [
'class' => tests\codeception\common\_support\queue\Queue::class,
],
'sentry' => [
'enabled' => false,
],

1
tests/codeception/config/functional.php
View File

@ -3,7 +3,6 @@ return [
'components' => [
'request' => [
// it's not recommended to run functional tests with CSRF validation enabled
// TODO: у нас вроде и без того нет проверки csrf
'enableCsrfValidation' => false,
'enableCookieValidation' => false,
// but if you absolutely need it set cookie domain to localhost

3
tests/codeception/console/_bootstrap.php
View File

@ -11,5 +11,4 @@ require_once __DIR__ . '/../../../console/config/bootstrap.php';
$_SERVER['SERVER_NAME'] = 'localhost';
$_SERVER['SERVER_PORT'] = '80';
Yii::setAlias('@tests', dirname(dirname(__DIR__)));
\Codeception\Specify\Config::setDeepClone(false);
Yii::setAlias('@tests', dirname(__DIR__, 2));