Commit Graph

687 Commits

Author SHA1 Message Date
ErickSkrauch
f06354638e Disallow to perform oauth2 authentication for applications that have no corresponding type 2019-12-11 14:41:37 +03:00
ErickSkrauch
9da58beccf Add deprecation notices 2019-12-11 14:24:31 +03:00
ErickSkrauch
2caf0558de Use paragonie's Base64UrlSafe encoding library 2019-12-11 14:16:11 +03:00
ErickSkrauch
cda4be04a1 Fix condition when to store scopes from redis 2019-12-11 13:23:56 +03:00
ErickSkrauch
3c9050340e Add console command to migrate all oauth sessions scopes data from redis to db 2019-12-11 01:30:12 +03:00
ErickSkrauch
d27070630c Fix revokation validation. Add additional tests cases 2019-12-10 22:51:11 +03:00
ErickSkrauch
016a193263 Introduce revokation mechanism 2019-12-10 01:38:09 +03:00
ErickSkrauch
ba7fad84a0 Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever. 2019-12-09 19:31:54 +03:00
ErickSkrauch
efb97a2006 Set access tokens TTL depending on the requested scopes 2019-12-06 19:07:08 +03:00
ErickSkrauch
f0a73f2b7a Make tokens, created by client credentials grant to live forever 2019-12-06 18:31:04 +03:00
ErickSkrauch
6fb32ec76d Use libsodium to encrypt all data, related to OAuth2 2019-12-06 14:37:51 +03:00
ErickSkrauch
642db2e045 Use libsodium to encrypt data, stored in jwt tokens 2019-12-05 19:37:46 +03:00
ErickSkrauch
c3ffb08c4a Cleanup session server module 2019-12-05 01:15:45 +03:00
ErickSkrauch
25f1ca912c Fix tests 2019-12-05 00:52:36 +03:00
ErickSkrauch
a81ef5cac2 Replace separate minecraft access tokens with JWT 2019-12-04 21:10:15 +03:00
ErickSkrauch
060a4e960a Handle legacy refresh tokens 2019-12-04 13:40:12 +03:00
ErickSkrauch
a9a56c9e1d Extract encryption key into the configuration param 2019-12-04 13:24:30 +03:00
ErickSkrauch
72cbf16c97 Merge branch 'master' into oauth_jwt_tokens
# Conflicts:
#	api/components/OAuth2/Entities/AccessTokenEntity.php
#	api/components/OAuth2/Entities/RefreshTokenEntity.php
#	api/components/OAuth2/Grants/RefreshTokenGrant.php
#	api/components/OAuth2/Storage/SessionStorage.php
#	api/components/User/OAuth2Identity.php
2019-12-04 01:17:12 +03:00
ErickSkrauch
8dad8a3eeb Fix https detection on nginx from haproxy 2019-12-03 17:22:18 +03:00
ErickSkrauch
46b771a061 Fixes ACCOUNTS-5VE 2019-12-02 22:28:47 +03:00
ErickSkrauch
9557064a97 Fixes ACCOUNTS-5VF 2019-12-02 22:22:51 +03:00
ErickSkrauch
01028cf378 Fixes ACCOUNTS-5VC. Handle the case when there is missing session for access or refresh token 2019-12-02 22:15:52 +03:00
ErickSkrauch
22ef41ac7c Fixes ACCOUNTS-5V9. Handle case when access token don't have associated account 2019-12-02 21:15:18 +03:00
ErickSkrauch
a5f6a2d437 Tune nginx conf 2019-11-27 03:41:27 +03:00
ErickSkrauch
9f645d0934 Add CSP header 2019-11-26 22:47:22 +03:00
ErickSkrauch
9eea03df73 Enable gzip and brotli for all response types 2019-11-26 22:32:26 +03:00
ErickSkrauch
885729fcde Replace nginx image to enable gzpi and brotli encoding 2019-11-26 21:30:53 +03:00
ErickSkrauch
b47522e6f9 Fix CI for bitmani mariadb image 2019-11-15 20:09:19 +03:00
ErickSkrauch
2fe3ede4ea Replace basic mariadb image with the bitnami 2019-11-15 20:04:45 +03:00
ErickSkrauch
db8e13d749 Hotfix to handle Chrly's long responses 2019-11-09 17:46:27 +03:00
ErickSkrauch
e52dbdbf19 Do not include offline_access scope into access_token 2019-11-07 01:12:18 +03:00
ErickSkrauch
da318ef2ed Merge branch 'master' into oauth_jwt_tokens 2019-11-07 00:00:26 +03:00
ErickSkrauch
0dc8ca8c78 Define vars for cleanup step 2019-11-05 15:31:23 +03:00
ErickSkrauch
d8b68f7be0 Rename cleanup step [skip ci] 2019-11-05 15:28:18 +03:00
ErickSkrauch
6cd50f759c Fix gitlab-ci configuration 2019-11-05 15:27:07 +03:00
ErickSkrauch
80edf03b52 Upgrade PHP version to avoid CVE-2019-11043 2019-11-05 15:15:55 +03:00
ErickSkrauch
7505bc8262 Upgrade gitlab-ci 2019-11-05 15:10:37 +03:00
ErickSkrauch
22982b319b Fix all tests 2019-09-24 01:56:32 +03:00
ErickSkrauch
2beacd0827 Add tests for the legacy tokens, fix some tests cases [skip ci] 2019-09-23 01:03:36 +03:00
ErickSkrauch
a148da2ecf Add tests for the legacy tokens 2019-09-23 00:53:13 +03:00
ErickSkrauch
cf62c686b1 Rework identity provider for the legacy OAuth2 tokens [skip ci] 2019-09-22 19:24:22 +03:00
ErickSkrauch
c722c46ad5 Add support for the legacy refresh tokens, make the new refresh tokens non-expire [skip ci] 2019-09-22 02:42:08 +03:00
ErickSkrauch
5536c34b9c Restore full functionality of OAuth2 server [skip ci] 2019-09-22 00:19:11 +03:00
ErickSkrauch
45101d6453 Completely restored authorization_code grant for user side.
Reworked oauth_sessions table.
Added extension to use MariaDB's JSON columns.
Rewritten tests for authorization_code grant for client side.
Deprecate some old shit.
[skip ci]
2019-09-18 02:15:12 +03:00
ErickSkrauch
8a1d7148d0 Implemented public scopes repository. Fix some auth cases [skip ci] 2019-09-13 01:19:03 +03:00
ErickSkrauch
4dc2a3025b Rewrite tests for OAuth2 validate and auth code complete steps [skip ci] 2019-09-06 02:33:16 +03:00
ErickSkrauch
6c4ce8cb8d Increase cleanup timout for minecraft access tokens 2019-09-01 23:16:13 +03:00
ErickSkrauch
29fc267148 Do not delete minecraft access token after its validation 2019-09-01 23:10:47 +03:00
ErickSkrauch
0b63dc2d84 Upgrade oauth2-server to 8.0.0 version, rewrite repositories and entities, start rewriting tests. Intermediate commit [skip ci] 2019-08-23 11:28:04 +03:00
ErickSkrauch
23a220637c Define default value for AUTHSERVER_HOST 2019-08-08 02:49:04 +03:00