$id]); } /** * Finds user by password reset token * * @param string $token password reset token * * @return static|null * * TODO: этот метод нужно убрать из базовой модели */ public static function findByPasswordResetToken($token) { if (!static::isPasswordResetTokenValid($token)) { return null; } return static::findOne([ 'password_reset_token' => $token, 'status' => self::STATUS_ACTIVE, ]); } /** * Finds out if password reset token is valid * * @param string $token password reset token * * @return boolean * * TODO: этот метод нужно убрать из базовой модели */ public static function isPasswordResetTokenValid($token) { if (empty($token)) { return false; } $timestamp = (int) substr($token, strrpos($token, '_') + 1); $expire = Yii::$app->params['user.passwordResetTokenExpire']; return $timestamp + $expire >= time(); } /** * @inheritdoc */ public function getId() { return $this->getPrimaryKey(); } /** * @inheritdoc */ public function getAuthKey() { throw new NotSupportedException('This method used for cookie auth, except we using JWT tokens'); } /** * @inheritdoc */ public function validateAuthKey($authKey) { return $this->getAuthKey() === $authKey; } /** * Validates password * * @param string $password password to validate * @param integer $passwordHashStrategy * * @return bool if password provided is valid for current user * @throws InvalidConfigException */ public function validatePassword($password, $passwordHashStrategy = NULL) { if ($passwordHashStrategy === NULL) { $passwordHashStrategy = $this->password_hash_strategy; } switch($passwordHashStrategy) { case self::PASS_HASH_STRATEGY_OLD_ELY: $hashedPass = UserPass::make($this->email, $password); return $hashedPass === $this->password_hash; case self::PASS_HASH_STRATEGY_YII2: return Yii::$app->security->validatePassword($password, $this->password_hash); default: throw new InvalidConfigException('You must set valid password_hash_strategy before you can validate password'); } } /** * @param string $password * @throws InvalidConfigException */ public function setPassword($password) { $this->password_hash_strategy = self::PASS_HASH_STRATEGY_YII2; $this->password_hash = Yii::$app->security->generatePasswordHash($password); $this->password_changed_at = time(); } /** * Generates new password reset token * * TODO: этот метод нужно отсюда убрать */ public function generatePasswordResetToken() { $this->password_reset_token = Yii::$app->security->generateRandomString() . '_' . time(); } /** * Removes password reset token * * TODO: этот метод нужно отсюда убрать */ public function removePasswordResetToken() { $this->password_reset_token = null; } public function getEmailActivations() { return $this->hasMany(EmailActivation::class, ['id' => 'account_id']); } public function getSessions() { return $this->hasMany(OauthSession::class, ['owner_id' => 'id']); } /** * Метод проверяет, может ли текщий пользователь быть автоматически авторизован * для указанного клиента без запроса доступа к необходимому списку прав * * @param OauthClient $client * @param \League\OAuth2\Server\Entity\ScopeEntity[] $scopes * * @return bool */ public function canAutoApprove(OauthClient $client, array $scopes = []) { //if ($client->is_trusted) { // return true; //} /** @var OauthSession|null $session */ $session = $this->getSessions()->andWhere(['client_id' => $client->id])->one(); if ($session !== null) { $existScopes = $session->getScopes()->members(); if (empty(array_diff(array_keys($scopes), $existScopes))) { return true; } } return false; } /** * @inheritdoc */ protected static function getSecretKey() { return Yii::$app->params['jwtSecret']; } /** * Getter for "header" array that's used for generation of JWT * @return array JWT Header Token param, see http://jwt.io/ for details */ protected static function getHeaderToken() { return [ 'iss' => Yii::$app->request->hostInfo, 'aud' => Yii::$app->request->hostInfo, ]; } }