Implemented account deletion. Not all cases covered with tests [skip ci]

api/modules/authserver/models/AuthenticationForm.php

@@ -52,10 +52,14 @@ class AuthenticationForm extends ApiForm {
 
         Authserver::info("Trying to authenticate user by login = '{$this->username}'.");
 
+        // The previous authorization server implementation used the nickname field instead of username,
+        // so we keep such behavior
+        $attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
+
         $loginForm = new LoginForm();
         $loginForm->login = $this->username;
         $loginForm->password = $this->password;
-        if (!$loginForm->validate()) {
+        if (!$loginForm->validate() || $loginForm->getAccount()->status === Account::STATUS_DELETED) {
             $errors = $loginForm->getFirstErrors();
             if (isset($errors['totp'])) {
                 Authserver::error("User with login = '{$this->username}' protected by two factor auth.");
@@ -73,10 +77,6 @@ class AuthenticationForm extends ApiForm {
                 Authserver::error("User with login = '{$this->username}' passed wrong password.");
             }
 
-            // The previous authorization server implementation used the nickname field instead of username,
-            // so we keep such behavior
-            $attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
-
             // TODO: эта логика дублируется с логикой в SignoutForm
 
             throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");

api/modules/authserver/models/RefreshTokenForm.php

@@ -62,7 +62,7 @@ class RefreshTokenForm extends ApiForm {
             $account = Account::findOne(['id' => $tokenReader->getAccountId()]);
         }
 
-        if ($account === null) {
+        if ($account === null || $account->status === Account::STATUS_DELETED) {
             throw new ForbiddenOperationException('Invalid token.');
         }
 

api/modules/authserver/validators/AccessTokenValidator.php

@@ -13,10 +13,7 @@ use yii\validators\Validator;
 
 class AccessTokenValidator extends Validator {
 
-    /**
-     * @var bool
-     */
-    public $verifyExpiration = true;
+    public bool $verifyExpiration = true;
 
     /**
      * @param string $value