From 060a4e960a905364398223a94e335a1f0f478233 Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Wed, 4 Dec 2019 13:40:12 +0300
Subject: [PATCH] Handle legacy refresh tokens

---
 api/components/OAuth2/Grants/RefreshTokenGrant.php           | 5 +++++
 .../OAuth2/Repositories/RefreshTokenRepository.php           | 3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/components/OAuth2/Grants/RefreshTokenGrant.php b/api/components/OAuth2/Grants/RefreshTokenGrant.php
index 53d7b12..648ef69 100644
--- a/api/components/OAuth2/Grants/RefreshTokenGrant.php
+++ b/api/components/OAuth2/Grants/RefreshTokenGrant.php
@@ -46,6 +46,11 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
         return null;
     }
 
+    /**
+     * @param string $refreshToken
+     * @return array
+     * @throws OAuthServerException
+     */
     private function validateLegacyRefreshToken(string $refreshToken): array {
         $result = Yii::$app->redis->get("oauth:refresh:tokens:{$refreshToken}");
         if ($result === null) {
diff --git a/api/components/OAuth2/Repositories/RefreshTokenRepository.php b/api/components/OAuth2/Repositories/RefreshTokenRepository.php
index fc43c68..b1096ed 100644
--- a/api/components/OAuth2/Repositories/RefreshTokenRepository.php
+++ b/api/components/OAuth2/Repositories/RefreshTokenRepository.php
@@ -30,8 +30,7 @@ class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
     }
 
     public function isRefreshTokenRevoked($tokenId): bool {
-        // TODO: validate old refresh tokens
-        return !OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists();
+        return OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists() === false;
     }
 
 }