Implemented desktop application type

This commit is contained in:
ErickSkrauch
2025-01-15 14:13:08 +01:00
parent 3bba99a757
commit 1c2969a4be
22 changed files with 183 additions and 214 deletions

View File

@@ -94,7 +94,7 @@ class ClientsController extends Controller {
$client = new OauthClient(); $client = new OauthClient();
$client->account_id = $account->id; $client->account_id = $account->id;
$client->type = $type; $client->type = $type; // @phpstan-ignore assign.propertyType (this value will be validated in the createForm())
$requestModel = $this->createForm($client); $requestModel = $this->createForm($client);
$requestModel->load(Yii::$app->request->post()); $requestModel->load(Yii::$app->request->post());
$form = new OauthClientForm($client); $form = new OauthClientForm($client);
@@ -163,7 +163,7 @@ class ClientsController extends Controller {
/** @var \common\models\OauthSession[] $oauthSessions */ /** @var \common\models\OauthSession[] $oauthSessions */
$oauthSessions = $account->getOauthSessions() $oauthSessions = $account->getOauthSessions()
->innerJoinWith(['client c' => function(ActiveQuery $query): void { ->innerJoinWith(['client c' => function(ActiveQuery $query): void {
$query->andOnCondition(['c.type' => OauthClient::TYPE_APPLICATION]); $query->andOnCondition(['c.type' => OauthClient::TYPE_WEB_APPLICATION]);
}]) }])
->andWhere([ ->andWhere([
'OR', 'OR',
@@ -206,10 +206,12 @@ class ClientsController extends Controller {
return ['success' => true]; return ['success' => true];
} }
/**
* @return array<string, mixed>
*/
private function formatClient(OauthClient $client): array { private function formatClient(OauthClient $client): array {
$result = [ $result = [
'clientId' => $client->id, 'clientId' => $client->id,
'clientSecret' => $client->secret,
'type' => $client->type, 'type' => $client->type,
'name' => $client->name, 'name' => $client->name,
'websiteUrl' => $client->website_url, 'websiteUrl' => $client->website_url,
@@ -217,12 +219,18 @@ class ClientsController extends Controller {
]; ];
switch ($client->type) { switch ($client->type) {
case OauthClient::TYPE_APPLICATION: case OauthClient::TYPE_WEB_APPLICATION:
$result['clientSecret'] = $client->secret;
$result['description'] = $client->description; $result['description'] = $client->description;
$result['redirectUri'] = $client->redirect_uri; $result['redirectUri'] = $client->redirect_uri;
$result['countUsers'] = (int)$client->getSessions()->count(); $result['countUsers'] = (int)$client->getSessions()->count();
break; break;
case OauthClient::TYPE_DESKTOP_APPLICATION:
$result['description'] = $client->description;
$result['countUsers'] = (int)$client->getSessions()->count();
break;
case OauthClient::TYPE_MINECRAFT_SERVER: case OauthClient::TYPE_MINECRAFT_SERVER:
$result['clientSecret'] = $client->secret;
$result['minecraftServerIp'] = $client->minecraft_server_ip; $result['minecraftServerIp'] = $client->minecraft_server_ip;
break; break;
} }

View File

@@ -9,9 +9,9 @@ use common\models\OauthClient;
abstract class BaseOauthClientType extends ApiForm implements OauthClientTypeForm { abstract class BaseOauthClientType extends ApiForm implements OauthClientTypeForm {
public $name; public mixed $name = null;
public $websiteUrl; public mixed $websiteUrl = null;
public function rules(): array { public function rules(): array {
return [ return [

View File

@@ -0,0 +1,24 @@
<?php
declare(strict_types=1);
namespace api\modules\oauth\models;
use common\models\OauthClient;
use yii\helpers\ArrayHelper;
final class DesktopApplicationType extends BaseOauthClientType {
public mixed $description = null;
public function rules(): array {
return ArrayHelper::merge(parent::rules(), [
['description', 'string'],
]);
}
public function applyToClient(OauthClient $client): void {
parent::applyToClient($client);
$client->description = $this->description;
}
}

View File

@@ -6,27 +6,30 @@ namespace api\modules\oauth\models;
use api\modules\oauth\exceptions\UnsupportedOauthClientType; use api\modules\oauth\exceptions\UnsupportedOauthClientType;
use common\models\OauthClient; use common\models\OauthClient;
class OauthClientFormFactory { final class OauthClientFormFactory {
/** /**
* @param OauthClient $client
*
* @return OauthClientTypeForm
* @throws UnsupportedOauthClientType * @throws UnsupportedOauthClientType
*/ */
public static function create(OauthClient $client): OauthClientTypeForm { public static function create(OauthClient $client): OauthClientTypeForm {
return match ($client->type) { return match ($client->type) {
OauthClient::TYPE_APPLICATION => new ApplicationType([ OauthClient::TYPE_WEB_APPLICATION => new WebApplicationType([
'name' => $client->name, 'name' => $client->name,
'websiteUrl' => $client->website_url, 'websiteUrl' => $client->website_url,
'description' => $client->description, 'description' => $client->description,
'redirectUri' => $client->redirect_uri, 'redirectUri' => $client->redirect_uri,
]), ]),
OauthClient::TYPE_DESKTOP_APPLICATION => new DesktopApplicationType([
'name' => $client->name,
'description' => $client->description,
'websiteUrl' => $client->website_url,
]),
OauthClient::TYPE_MINECRAFT_SERVER => new MinecraftServerType([ OauthClient::TYPE_MINECRAFT_SERVER => new MinecraftServerType([
'name' => $client->name, 'name' => $client->name,
'websiteUrl' => $client->website_url, 'websiteUrl' => $client->website_url,
'minecraftServerIp' => $client->minecraft_server_ip, 'minecraftServerIp' => $client->minecraft_server_ip,
]), ]),
// @phpstan-ignore match.unreachable (Not quite correct code, but the value comes from the user and might be not expected)
default => throw new UnsupportedOauthClientType($client->type), default => throw new UnsupportedOauthClientType($client->type),
}; };
} }

View File

@@ -3,21 +3,20 @@ declare(strict_types=1);
namespace api\modules\oauth\models; namespace api\modules\oauth\models;
use Closure;
use common\helpers\Error as E; use common\helpers\Error as E;
use common\models\OauthClient; use common\models\OauthClient;
use yii\helpers\ArrayHelper; use yii\helpers\ArrayHelper;
final class ApplicationType extends BaseOauthClientType { final class WebApplicationType extends BaseOauthClientType {
public $description; public mixed $description = null;
public $redirectUri; public mixed $redirectUri = null;
public function rules(): array { public function rules(): array {
return ArrayHelper::merge(parent::rules(), [ return ArrayHelper::merge(parent::rules(), [
['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED], ['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED],
['redirectUri', Closure::fromCallable([$this, 'validateUrl'])], ['redirectUri', $this->validateUrl(...)],
['description', 'string'], ['description', 'string'],
]); ]);
} }

View File

@@ -1,54 +0,0 @@
<?php
declare(strict_types=1);
namespace api\tests\_pages;
/**
* @deprecated
* TODO: remove
*/
class OauthRoute extends BasePage {
/**
* @deprecated
*/
public function createClient(string $type, array $postParams): void {
$this->getActor()->sendPOST('/api/v1/oauth2/' . $type, $postParams);
}
/**
* @deprecated
*/
public function updateClient(string $clientId, array $params): void {
$this->getActor()->sendPUT('/api/v1/oauth2/' . $clientId, $params);
}
/**
* @deprecated
*/
public function deleteClient(string $clientId): void {
$this->getActor()->sendDELETE('/api/v1/oauth2/' . $clientId);
}
/**
* @deprecated
*/
public function resetClient(string $clientId, bool $regenerateSecret = false): void {
$this->getActor()->sendPOST("/api/v1/oauth2/{$clientId}/reset" . ($regenerateSecret ? '?regenerateSecret' : ''));
}
/**
* @deprecated
*/
public function getClient(string $clientId): void {
$this->getActor()->sendGET("/api/v1/oauth2/{$clientId}");
}
/**
* @deprecated
*/
public function getPerAccount(int $accountId): void {
$this->getActor()->sendGET("/api/v1/accounts/{$accountId}/oauth2/clients");
}
}

View File

@@ -3,20 +3,13 @@ declare(strict_types=1);
namespace api\tests\functional\dev\applications; namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
final class CreateClientCest { final class CreateClientCest {
private OauthRoute $route; public function testCreateWebApplication(FunctionalTester $I): void {
public function _before(FunctionalTester $I): void {
$this->route = new OauthRoute($I);
}
public function testCreateApplication(FunctionalTester $I): void {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->createClient('application', [ $I->sendPOST('/api/v1/oauth2/application', [
'name' => 'My admin application', 'name' => 'My admin application',
'description' => 'Application description.', 'description' => 'Application description.',
'redirectUri' => 'http://some-site.com/oauth/ely', 'redirectUri' => 'http://some-site.com/oauth/ely',
@@ -39,9 +32,33 @@ final class CreateClientCest {
$I->canSeeResponseJsonMatchesJsonPath('$.data.createdAt'); $I->canSeeResponseJsonMatchesJsonPath('$.data.createdAt');
} }
public function testCreateDesktopApplication(FunctionalTester $I): void {
$I->amAuthenticated('admin');
$I->sendPOST('/api/v1/oauth2/desktop-application', [
'name' => 'Mega Launcher',
'description' => "Launcher's description.",
'websiteUrl' => 'http://mega-launcher.com',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([
'success' => true,
'data' => [
'clientId' => 'mega-launcher',
'type' => 'desktop-application',
'name' => 'Mega Launcher',
'description' => "Launcher's description.",
'websiteUrl' => 'http://mega-launcher.com',
'countUsers' => 0,
],
]);
$I->cantSeeResponseJsonMatchesJsonPath('$.data.clientSecret');
$I->canSeeResponseJsonMatchesJsonPath('$.data.createdAt');
}
public function testCreateMinecraftServer(FunctionalTester $I): void { public function testCreateMinecraftServer(FunctionalTester $I): void {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->createClient('minecraft-server', [ $I->sendPOST('/api/v1/oauth2/minecraft-server', [
'name' => 'My amazing server', 'name' => 'My amazing server',
'websiteUrl' => 'http://some-site.com', 'websiteUrl' => 'http://some-site.com',
'minecraftServerIp' => 'hypixel.com:25565', 'minecraftServerIp' => 'hypixel.com:25565',
@@ -64,7 +81,7 @@ final class CreateClientCest {
public function testCreateApplicationWithTheSameNameAsDeletedApp(FunctionalTester $I): void { public function testCreateApplicationWithTheSameNameAsDeletedApp(FunctionalTester $I): void {
$I->wantTo('create application with the same name as the recently deleted application'); $I->wantTo('create application with the same name as the recently deleted application');
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->createClient('application', [ $I->sendPOST('/api/v1/oauth2/application', [
'name' => 'Deleted OAuth Client', 'name' => 'Deleted OAuth Client',
'description' => '', 'description' => '',
'redirectUri' => 'http://some-site.com/oauth/ely', 'redirectUri' => 'http://some-site.com/oauth/ely',
@@ -82,8 +99,7 @@ final class CreateClientCest {
public function testCreateApplicationWithWrongParams(FunctionalTester $I): void { public function testCreateApplicationWithWrongParams(FunctionalTester $I): void {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$I->sendPOST('/api/v1/oauth2/application', []);
$this->route->createClient('application', []);
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([
'success' => false, 'success' => false,

View File

@@ -3,20 +3,13 @@ declare(strict_types=1);
namespace api\tests\functional\dev\applications; namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
class DeleteClientCest { final class DeleteClientCest {
private OauthRoute $route;
public function _before(FunctionalTester $I): void {
$this->route = new OauthRoute($I);
}
public function testDelete(FunctionalTester $I): void { public function testDelete(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->deleteClient('first-test-oauth-client'); $I->sendDELETE('/api/v1/oauth2/first-test-oauth-client');
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([

View File

@@ -3,20 +3,13 @@ declare(strict_types=1);
namespace api\tests\functional\dev\applications; namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
class GetClientsCest { final class GetClientsCest {
private OauthRoute $route;
public function _before(FunctionalTester $I): void {
$this->route = new OauthRoute($I);
}
public function testGet(FunctionalTester $I): void { public function testGet(FunctionalTester $I): void {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->getClient('admin-oauth-client'); $I->sendGET('/api/v1/oauth2/admin-oauth-client');
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([
@@ -33,7 +26,7 @@ class GetClientsCest {
public function testGetNotOwn(FunctionalTester $I): void { public function testGetNotOwn(FunctionalTester $I): void {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->getClient('another-test-oauth-client'); $I->sendGET('/api/v1/oauth2/another-test-oauth-client');
$I->canSeeResponseCodeIs(403); $I->canSeeResponseCodeIs(403);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([
@@ -44,8 +37,8 @@ class GetClientsCest {
} }
public function testGetAllPerAccountList(FunctionalTester $I): void { public function testGetAllPerAccountList(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $accountId = $I->amAuthenticated('TwoOauthClients');
$this->route->getPerAccount(14); $I->sendGET("/api/v1/accounts/{$accountId}/oauth2/clients");
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([
@@ -74,7 +67,7 @@ class GetClientsCest {
public function testGetAllPerNotOwnAccount(FunctionalTester $I): void { public function testGetAllPerNotOwnAccount(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->getPerAccount(1); $I->sendGET('/api/v1/accounts/1/oauth2/clients');
$I->canSeeResponseCodeIs(403); $I->canSeeResponseCodeIs(403);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([

View File

@@ -3,20 +3,13 @@ declare(strict_types=1);
namespace api\tests\functional\dev\applications; namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
class ResetClientCest { final class ResetClientCest {
private OauthRoute $route;
public function _before(FunctionalTester $I): void {
$this->route = new OauthRoute($I);
}
public function testReset(FunctionalTester $I): void { public function testReset(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->resetClient('first-test-oauth-client'); $I->sendPOST('/api/v1/oauth2/first-test-oauth-client/reset');
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([
@@ -36,7 +29,7 @@ class ResetClientCest {
public function testResetWithSecretChanging(FunctionalTester $I): void { public function testResetWithSecretChanging(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->resetClient('first-test-oauth-client', true); $I->sendPOST('/api/v1/oauth2/first-test-oauth-client/reset?regenerateSecret');
$I->canSeeResponseCodeIs(200); $I->canSeeResponseCodeIs(200);
$I->canSeeResponseIsJson(); $I->canSeeResponseIsJson();
$I->canSeeResponseContainsJson([ $I->canSeeResponseContainsJson([

View File

@@ -3,20 +3,13 @@ declare(strict_types=1);
namespace api\tests\functional\dev\applications; namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
class UpdateClientCest { final class UpdateClientCest {
private OauthRoute $route; public function testUpdateWebApplication(FunctionalTester $I): void {
public function _before(FunctionalTester $I): void {
$this->route = new OauthRoute($I);
}
public function testUpdateApplication(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->updateClient('first-test-oauth-client', [ $I->sendPUT('/api/v1/oauth2/first-test-oauth-client', [
'name' => 'Updated name', 'name' => 'Updated name',
'description' => 'Updated description.', 'description' => 'Updated description.',
'redirectUri' => 'http://new-site.com/oauth/ely', 'redirectUri' => 'http://new-site.com/oauth/ely',
@@ -41,7 +34,7 @@ class UpdateClientCest {
public function testUpdateMinecraftServer(FunctionalTester $I): void { public function testUpdateMinecraftServer(FunctionalTester $I): void {
$I->amAuthenticated('TwoOauthClients'); $I->amAuthenticated('TwoOauthClients');
$this->route->updateClient('another-test-oauth-client', [ $I->sendPUT('/api/v1/oauth2/another-test-oauth-client', [
'name' => 'Updated server name', 'name' => 'Updated server name',
'websiteUrl' => 'http://new-site.com', 'websiteUrl' => 'http://new-site.com',
'minecraftServerIp' => 'hypixel.com:25565', 'minecraftServerIp' => 'hypixel.com:25565',

View File

@@ -7,7 +7,7 @@ use api\modules\oauth\models\BaseOauthClientType;
use api\tests\unit\TestCase; use api\tests\unit\TestCase;
use common\models\OauthClient; use common\models\OauthClient;
class BaseOauthClientTypeTest extends TestCase { final class BaseOauthClientTypeTest extends TestCase {
public function testApplyTyClient(): void { public function testApplyTyClient(): void {
$client = new OauthClient(); $client = new OauthClient();

View File

@@ -1,11 +1,13 @@
<?php <?php
declare(strict_types=1);
namespace api\tests\unit\modules\oauth\models; namespace api\tests\unit\modules\oauth\models;
use api\modules\oauth\models\MinecraftServerType; use api\modules\oauth\models\MinecraftServerType;
use api\tests\unit\TestCase; use api\tests\unit\TestCase;
use common\models\OauthClient; use common\models\OauthClient;
class MinecraftServerTypeTest extends TestCase { final class MinecraftServerTypeTest extends TestCase {
public function testApplyToClient(): void { public function testApplyToClient(): void {
$model = new MinecraftServerType(); $model = new MinecraftServerType();

View File

@@ -4,29 +4,46 @@ declare(strict_types=1);
namespace api\tests\unit\modules\oauth\models; namespace api\tests\unit\modules\oauth\models;
use api\modules\oauth\exceptions\UnsupportedOauthClientType; use api\modules\oauth\exceptions\UnsupportedOauthClientType;
use api\modules\oauth\models\ApplicationType; use api\modules\oauth\models\DesktopApplicationType;
use api\modules\oauth\models\MinecraftServerType; use api\modules\oauth\models\MinecraftServerType;
use api\modules\oauth\models\OauthClientFormFactory; use api\modules\oauth\models\OauthClientFormFactory;
use api\modules\oauth\models\WebApplicationType;
use api\tests\unit\TestCase; use api\tests\unit\TestCase;
use common\models\OauthClient; use common\models\OauthClient;
class OauthClientFormFactoryTest extends TestCase { final class OauthClientFormFactoryTest extends TestCase {
public function testCreate(): void { public function testCreateWebApplication(): void {
$client = new OauthClient(); $client = new OauthClient();
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$client->name = 'Application name'; $client->name = 'Application name';
$client->description = 'Application description.'; $client->description = 'Application description.';
$client->website_url = 'http://example.com'; $client->website_url = 'http://example.com';
$client->redirect_uri = 'http://example.com/oauth/ely'; $client->redirect_uri = 'http://example.com/oauth/ely';
/** @var ApplicationType $requestForm */ /** @var WebApplicationType $requestForm */
$requestForm = OauthClientFormFactory::create($client); $requestForm = OauthClientFormFactory::create($client);
$this->assertInstanceOf(ApplicationType::class, $requestForm); $this->assertInstanceOf(WebApplicationType::class, $requestForm);
$this->assertSame('Application name', $requestForm->name); $this->assertSame('Application name', $requestForm->name);
$this->assertSame('Application description.', $requestForm->description); $this->assertSame('Application description.', $requestForm->description);
$this->assertSame('http://example.com', $requestForm->websiteUrl); $this->assertSame('http://example.com', $requestForm->websiteUrl);
$this->assertSame('http://example.com/oauth/ely', $requestForm->redirectUri); $this->assertSame('http://example.com/oauth/ely', $requestForm->redirectUri);
}
public function testCreateDesktopApplication(): void {
$client = new OauthClient();
$client->type = OauthClient::TYPE_DESKTOP_APPLICATION;
$client->name = 'Application name';
$client->description = 'Application description.';
$client->website_url = 'http://example.com';
/** @var \api\modules\oauth\models\DesktopApplicationType $requestForm */
$requestForm = OauthClientFormFactory::create($client);
$this->assertInstanceOf(DesktopApplicationType::class, $requestForm);
$this->assertSame('Application name', $requestForm->name);
$this->assertSame('Application description.', $requestForm->description);
$this->assertSame('http://example.com', $requestForm->websiteUrl);
}
public function testCreateMinecraftServer(): void {
$client = new OauthClient(); $client = new OauthClient();
$client->type = OauthClient::TYPE_MINECRAFT_SERVER; $client->type = OauthClient::TYPE_MINECRAFT_SERVER;
$client->name = 'Server name'; $client->name = 'Server name';
@@ -44,7 +61,7 @@ class OauthClientFormFactoryTest extends TestCase {
$this->expectException(UnsupportedOauthClientType::class); $this->expectException(UnsupportedOauthClientType::class);
$client = new OauthClient(); $client = new OauthClient();
$client->type = 'unknown-type'; $client->type = 'unknown-type'; // @phpstan-ignore assign.propertyType (its alright for tests)
OauthClientFormFactory::create($client); OauthClientFormFactory::create($client);
} }

View File

@@ -9,13 +9,13 @@ use api\tests\unit\TestCase;
use common\models\OauthClient; use common\models\OauthClient;
use common\tasks\ClearOauthSessions; use common\tasks\ClearOauthSessions;
class OauthClientFormTest extends TestCase { final class OauthClientFormTest extends TestCase {
public function testSave(): void { public function testSave(): void {
$client = $this->createPartialMock(OauthClient::class, ['save']); $client = $this->createPartialMock(OauthClient::class, ['save']);
$client->method('save')->willReturn(true); $client->method('save')->willReturn(true);
$client->account_id = 1; $client->account_id = 1;
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$client->name = 'Test application'; $client->name = 'Test application';
$form = $this->createPartialMock(OauthClientForm::class, ['getClient', 'isClientExists']); $form = $this->createPartialMock(OauthClientForm::class, ['getClient', 'isClientExists']);
@@ -39,7 +39,7 @@ class OauthClientFormTest extends TestCase {
$client->id = 'application-id'; $client->id = 'application-id';
$client->secret = 'application_secret'; $client->secret = 'application_secret';
$client->account_id = 1; $client->account_id = 1;
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$client->name = 'Application name'; $client->name = 'Application name';
$client->description = 'Application description'; $client->description = 'Application description';
$client->redirect_uri = 'http://example.com/oauth/ely'; $client->redirect_uri = 'http://example.com/oauth/ely';
@@ -81,7 +81,7 @@ class OauthClientFormTest extends TestCase {
$client = $this->createPartialMock(OauthClient::class, ['save']); $client = $this->createPartialMock(OauthClient::class, ['save']);
$client->method('save')->willReturn(true); $client->method('save')->willReturn(true);
$client->id = 'mocked-id'; $client->id = 'mocked-id';
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$form = new OauthClientForm($client); $form = new OauthClientForm($client);
$this->assertTrue($form->delete()); $this->assertTrue($form->delete());
@@ -98,7 +98,7 @@ class OauthClientFormTest extends TestCase {
$client->method('save')->willReturn(true); $client->method('save')->willReturn(true);
$client->id = 'mocked-id'; $client->id = 'mocked-id';
$client->secret = 'initial_secret'; $client->secret = 'initial_secret';
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$form = new OauthClientForm($client); $form = new OauthClientForm($client);
$this->assertTrue($form->reset()); $this->assertTrue($form->reset());
@@ -115,7 +115,7 @@ class OauthClientFormTest extends TestCase {
$client->method('save')->willReturn(true); $client->method('save')->willReturn(true);
$client->id = 'mocked-id'; $client->id = 'mocked-id';
$client->secret = 'initial_secret'; $client->secret = 'initial_secret';
$client->type = OauthClient::TYPE_APPLICATION; $client->type = OauthClient::TYPE_WEB_APPLICATION;
$form = new OauthClientForm($client); $form = new OauthClientForm($client);
$this->assertTrue($form->reset(true)); $this->assertTrue($form->reset(true));

View File

@@ -1,14 +1,16 @@
<?php <?php
declare(strict_types=1);
namespace api\tests\unit\modules\oauth\models; namespace api\tests\unit\modules\oauth\models;
use api\modules\oauth\models\ApplicationType; use api\modules\oauth\models\WebApplicationType;
use api\tests\unit\TestCase; use api\tests\unit\TestCase;
use common\models\OauthClient; use common\models\OauthClient;
class ApplicationTypeTest extends TestCase { final class WebApplicationTypeTest extends TestCase {
public function testApplyToClient(): void { public function testApplyToClient(): void {
$model = new ApplicationType(); $model = new WebApplicationType();
$model->name = 'Application name'; $model->name = 'Application name';
$model->websiteUrl = 'http://example.com'; $model->websiteUrl = 'http://example.com';
$model->redirectUri = 'http://example.com/oauth/ely'; $model->redirectUri = 'http://example.com/oauth/ely';

View File

@@ -31,7 +31,6 @@ final class AuthorizationServerFactory {
); );
/** @noinspection PhpUnhandledExceptionInspection */ /** @noinspection PhpUnhandledExceptionInspection */
$authCodeGrant = new Grants\AuthCodeGrant($authCodesRepo, $refreshTokensRepo, new DateInterval('PT10M')); $authCodeGrant = new Grants\AuthCodeGrant($authCodesRepo, $refreshTokensRepo, new DateInterval('PT10M'));
$authCodeGrant->disableRequireCodeChallengeForPublicClients();
$authServer->enableGrantType($authCodeGrant, $accessTokenTTL); $authServer->enableGrantType($authCodeGrant, $accessTokenTTL);
$authCodeGrant->setScopeRepository($publicScopesRepo); // Change repository after enabling $authCodeGrant->setScopeRepository($publicScopesRepo); // Change repository after enabling

View File

@@ -20,7 +20,8 @@ final class ClientEntity implements ClientEntityInterface {
string $id, string $id,
string $name, string $name,
string|array $redirectUri, string|array $redirectUri,
private readonly bool $isTrusted, private readonly bool $isTrusted = false,
public readonly ?OauthClient $model = null,
) { ) {
$this->identifier = $id; $this->identifier = $id;
$this->name = $name; $this->name = $name;
@@ -29,15 +30,20 @@ final class ClientEntity implements ClientEntityInterface {
public static function fromModel(OauthClient $model): self { public static function fromModel(OauthClient $model): self {
return new self( return new self(
$model->id, // @phpstan-ignore argument.type id: $model->id, // @phpstan-ignore argument.type
$model->name, name: $model->name,
$model->redirect_uri ?: '', redirectUri: $model->redirect_uri ?: '',
(bool)$model->is_trusted, isTrusted: (bool)$model->is_trusted,
model: $model,
); );
} }
public function isConfidential(): bool { public function isConfidential(): bool {
return true; return match ($this->model->type) {
OauthClient::TYPE_WEB_APPLICATION => true,
OauthClient::TYPE_DESKTOP_APPLICATION => false,
OauthClient::TYPE_MINECRAFT_SERVER => true,
};
} }
public function isTrusted(): bool { public function isTrusted(): bool {

View File

@@ -3,6 +3,8 @@ declare(strict_types=1);
namespace common\components\OAuth2\Grants; namespace common\components\OAuth2\Grants;
use common\components\OAuth2\Entities\ClientEntity;
use common\models\OauthClient;
use League\OAuth2\Server\Entities\ClientEntityInterface; use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\EventEmitting\EventEmitter; use League\OAuth2\Server\EventEmitting\EventEmitter;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
@@ -14,17 +16,37 @@ trait ValidateRedirectUriTrait {
abstract public function getEmitter(): EventEmitter; abstract public function getEmitter(): EventEmitter;
/**
* Override the original method since we need a custom validation logic based on the client type.
* @inheritDoc
*/
protected function validateRedirectUri( protected function validateRedirectUri(
string $redirectUri, string $redirectUri,
ClientEntityInterface $client, ClientEntityInterface $client,
ServerRequestInterface $request, ServerRequestInterface $request,
): void { ): void {
$allowedRedirectUris = (array)$client->getRedirectUri(); if ($client instanceof ClientEntity && $client->model?->type === OauthClient::TYPE_DESKTOP_APPLICATION) {
foreach ($allowedRedirectUris as $allowedRedirectUri) { $uri = parse_url($redirectUri);
if ($uri) {
// Allow any custom scheme, that is not http
if ($uri['scheme'] !== 'http' && $uri['scheme'] !== 'https') {
return;
}
// If it's a http, than should allow only redirection to the local machine
if (in_array($uri['host'], ['localhost', '127.0.0.1', '[::1]'])) {
return;
}
}
} else {
// The original implementation checks url too strictly (port and path must exactly match).
// It's nice to have, but we made it this way earlier and so we must keep the same behavior as long as possible
foreach ((array)$client->getRedirectUri() as $allowedRedirectUri) {
if (StringHelper::startsWith($redirectUri, $allowedRedirectUri)) { if (StringHelper::startsWith($redirectUri, $allowedRedirectUri)) {
return; return;
} }
} }
}
$this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request)); $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));

View File

@@ -25,11 +25,11 @@ final class ClientRepository implements ClientRepositoryInterface {
return false; return false;
} }
if ($client->type !== OauthClient::TYPE_APPLICATION) { if (!in_array($client->type, [OauthClient::TYPE_WEB_APPLICATION, OauthClient::TYPE_DESKTOP_APPLICATION], true)) {
return false; return false;
} }
if (!empty($clientSecret) && $clientSecret !== $client->secret) { if ($client->type === OauthClient::TYPE_WEB_APPLICATION && !empty($clientSecret) && $clientSecret !== $client->secret) {
return false; return false;
} }
@@ -37,12 +37,7 @@ final class ClientRepository implements ClientRepositoryInterface {
} }
private function findModel(string $id): ?OauthClient { private function findModel(string $id): ?OauthClient {
$client = OauthClient::findOne(['id' => $id]); return OauthClient::findOne(['id' => $id]);
if ($client === null || $client->type !== OauthClient::TYPE_APPLICATION) {
return null;
}
return $client;
} }
} }

View File

@@ -12,7 +12,7 @@ use yii\db\ActiveRecord;
* Fields: * Fields:
* @property string $id * @property string $id
* @property string $secret * @property string $secret
* @property string $type * @property self::TYPE_* $type
* @property string $name * @property string $name
* @property string $description * @property string $description
* @property string|null $redirect_uri * @property string|null $redirect_uri
@@ -29,14 +29,14 @@ use yii\db\ActiveRecord;
*/ */
class OauthClient extends ActiveRecord { class OauthClient extends ActiveRecord {
public const TYPE_APPLICATION = 'application'; public const string TYPE_WEB_APPLICATION = 'application';
public const TYPE_MINECRAFT_SERVER = 'minecraft-server'; public const string TYPE_DESKTOP_APPLICATION = 'desktop-application';
public const TYPE_MINECRAFT_GAME_LAUNCHER = 'minecraft-game-launcher'; public const string TYPE_MINECRAFT_SERVER = 'minecraft-server';
/** /**
* Abstract oauth_client, used to * Abstract oauth_client, used to
*/ */
public const UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER = 'unauthorized_minecraft_game_launcher'; public const string UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER = 'unauthorized_minecraft_game_launcher';
public static function tableName(): string { public static function tableName(): string {
return 'oauth_clients'; return 'oauth_clients';
@@ -55,10 +55,13 @@ class OauthClient extends ActiveRecord {
$this->secret = Yii::$app->security->generateRandomString(64); $this->secret = Yii::$app->security->generateRandomString(64);
} }
public function getAccount(): ActiveQuery { public function getAccount(): AccountQuery {
return $this->hasOne(Account::class, ['id' => 'account_id']); return $this->hasOne(Account::class, ['id' => 'account_id']);
} }
/**
* @return \yii\db\ActiveQuery<\common\models\OauthSession>
*/
public function getSessions(): ActiveQuery { public function getSessions(): ActiveQuery {
return $this->hasMany(OauthSession::class, ['client_id' => 'id']); return $this->hasMany(OauthSession::class, ['client_id' => 'id']);
} }

View File

@@ -475,21 +475,6 @@ parameters:
count: 1 count: 1
path: api/modules/oauth/controllers/AuthorizationController.php path: api/modules/oauth/controllers/AuthorizationController.php
-
message: "#^Method api\\\\modules\\\\oauth\\\\controllers\\\\ClientsController\\:\\:formatClient\\(\\) return type has no value type specified in iterable type array\\.$#"
count: 1
path: api/modules/oauth/controllers/ClientsController.php
-
message: "#^Property api\\\\modules\\\\oauth\\\\models\\\\ApplicationType\\:\\:\\$description has no type specified\\.$#"
count: 1
path: api/modules/oauth/models/ApplicationType.php
-
message: "#^Property api\\\\modules\\\\oauth\\\\models\\\\ApplicationType\\:\\:\\$redirectUri has no type specified\\.$#"
count: 1
path: api/modules/oauth/models/ApplicationType.php
- -
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\BaseOauthClientType\\:\\:getValidationErrors\\(\\) return type has no value type specified in iterable type array\\.$#" message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\BaseOauthClientType\\:\\:getValidationErrors\\(\\) return type has no value type specified in iterable type array\\.$#"
count: 1 count: 1
@@ -500,16 +485,6 @@ parameters:
count: 1 count: 1
path: api/modules/oauth/models/BaseOauthClientType.php path: api/modules/oauth/models/BaseOauthClientType.php
-
message: "#^Property api\\\\modules\\\\oauth\\\\models\\\\BaseOauthClientType\\:\\:\\$name has no type specified\\.$#"
count: 1
path: api/modules/oauth/models/BaseOauthClientType.php
-
message: "#^Property api\\\\modules\\\\oauth\\\\models\\\\BaseOauthClientType\\:\\:\\$websiteUrl has no type specified\\.$#"
count: 1
path: api/modules/oauth/models/BaseOauthClientType.php
- -
message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\IdentityInfo\\:\\:info\\(\\) return type has no value type specified in iterable type array\\.$#" message: "#^Method api\\\\modules\\\\oauth\\\\models\\\\IdentityInfo\\:\\:info\\(\\) return type has no value type specified in iterable type array\\.$#"
count: 1 count: 1
@@ -720,16 +695,6 @@ parameters:
count: 1 count: 1
path: api/tests/_pages/MojangApiRoute.php path: api/tests/_pages/MojangApiRoute.php
-
message: "#^Method api\\\\tests\\\\_pages\\\\OauthRoute\\:\\:createClient\\(\\) has parameter \\$postParams with no value type specified in iterable type array\\.$#"
count: 1
path: api/tests/_pages/OauthRoute.php
-
message: "#^Method api\\\\tests\\\\_pages\\\\OauthRoute\\:\\:updateClient\\(\\) has parameter \\$params with no value type specified in iterable type array\\.$#"
count: 1
path: api/tests/_pages/OauthRoute.php
- -
message: "#^Method api\\\\tests\\\\_pages\\\\SessionServerRoute\\:\\:hasJoined\\(\\) has parameter \\$params with no value type specified in iterable type array\\.$#" message: "#^Method api\\\\tests\\\\_pages\\\\SessionServerRoute\\:\\:hasJoined\\(\\) has parameter \\$params with no value type specified in iterable type array\\.$#"
count: 1 count: 1
@@ -1350,16 +1315,6 @@ parameters:
count: 1 count: 1
path: common/models/EmailActivation.php path: common/models/EmailActivation.php
-
message: "#^Method common\\\\models\\\\OauthClient\\:\\:getAccount\\(\\) return type with generic class yii\\\\db\\\\ActiveQuery does not specify its types\\: T$#"
count: 1
path: common/models/OauthClient.php
-
message: "#^Method common\\\\models\\\\OauthClient\\:\\:getSessions\\(\\) return type with generic class yii\\\\db\\\\ActiveQuery does not specify its types\\: T$#"
count: 1
path: common/models/OauthClient.php
- -
message: "#^Class common\\\\models\\\\OauthClientQuery extends generic class yii\\\\db\\\\ActiveQuery but does not specify its types\\: T$#" message: "#^Class common\\\\models\\\\OauthClientQuery extends generic class yii\\\\db\\\\ActiveQuery but does not specify its types\\: T$#"
count: 1 count: 1