From 23d079346b6cdd316614b976567396f21937ae16 Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Wed, 30 Nov 2016 12:19:10 +0300
Subject: [PATCH] =?UTF-8?q?=D0=9F=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA?=
 =?UTF-8?q?=D0=B0=20oAuth=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8=D0=B7?=
 =?UTF-8?q?=D0=B0=D1=86=D0=B8=D0=B8=20=D0=BE=D1=80=D0=B3=D0=B0=D0=BD=D0=B8?=
 =?UTF-8?q?=D0=B7=D0=BE=D0=B2=D0=B0=D0=BD=D0=B0=20=D1=87=D0=B5=D1=80=D0=B5?=
 =?UTF-8?q?=D0=B7=20oauth=20=D0=BA=D0=BE=D0=BC=D0=BF=D0=BE=D0=BD=D0=B5?=
 =?UTF-8?q?=D0=BD=D1=82=20=D0=B8=20=D0=B1=D0=BE=D0=BB=D1=8C=D1=88=D0=B5=20?=
 =?UTF-8?q?=D0=BD=D0=B5=20=D0=B7=D0=B0=D0=B2=D1=8F=D0=B7=D0=B0=D0=BD=D0=B0?=
 =?UTF-8?q?=20=D0=BD=D0=B0=20=D1=80=D0=B5=D0=B0=D0=BB=D0=B8=D0=B7=D0=B0?=
 =?UTF-8?q?=D1=86=D0=B8=D0=B8=20=D0=B2=D0=BD=D1=83=D1=82=D1=80=D0=B8=20?=
 =?UTF-8?q?=D0=BC=D0=BE=D0=B4=D0=B5=D0=BB=D0=B5=D0=B9=20=D0=BF=D1=80=D0=B8?=
 =?UTF-8?q?=D0=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/components/ApiUser/AuthChecker.php  |  7 +++----
 api/components/ApiUser/Identity.php     | 26 ++++++++++++-------------
 api/modules/session/models/JoinForm.php |  2 +-
 common/models/OauthSession.php          | 20 +++++++++----------
 4 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/api/components/ApiUser/AuthChecker.php b/api/components/ApiUser/AuthChecker.php
index ef3dae5..59f6fa9 100644
--- a/api/components/ApiUser/AuthChecker.php
+++ b/api/components/ApiUser/AuthChecker.php
@@ -1,7 +1,7 @@
 <?php
 namespace api\components\ApiUser;
 
-use common\models\OauthAccessToken;
+use Yii;
 use yii\rbac\CheckAccessInterface;
 
 class AuthChecker implements CheckAccessInterface {
@@ -10,13 +10,12 @@ class AuthChecker implements CheckAccessInterface {
      * @inheritdoc
      */
     public function checkAccess($token, $permissionName, $params = []) : bool {
-        /** @var OauthAccessToken|null $accessToken */
-        $accessToken = OauthAccessToken::findOne($token);
+        $accessToken = Yii::$app->oauth->getAuthServer()->getAccessTokenStorage()->get($token);
         if ($accessToken === null) {
             return false;
         }
 
-        return $accessToken->getScopes()->exists($permissionName);
+        return $accessToken->hasScope($permissionName);
     }
 
 }
diff --git a/api/components/ApiUser/Identity.php b/api/components/ApiUser/Identity.php
index d3e4fab..fb3510d 100644
--- a/api/components/ApiUser/Identity.php
+++ b/api/components/ApiUser/Identity.php
@@ -1,24 +1,25 @@
 <?php
 namespace api\components\ApiUser;
 
+use api\components\OAuth2\Entities\AccessTokenEntity;
 use common\models\Account;
-use common\models\OauthAccessToken;
 use common\models\OauthClient;
 use common\models\OauthSession;
+use Yii;
 use yii\base\NotSupportedException;
 use yii\web\IdentityInterface;
 use yii\web\UnauthorizedHttpException;
 
 /**
- * @property Account          $account
- * @property OauthClient      $client
- * @property OauthSession     $session
- * @property OauthAccessToken $accessToken
+ * @property Account           $account
+ * @property OauthClient       $client
+ * @property OauthSession      $session
+ * @property AccessTokenEntity $accessToken
  */
 class Identity implements IdentityInterface {
 
     /**
-     * @var OauthAccessToken
+     * @var AccessTokenEntity
      */
     private $_accessToken;
 
@@ -26,8 +27,7 @@ class Identity implements IdentityInterface {
      * @inheritdoc
      */
     public static function findIdentityByAccessToken($token, $type = null) {
-        /** @var OauthAccessToken|null $model */
-        $model = OauthAccessToken::findOne($token);
+        $model = Yii::$app->oauth->getAuthServer()->getAccessTokenStorage()->get($token);
         if ($model === null) {
             throw new UnauthorizedHttpException('Incorrect token');
         } elseif ($model->isExpired()) {
@@ -37,7 +37,7 @@ class Identity implements IdentityInterface {
         return new static($model);
     }
 
-    private function __construct(OauthAccessToken $accessToken) {
+    private function __construct(AccessTokenEntity $accessToken) {
         $this->_accessToken = $accessToken;
     }
 
@@ -50,20 +50,20 @@ class Identity implements IdentityInterface {
     }
 
     public function getSession() : OauthSession {
-        return $this->_accessToken->session;
+        return OauthSession::findOne($this->_accessToken->getSessionId());
     }
 
-    public function getAccessToken() : OauthAccessToken {
+    public function getAccessToken() : AccessTokenEntity {
         return $this->_accessToken;
     }
 
     /**
-     * Этот метод используется для получения пользователя, к которому привязаны права.
+     * Этот метод используется для получения токена, к которому привязаны права.
      * У нас права привязываются к токенам, так что возвращаем именно его id.
      * @inheritdoc
      */
     public function getId() {
-        return $this->_accessToken->access_token;
+        return $this->_accessToken->getId();
     }
 
     public function getAuthKey() {
diff --git a/api/modules/session/models/JoinForm.php b/api/modules/session/models/JoinForm.php
index 648338e..f5e1973 100644
--- a/api/modules/session/models/JoinForm.php
+++ b/api/modules/session/models/JoinForm.php
@@ -128,7 +128,7 @@ class JoinForm extends Model {
             $account = $accessModel->account;
         }
 
-        /** @var MinecraftAccessKey|\common\models\OauthAccessToken $accessModel */
+        /** @var MinecraftAccessKey|\api\components\OAuth2\Entities\AccessTokenEntity $accessModel */
         if ($accessModel->isExpired()) {
             Session::error("User with access_token = '{$accessToken}' failed join by expired access_token.");
             throw new ForbiddenOperationException('Expired access_token.');
diff --git a/common/models/OauthSession.php b/common/models/OauthSession.php
index 675cd31..981983e 100644
--- a/common/models/OauthSession.php
+++ b/common/models/OauthSession.php
@@ -3,21 +3,21 @@ namespace common\models;
 
 use common\components\Redis\Set;
 use Yii;
+use yii\base\ErrorException;
 use yii\db\ActiveRecord;
 
 /**
  * Поля:
- * @property integer            $id
- * @property string             $owner_type
- * @property string             $owner_id
- * @property string             $client_id
- * @property string             $client_redirect_uri
+ * @property integer     $id
+ * @property string      $owner_type
+ * @property string      $owner_id
+ * @property string      $client_id
+ * @property string      $client_redirect_uri
  *
  * Отношения
- * @property OauthAccessToken[] $accessTokens
- * @property OauthClient        $client
- * @property Account            $account
- * @property Set                $scopes
+ * @property OauthClient $client
+ * @property Account     $account
+ * @property Set         $scopes
  */
 class OauthSession extends ActiveRecord {
 
@@ -26,7 +26,7 @@ class OauthSession extends ActiveRecord {
     }
 
     public function getAccessTokens() {
-        return $this->hasMany(OauthAccessToken::class, ['session_id' => 'id']);
+        throw new ErrorException('This method is possible, but not implemented');
     }
 
     public function getClient() {