Исправлен баг с выдачей наружу внутренних названий пермишенов

2024-09-28 22:37:14 +05:30 · 2017-10-18 02:37:01 +03:00 · 2017-10-18 02:37:01 +03:00 · 58d3fd57a8
commit 58d3fd57a8
parent d32849a85b
2 changed files with 21 additions and 3 deletions
--- a/api/models/OauthProcess.php
+++ b/api/models/OauthProcess.php
@ -7,6 +7,7 @@ use api\components\OAuth2\Grants\AuthCodeGrant;
 use api\components\OAuth2\Grants\AuthorizeParams;
 use common\models\Account;
 use common\models\OauthClient;
+use common\rbac\Permissions as P;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\InvalidGrantException;
 use League\OAuth2\Server\Exception\OAuthException;
@ -16,6 +17,11 @@ use yii\helpers\ArrayHelper;

 class OauthProcess {

+    private const INTERNAL_PERMISSIONS_TO_PUBLIC_SCOPES = [
+        P::OBTAIN_OWN_ACCOUNT_INFO => 'account_info',
+        P::OBTAIN_ACCOUNT_EMAIL => 'account_email',
+    ];
+
    /**
     * @var AuthorizationServer
     */
@ -196,11 +202,21 @@ class OauthProcess {
                'description' => ArrayHelper::getValue($queryParams, 'description', $client->description),
            ],
            'session' => [
-                'scopes' => array_keys($scopes),
+                'scopes' => $this->fixScopesNames(array_keys($scopes)),
            ],
        ];
    }

+    private function fixScopesNames(array $scopes): array {
+        foreach ($scopes as &$scope) {
+            if (isset(self::INTERNAL_PERMISSIONS_TO_PUBLIC_SCOPES[$scope])) {
+                $scope = self::INTERNAL_PERMISSIONS_TO_PUBLIC_SCOPES[$scope];
+            }
+        }
+
+        return $scopes;
+    }
+
    private function buildErrorResponse(OAuthException $e): array {
        $response = [
            'success' => false,
--- a/tests/codeception/api/functional/oauth/AuthCodeCest.php
+++ b/tests/codeception/api/functional/oauth/AuthCodeCest.php
@ -24,7 +24,7 @@ class AuthCodeCest {
            'ely',
            'http://ely.by',
            'code',
-            [P::MINECRAFT_SERVER_SESSION],
+            [P::MINECRAFT_SERVER_SESSION, 'account_info', 'account_email'],
            'test-state'
        ));
        $I->canSeeResponseCodeIs(200);
@ -35,7 +35,7 @@ class AuthCodeCest {
                'client_id' => 'ely',
                'redirect_uri' => 'http://ely.by',
                'response_type' => 'code',
-                'scope' => 'minecraft_server_session',
+                'scope' => 'minecraft_server_session,account_info,account_email',
                'state' => 'test-state',
            ],
            'client' => [
@ -46,6 +46,8 @@ class AuthCodeCest {
            'session' => [
                'scopes' => [
                    'minecraft_server_session',
+                    'account_info',
+                    'account_email',
                ],
            ],
        ]);