ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-02-05 00:19:40 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fixes #35. Make clientToken optional during legacy Minecraft auth flow

Browse Source
This commit is contained in:
ErickSkrauch 2024-11-24 10:25:22 +01:00
parent d921616360
commit 625250b367
No known key found for this signature in database
GPG Key ID: 669339FCBB30EE0E
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/modules/authserver/models/AuthenticationForm.php
View File

@ -14,6 +14,7 @@ use common\helpers\Error as E;
use common\models\Account; use common\models\Account;
use common\models\OauthClient; use common\models\OauthClient;
use common\models\OauthSession; use common\models\OauthSession;
use Ramsey\Uuid\Uuid;
use Webmozart\Assert\Assert; use Webmozart\Assert\Assert;
use Yii; use Yii;
@ -41,7 +42,7 @@ class AuthenticationForm extends ApiForm {
public function rules(): array { public function rules(): array {
return [ return [
[['username', 'password', 'clientToken'], RequiredValidator::class], [['username', 'password'], RequiredValidator::class],
[['clientToken'], ClientTokenValidator::class], [['clientToken'], ClientTokenValidator::class],
[['requestUser'], 'boolean'], [['requestUser'], 'boolean'],
]; ];
@ -110,8 +111,9 @@ class AuthenticationForm extends ApiForm {
/** @var Account $account */ /** @var Account $account */
$account = $loginForm->getAccount(); $account = $loginForm->getAccount();
$token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $this->clientToken); $clientToken = $this->clientToken ?: Uuid::uuid4()->toString();
$dataModel = new AuthenticateData($account, (string)$token, $this->clientToken, (bool)$this->requestUser); $token = Yii::$app->tokensFactory->createForMinecraftAccount($account, $clientToken);
$dataModel = new AuthenticateData($account, (string)$token, $clientToken, (bool)$this->requestUser);
/** @var OauthSession|null $minecraftOauthSession */ /** @var OauthSession|null $minecraftOauthSession */
$minecraftOauthSession = $account->getOauthSessions() $minecraftOauthSession = $account->getOauthSessions()
->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER]) ->andWhere(['client_id' => OauthClient::UNAUTHORIZED_MINECRAFT_GAME_LAUNCHER])

10
api/tests/functional/authserver/AuthorizationCest.php
View File

@ -107,6 +107,16 @@ class AuthorizationCest {
]); ]);
} }
public function withoutClientToken(FunctionalTester $I): void {
$I->sendPOST('/api/authserver/authentication/authenticate', [
'username' => 'admin',
'password' => 'password_0',
]);
$I->canSeeResponseCodeIs(200);
$clientToken = $I->grabDataFromResponseByJsonPath('$.clientToken')[0];
$I->assertNotEmpty($clientToken);
}
public function tooLongClientToken(FunctionalTester $I) { public function tooLongClientToken(FunctionalTester $I) {
$I->wantTo('send non uuid clientToken with more then 255 characters length'); $I->wantTo('send non uuid clientToken with more then 255 characters length');
$I->sendPOST('/api/authserver/authentication/authenticate', [ $I->sendPOST('/api/authserver/authentication/authenticate', [