Добавлено право на избегание удостоверения личности для внутренних приложений

2025-05-31 14:11:46 +05:30 · 2017-09-30 00:44:05 +03:00
parent 22ed0942e8
commit 8e79d1dd1c
7 changed files with 47 additions and 15 deletions
--- a/api/components/OAuth2/Storage/ScopeStorage.php
+++ b/api/components/OAuth2/Storage/ScopeStorage.php
@@ -32,6 +32,7 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
    private const CLIENT_CREDENTIALS_PERMISSIONS_INTERNAL = [
        P::BLOCK_ACCOUNT,
        P::OBTAIN_EXTENDED_ACCOUNT_INFO,
+        P::ESCAPE_IDENTITY_VERIFICATION,
    ];

    /**
@@ -55,6 +56,7 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
                $client = $this->server->getClientStorage()->get($clientId);
                Assert::that($client)->isInstanceOf(ClientEntity::class);

+                /** @noinspection NullPointerExceptionInspection */
                $isTrusted = $client->isTrusted();
            }

--- a/api/components/User/Component.php
+++ b/api/components/User/Component.php
@@ -58,7 +58,11 @@ class Component extends YiiUserComponent {
        }
    }

-    public function findIdentityByAccessToken(string $accessToken): ?IdentityInterface {
+    public function findIdentityByAccessToken($accessToken): ?IdentityInterface {
+        if ($accessToken === null) {
+            return null;
+        }
+
        /** @var \api\components\User\IdentityInterface|string $identityClass */
        $identityClass = $this->identityClass;
        try {
--- a/api/validators/PasswordRequiredValidator.php
+++ b/api/validators/PasswordRequiredValidator.php
@@ -3,8 +3,11 @@ namespace api\validators;

 use common\helpers\Error as E;
 use common\models\Account;
+use common\rbac\Permissions as P;
 use yii\base\InvalidConfigException;
+use yii\di\Instance;
 use yii\validators\Validator;
+use yii\web\User;

 class PasswordRequiredValidator extends Validator {

@@ -18,14 +21,25 @@ class PasswordRequiredValidator extends Validator {
     */
    public $skipOnEmpty = false;

+    /**
+     * @var User|string
+     */
+    public $user = 'user';
+
    public function init() {
        parent::init();
        if (!$this->account instanceof Account) {
            throw new InvalidConfigException('account should be instance of ' . Account::class);
        }
+
+        $this->user = Instance::ensure($this->user, User::class);
    }

    protected function validateValue($value) {
+        if ($this->user->can(P::ESCAPE_IDENTITY_VERIFICATION)) {
+            return null;
+        }
+
        if (empty($value)) {
            return [E::PASSWORD_REQUIRED, []];
        }