mirror of
https://github.com/elyby/accounts.git
synced 2024-12-25 22:59:53 +05:30
Добавлено право на избегание удостоверения личности для внутренних приложений
This commit is contained in:
parent
22ed0942e8
commit
8e79d1dd1c
@ -32,6 +32,7 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
|
||||
private const CLIENT_CREDENTIALS_PERMISSIONS_INTERNAL = [
|
||||
P::BLOCK_ACCOUNT,
|
||||
P::OBTAIN_EXTENDED_ACCOUNT_INFO,
|
||||
P::ESCAPE_IDENTITY_VERIFICATION,
|
||||
];
|
||||
|
||||
/**
|
||||
@ -55,6 +56,7 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
|
||||
$client = $this->server->getClientStorage()->get($clientId);
|
||||
Assert::that($client)->isInstanceOf(ClientEntity::class);
|
||||
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$isTrusted = $client->isTrusted();
|
||||
}
|
||||
|
||||
|
@ -58,7 +58,11 @@ class Component extends YiiUserComponent {
|
||||
}
|
||||
}
|
||||
|
||||
public function findIdentityByAccessToken(string $accessToken): ?IdentityInterface {
|
||||
public function findIdentityByAccessToken($accessToken): ?IdentityInterface {
|
||||
if ($accessToken === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
/** @var \api\components\User\IdentityInterface|string $identityClass */
|
||||
$identityClass = $this->identityClass;
|
||||
try {
|
||||
|
@ -3,8 +3,11 @@ namespace api\validators;
|
||||
|
||||
use common\helpers\Error as E;
|
||||
use common\models\Account;
|
||||
use common\rbac\Permissions as P;
|
||||
use yii\base\InvalidConfigException;
|
||||
use yii\di\Instance;
|
||||
use yii\validators\Validator;
|
||||
use yii\web\User;
|
||||
|
||||
class PasswordRequiredValidator extends Validator {
|
||||
|
||||
@ -18,14 +21,25 @@ class PasswordRequiredValidator extends Validator {
|
||||
*/
|
||||
public $skipOnEmpty = false;
|
||||
|
||||
/**
|
||||
* @var User|string
|
||||
*/
|
||||
public $user = 'user';
|
||||
|
||||
public function init() {
|
||||
parent::init();
|
||||
if (!$this->account instanceof Account) {
|
||||
throw new InvalidConfigException('account should be instance of ' . Account::class);
|
||||
}
|
||||
|
||||
$this->user = Instance::ensure($this->user, User::class);
|
||||
}
|
||||
|
||||
protected function validateValue($value) {
|
||||
if ($this->user->can(P::ESCAPE_IDENTITY_VERIFICATION)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (empty($value)) {
|
||||
return [E::PASSWORD_REQUIRED, []];
|
||||
}
|
||||
|
@ -19,6 +19,10 @@ class Manager extends PhpManager {
|
||||
*/
|
||||
public function getAssignments($accessToken): array {
|
||||
$identity = Yii::$app->user->findIdentityByAccessToken($accessToken);
|
||||
if ($identity === null) {
|
||||
return [];
|
||||
}
|
||||
|
||||
/** @noinspection NullPointerExceptionInspection */
|
||||
$permissions = $identity->getAssignedPermissions();
|
||||
if (empty($permissions)) {
|
||||
|
@ -28,4 +28,7 @@ final class Permissions {
|
||||
public const OBTAIN_ACCOUNT_EMAIL = 'obtain_account_email';
|
||||
public const OBTAIN_EXTENDED_ACCOUNT_INFO = 'obtain_account_extended_info';
|
||||
|
||||
// Service permissions
|
||||
public const ESCAPE_IDENTITY_VERIFICATION = 'escape_identity_verification';
|
||||
|
||||
}
|
||||
|
@ -45,6 +45,8 @@ class RbacController extends Controller {
|
||||
$permManageOwnTwoFactorAuth = $this->createPermission(P::MANAGE_OWN_TWO_FACTOR_AUTH, AccountOwner::class);
|
||||
$permMinecraftServerSession = $this->createPermission(P::MINECRAFT_SERVER_SESSION);
|
||||
|
||||
$permEscapeIdentityVerification = $this->createPermission(P::ESCAPE_IDENTITY_VERIFICATION);
|
||||
|
||||
$roleAccountsWebUser = $this->createRole(R::ACCOUNTS_WEB_USER);
|
||||
|
||||
$authManager->addChild($permObtainOwnAccountInfo, $permObtainAccountInfo);
|
||||
|
@ -2,32 +2,35 @@
|
||||
namespace codeception\api\unit\validators;
|
||||
|
||||
use api\validators\PasswordRequiredValidator;
|
||||
use Codeception\Specify;
|
||||
use common\models\Account;
|
||||
use common\rbac\Permissions as P;
|
||||
use tests\codeception\api\unit\TestCase;
|
||||
use tests\codeception\common\_support\ProtectedCaller;
|
||||
use common\helpers\Error as E;
|
||||
use yii\web\User;
|
||||
|
||||
class PasswordRequiredValidatorTest extends TestCase {
|
||||
use Specify;
|
||||
use ProtectedCaller;
|
||||
|
||||
public function testValidateValue() {
|
||||
$account = new Account(['password' => '12345678']);
|
||||
$this->specify('get error.password_required if password is empty', function () use ($account) {
|
||||
$model = new PasswordRequiredValidator(['account' => $account]);
|
||||
expect($this->callProtected($model, 'validateValue', ''))->equals([E::PASSWORD_REQUIRED, []]);
|
||||
});
|
||||
$model = new PasswordRequiredValidator(['account' => $account]);
|
||||
|
||||
$this->specify('get error.password_incorrect if password is incorrect', function () use ($account) {
|
||||
$model = new PasswordRequiredValidator(['account' => $account]);
|
||||
expect($this->callProtected($model, 'validateValue', '87654321'))->equals([E::PASSWORD_INCORRECT, []]);
|
||||
});
|
||||
// Get error.password_required if password is empty
|
||||
$this->assertEquals([E::PASSWORD_REQUIRED, []], $this->callProtected($model, 'validateValue', ''));
|
||||
|
||||
$this->specify('no errors, if password is correct for provided account', function () use ($account) {
|
||||
$model = new PasswordRequiredValidator(['account' => $account]);
|
||||
expect($this->callProtected($model, 'validateValue', '12345678'))->null();
|
||||
});
|
||||
// Get error.password_incorrect if password is incorrect
|
||||
$this->assertEquals([E::PASSWORD_INCORRECT, []], $this->callProtected($model, 'validateValue', '87654321'));
|
||||
|
||||
// No errors, if password is correct for provided account
|
||||
$this->assertNull($this->callProtected($model, 'validateValue', '12345678'));
|
||||
|
||||
// Skip validation if user can skip identity verification
|
||||
/** @var User|\Mockery\MockInterface $component */
|
||||
$component = mock(User::class . '[can]', [['identityClass' => '']]);
|
||||
$component->shouldReceive('can')->withArgs([P::ESCAPE_IDENTITY_VERIFICATION])->andReturn(true);
|
||||
$model->user = $component;
|
||||
$this->assertNull($this->callProtected($model, 'validateValue', ''));
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user