From a9a56c9e1d6089fad376cddff42a72646e886167 Mon Sep 17 00:00:00 2001 From: ErickSkrauch Date: Wed, 4 Dec 2019 13:24:30 +0300 Subject: [PATCH] Extract encryption key into the configuration param --- .env-dist | 2 ++ api/components/OAuth2/Component.php | 7 ++++++- api/config/config-test.php | 3 +++ api/config/config.php | 4 ++++ autocompletion.php | 2 +- common/config/config.php | 7 ++----- 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.env-dist b/.env-dist index 0b0949b..f2d53d9 100644 --- a/.env-dist +++ b/.env-dist @@ -7,8 +7,10 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000 ## Security params JWT_USER_SECRET= +JWT_ENCRYPTION_KEY= JWT_PUBLIC_KEY_PATH= JWT_PRIVATE_KEY_PATH= +JWT_PRIVATE_KEY_PASS= ## External services RECAPTCHA_PUBLIC= diff --git a/api/components/OAuth2/Component.php b/api/components/OAuth2/Component.php index 10350f0..38081a1 100644 --- a/api/components/OAuth2/Component.php +++ b/api/components/OAuth2/Component.php @@ -13,6 +13,11 @@ use yii\base\Component as BaseComponent; class Component extends BaseComponent { + /** + * @var string|\Defuse\Crypto\Key + */ + public $encryptionKey; + /** * @var AuthorizationServer */ @@ -34,7 +39,7 @@ class Component extends BaseComponent { $accessTokensRepo, new Repositories\EmptyScopeRepository(), new EmptyKey(), - '123' // TODO: extract to the variable + $this->encryptionKey ); $authCodeGrant = new AuthCodeGrant($authCodesRepo, $refreshTokensRepo, new DateInterval('PT10M')); $authCodeGrant->disableRequireCodeChallengeForPublicClients(); diff --git a/api/config/config-test.php b/api/config/config-test.php index 8f0952d..af8f598 100644 --- a/api/config/config-test.php +++ b/api/config/config-test.php @@ -1,6 +1,9 @@ [ + 'oauth' => [ + 'encryptionKey' => 'mock-encryption-key', + ], 'tokens' => [ 'hmacKey' => 'tests-secret-key', 'privateKeyPath' => codecept_data_dir('certs/private.pem'), diff --git a/api/config/config.php b/api/config/config.php index b51df70..420a73b 100644 --- a/api/config/config.php +++ b/api/config/config.php @@ -11,6 +11,10 @@ return [ 'user' => [ 'class' => api\components\User\Component::class, ], + 'oauth' => [ + 'class' => api\components\OAuth2\Component::class, + 'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'), + ], 'tokens' => [ 'class' => api\components\Tokens\Component::class, 'hmacKey' => getenv('JWT_USER_SECRET'), diff --git a/autocompletion.php b/autocompletion.php index fa14d25..e07fc51 100644 --- a/autocompletion.php +++ b/autocompletion.php @@ -22,7 +22,6 @@ class Yii extends \yii\BaseYii { * @property \GuzzleHttp\Client $guzzle * @property \common\components\EmailsRenderer\Component $emailsRenderer * @property \mito\sentry\Component $sentry - * @property \api\components\OAuth2\Component $oauth * @property \common\components\StatsD $statsd * @property \yii\queue\Queue $queue * @property \api\components\Tokens\Component $tokens @@ -36,6 +35,7 @@ abstract class BaseApplication extends yii\base\Application { * * @property \api\components\User\Component $user User component. * @property \api\components\ReCaptcha\Component $reCaptcha + * @property \api\components\OAuth2\Component $oauth * * @method \api\components\User\Component getUser() */ diff --git a/common/config/config.php b/common/config/config.php index bc10472..7f282c9 100644 --- a/common/config/config.php +++ b/common/config/config.php @@ -12,7 +12,7 @@ return [ '@console' => '@root/console', ], 'params' => [ - 'fromEmail' => 'ely@ely.by', + 'fromEmail' => 'account@ely.by', 'supportEmail' => 'support@ely.by', ], 'container' => [ @@ -91,12 +91,9 @@ return [ ], 'emailsRenderer' => [ 'class' => common\components\EmailsRenderer\Component::class, - 'serviceUrl' => getenv('EMAILS_RENDERER_HOST'), + 'serviceUrl' => getenv('EMAILS_RENDERER_HOST') ?: 'http://emails-renderer:3000', 'basePath' => '/images/emails', ], - 'oauth' => [ - 'class' => api\components\OAuth2\Component::class, - ], 'authManager' => [ 'class' => \api\rbac\Manager::class, 'itemFile' => '@api/rbac/.generated/items.php',