Реализована логика oAuth авторизации приложений, добавлен Redis, удалены лишние тесты, пофикшены старые.

common/components/oauth/Storage/Yii2/AccessTokenStorage.php

@@ -0,0 +1,85 @@
+<?php
+namespace common\components\oauth\Storage\Yii2;
+
+use common\components\oauth\Entity\AccessTokenEntity;
+use common\models\OauthAccessToken;
+use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+use yii\db\Exception;
+
+class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface {
+
+    private $cache = [];
+
+    /**
+     * @param string $token
+     * @return OauthAccessToken|null
+     */
+    private function getTokenModel($token) {
+        if (isset($this->cache[$token])) {
+            $this->cache[$token] = OauthAccessToken::findOne($token);
+        }
+
+        return $this->cache[$token];
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function get($token) {
+        $model = $this->getTokenModel($token);
+        if ($model === null) {
+            return null;
+        }
+
+        return (new AccessTokenEntity($this->server))->hydrate([
+            'id' => $model->access_token,
+            'expireTime' => $model->expire_time,
+            'sessionId' => $model->session_id,
+        ]);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getScopes(OriginalAccessTokenEntity $token) {
+        $entities = [];
+        foreach($this->getTokenModel($token->getId())->getScopes() as $scope) {
+            $entities[] = (new ScopeEntity($this->server))->hydrate(['id' => $scope]);
+        }
+
+        return $entities;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function create($token, $expireTime, $sessionId) {
+        $model = new OauthAccessToken([
+            'access_token' => $token,
+            'expire_time' => $expireTime,
+            'session_id' => $sessionId,
+        ]);
+
+        if (!$model->save()) {
+            throw new Exception('Cannot save ' . OauthAccessToken::class . ' model.');
+        }
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function associateScope(OriginalAccessTokenEntity $token, ScopeEntity $scope) {
+        $this->getTokenModel($token->getId())->getScopes()->add($scope->getId());
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function delete(OriginalAccessTokenEntity $token) {
+        $this->getTokenModel($token->getId())->delete();
+    }
+
+}

common/components/oauth/Storage/Yii2/ClientStorage.php

@@ -0,0 +1,73 @@
+<?php
+namespace common\components\oauth\Storage\Yii2;
+
+use common\components\oauth\Entity\SessionEntity;
+use common\models\OauthClient;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ClientInterface;
+
+class ClientStorage extends AbstractStorage implements ClientInterface {
+
+    /**
+     * @inheritdoc
+     */
+    public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null) {
+        $query = OauthClient::find()
+            ->select(['id', 'name', 'secret'])
+            ->where([OauthClient::tableName() . '.id' => $clientId]);
+
+        if ($clientSecret !== null) {
+            $query->andWhere(['secret' => $clientSecret]);
+        }
+
+        if ($redirectUri !== null) {
+            $query
+                ->addSelect(['redirect_uri'])
+                ->andWhere(['redirect_uri' => $redirectUri]);
+        }
+
+        $model = $query->asArray()->one();
+        if ($model === null) {
+            return null;
+        }
+
+        $entity = new ClientEntity($this->server);
+        $entity->hydrate([
+            'id' => $model['id'],
+            'name' => $model['name'],
+            'secret' => $model['secret'],
+        ]);
+
+        if (isset($model['redirect_uri'])) {
+            $entity->hydrate([
+                'redirectUri' => $model['redirect_uri'],
+            ]);
+        }
+
+        return $entity;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getBySession(OriginalSessionEntity $session) {
+        if (!$session instanceof SessionEntity) {
+            throw new \ErrorException('This module assumes that $session typeof ' . SessionEntity::class);
+        }
+
+        $model = OauthClient::find()
+            ->select(['id', 'name'])
+            ->andWhere(['id' => $session->getClientId()])
+            ->asArray()
+            ->one();
+
+        if ($model === null) {
+            return null;
+        }
+
+        return (new ClientEntity($this->server))->hydrate($model);
+    }
+
+}

common/components/oauth/Storage/Yii2/ScopeStorage.php

@@ -0,0 +1,26 @@
+<?php
+namespace common\components\oauth\Storage\Yii2;
+
+use common\models\OauthScope;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ScopeInterface;
+
+class ScopeStorage extends AbstractStorage implements ScopeInterface {
+
+    /**
+     * @inheritdoc
+     */
+    public function get($scope, $grantType = null, $clientId = null) {
+        $row = OauthScope::find()->andWhere(['id' => $scope])->asArray()->one();
+        if ($row === null) {
+            return null;
+        }
+
+        $entity = new ScopeEntity($this->server);
+        $entity->hydrate($row);
+
+        return $entity;
+    }
+
+}

common/components/oauth/Storage/Yii2/SessionStorage.php

@@ -0,0 +1,125 @@
+<?php
+namespace common\components\oauth\Storage\Yii2;
+
+use common\components\oauth\Entity\AuthCodeEntity;
+use common\components\oauth\Entity\SessionEntity;
+use common\models\OauthSession;
+use League\OAuth2\Server\Entity\AccessTokenEntity as OriginalAccessTokenEntity;
+use League\OAuth2\Server\Entity\AuthCodeEntity as OriginalAuthCodeEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity as OriginalSessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\SessionInterface;
+use yii\db\ActiveQuery;
+use yii\db\Exception;
+
+class SessionStorage extends AbstractStorage implements SessionInterface {
+
+    private $cache = [];
+
+    /**
+     * @param string $sessionId
+     * @return OauthSession|null
+     */
+    private function getSessionModel($sessionId) {
+        if (!isset($this->cache[$sessionId])) {
+            $this->cache[$sessionId] = OauthSession::findOne($sessionId);
+        }
+
+        return $this->cache[$sessionId];
+    }
+
+    private function hydrateEntity($sessionModel) {
+        if (!$sessionModel instanceof OauthSession) {
+            return null;
+        }
+
+        return (new SessionEntity($this->server))->hydrate([
+            'id' => $sessionModel->id,
+            'client_id' => $sessionModel->client_id,
+        ])->setOwner($sessionModel->owner_type, $sessionModel->owner_id);
+    }
+
+    /**
+     * @param string $sessionId
+     * @return SessionEntity|null
+     */
+    public function getSession($sessionId) {
+        return $this->hydrateEntity($this->getSessionModel($sessionId));
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getByAccessToken(OriginalAccessTokenEntity $accessToken) {
+        /** @var OauthSession|null $model */
+        $model = OauthSession::find()->innerJoinWith([
+            'accessTokens' => function(ActiveQuery $query) use ($accessToken) {
+                $query->andWhere(['access_token' => $accessToken->getId()]);
+            },
+        ])->one();
+
+        return $this->hydrateEntity($model);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getByAuthCode(OriginalAuthCodeEntity $authCode) {
+        if (!$authCode instanceof AuthCodeEntity) {
+            throw new \ErrorException('This module assumes that $authCode typeof ' . AuthCodeEntity::class);
+        }
+
+        return $this->getSession($authCode->getSessionId());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getScopes(OriginalSessionEntity $session) {
+        $result = [];
+        foreach ($this->getSessionModel($session->getId())->getScopes() as $scope) {
+            // TODO: нужно проверить все выданные скоупы на их существование
+            $result[] = (new ScopeEntity($this->server))->hydrate(['id' => $scope]);
+        }
+
+        return $result;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null) {
+        $sessionId = OauthSession::find()
+            ->select('id')
+            ->andWhere([
+                'client_id' => $clientId,
+                'owner_type' => $ownerType,
+                'owner_id' => $ownerId,
+            ])->scalar();
+
+        if ($sessionId === false) {
+            $model = new OauthSession([
+                'client_id' => $clientId,
+                'owner_type' => $ownerType,
+                'owner_id' => $ownerId,
+            ]);
+
+            if (!$model->save()) {
+                throw new Exception('Cannot save ' . OauthSession::class . ' model.');
+            }
+
+            $sessionId = $model->id;
+        }
+
+        return $sessionId;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function associateScope(OriginalSessionEntity $session, ScopeEntity $scope) {
+        $this->getSessionModel($session->getId())->getScopes()->add($scope->getId());
+    }
+
+}