Реализована логика oAuth авторизации приложений, добавлен Redis, удалены лишние тесты, пофикшены старые.

common/models/Account.php

@@ -28,6 +28,7 @@ use yii\web\IdentityInterface;
  *
  * Отношения:
  * @property EmailActivation[] $emailActivations
+ * @property OauthSession[]    $sessions
  *
  * Поведения:
  * @mixin TimestampBehavior
@@ -216,4 +217,34 @@ class Account extends ActiveRecord implements IdentityInterface {
         return $this->hasMany(EmailActivation::class, ['id' => 'account_id']);
     }
 
+    public function getSessions() {
+        return $this->hasMany(OauthSession::class, ['owner_id' => 'id']);
+    }
+
+    /**
+     * Метод проверяет, может ли текщий пользователь быть автоматически авторизован
+     * для указанного клиента без запроса доступа к необходимому списку прав
+     *
+     * @param OauthClient $client
+     * @param \League\OAuth2\Server\Entity\ScopeEntity[] $scopes
+     *
+     * @return bool
+     */
+    public function canAutoApprove(OauthClient $client, array $scopes = []) {
+        if ($client->is_trusted) {
+            return true;
+        }
+
+        /** @var OauthSession|null $session */
+        $session = $this->getSessions()->andWhere(['client_id' => $client->id])->one();
+        if ($session !== null) {
+            $existScopes = $session->getScopes()->members();
+            if (empty(array_diff(array_keys($scopes), $existScopes))) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
 }

common/models/OauthAccessToken.php

@@ -0,0 +1,41 @@
+<?php
+namespace common\models;
+
+use common\components\redis\Set;
+use Yii;
+use yii\db\ActiveRecord;
+
+/**
+ * This is the model class for table "oauth_access_tokens".
+ *
+ * @property string  $access_token
+ * @property string  $session_id
+ * @property integer $expire_time
+ *
+ * @property Set     $scopes
+ */
+class OauthAccessToken extends ActiveRecord {
+
+    public static function tableName() {
+        return '{{%oauth_access_tokens}}';
+    }
+
+    public function getSession() {
+        return $this->hasOne(OauthSession::class, ['id' => 'session_id']);
+    }
+
+    public function getScopes() {
+        return new Set($this->getDb()->getSchema()->getRawTableName($this->tableName()), $this->access_token, 'scopes');
+    }
+
+    public function beforeDelete() {
+        if (!$result = parent::beforeDelete()) {
+            return $result;
+        }
+
+        $this->getScopes()->delete();
+
+        return true;
+    }
+
+}

common/models/OauthClient.php

@@ -0,0 +1,49 @@
+<?php
+namespace common\models;
+
+use Yii;
+use yii\db\ActiveRecord;
+
+/**
+ * Поля модели:
+ * @property string         $id
+ * @property string         $secret
+ * @property string         $name
+ * @property string         $description
+ * @property string         $redirect_uri
+ * @property integer        $account_id
+ * @property bool           $is_trusted
+ * @property integer        $created_at
+ *
+ * Отношения:
+ * @property Account        $account
+ * @property OauthSession[] $sessions
+ */
+class OauthClient extends ActiveRecord {
+
+    public static function tableName() {
+        return '{{%oauth_clients}}';
+    }
+
+    public function rules() {
+        return [
+            [['id'], 'required', 'when' => function(self $model) {
+                return $model->isNewRecord;
+            }],
+            [['id'], 'unique', 'when' => function(self $model) {
+                return $model->isNewRecord;
+            }],
+            [['name', 'description'], 'required'],
+            [['name', 'description'], 'string', 'max' => 255],
+        ];
+    }
+
+    public function getAccount() {
+        return $this->hasOne(Account::class, ['id' => 'account_id']);
+    }
+
+    public function getSessions() {
+        return $this->hasMany(OauthSession::class, ['client_id' => 'id']);
+    }
+
+}

common/models/OauthScope.php

@@ -0,0 +1,17 @@
+<?php
+namespace common\models;
+
+use Yii;
+use yii\db\ActiveRecord;
+
+/**
+ * Поля:
+ * @property string $id
+ */
+class OauthScope extends ActiveRecord {
+
+    public static function tableName() {
+        return '{{%oauth_scopes}}';
+    }
+
+}

common/models/OauthSession.php

@@ -0,0 +1,54 @@
+<?php
+namespace common\models;
+
+use common\components\redis\Set;
+use Yii;
+use yii\db\ActiveRecord;
+
+/**
+ * Поля:
+ * @property integer            $id
+ * @property string             $owner_type
+ * @property string             $owner_id
+ * @property string             $client_id
+ * @property string             $client_redirect_uri
+ *
+ * Отношения
+ * @property OauthAccessToken[] $accessTokens
+ * @property OauthClient        $client
+ * @property Account            $account
+ * @property Set                $scopes
+ */
+class OauthSession extends ActiveRecord {
+
+    public static function tableName() {
+        return '{{%oauth_sessions}}';
+    }
+
+    public function getOauthAccessTokens() {
+        return $this->hasMany(OauthAccessToken::class, ['session_id' => 'id']);
+    }
+
+    public function getClient() {
+        return $this->hasOne(OauthClient::class, ['id' => 'client_id']);
+    }
+
+    public function getAccount() {
+        return $this->hasOne(Account::class, ['id' => 'owner_id']);
+    }
+
+    public function getScopes() {
+        return new Set($this->getDb()->getSchema()->getRawTableName($this->tableName()), $this->id, 'scopes');
+    }
+
+    public function beforeDelete() {
+        if (!$result = parent::beforeDelete()) {
+            return $result;
+        }
+
+        $this->getScopes()->delete();
+
+        return true;
+    }
+
+}