Merge pull request #601 from zerkms/ISSUE-596_UNIQUE_ACCESS_TOKEN

Added a check for unique access token constraint violation
2025-05-31 14:12:07 +05:30 · 2016-06-28 08:48:38 +01:00
parent 7321622104 b68ef973df
commit df20da1235
4 changed files with 434 additions and 13 deletions
--- a/src/Exception/UniqueTokenIdentifierConstraintViolationException.php
+++ b/src/Exception/UniqueTokenIdentifierConstraintViolationException.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * @author      Ivan Kurnosov <zerkms@zerkms.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+
+class UniqueTokenIdentifierConstraintViolationException extends OAuthServerException
+{
+    public static function create()
+    {
+        $errorMessage = 'Could not create unique access token identifier';
+
+        return new static($errorMessage, 100, 'access_token_duplicate', 500);
+    }
+}
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -16,6 +16,7 @@ use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
@@ -35,6 +36,8 @@ abstract class AbstractGrant implements GrantTypeInterface

    const SCOPE_DELIMITER_STRING = ' ';

+    const MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS = 10;
+
    /**
     * @var ClientRepositoryInterface
     */
@@ -321,19 +324,28 @@ abstract class AbstractGrant implements GrantTypeInterface
        $userIdentifier,
        array $scopes = []
    ) {
+        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
+
        $accessToken = $this->accessTokenRepository->getNewToken($client, $scopes, $userIdentifier);
        $accessToken->setClient($client);
        $accessToken->setUserIdentifier($userIdentifier);
-        $accessToken->setIdentifier($this->generateUniqueIdentifier());
        $accessToken->setExpiryDateTime((new \DateTime())->add($accessTokenTTL));

        foreach ($scopes as $scope) {
            $accessToken->addScope($scope);
        }

-        $this->accessTokenRepository->persistNewAccessToken($accessToken);
-
-        return $accessToken;
+        while ($maxGenerationAttempts-- > 0) {
+            $accessToken->setIdentifier($this->generateUniqueIdentifier());
+            try {
+                $this->accessTokenRepository->persistNewAccessToken($accessToken);
+                return $accessToken;
+            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
+                if ($maxGenerationAttempts === 0) {
+                    throw $e;
+                }
+            }
+        }
    }

    /**
@@ -354,8 +366,9 @@ abstract class AbstractGrant implements GrantTypeInterface
        $redirectUri,
        array $scopes = []
    ) {
+        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
+
        $authCode = $this->authCodeRepository->getNewAuthCode();
-        $authCode->setIdentifier($this->generateUniqueIdentifier());
        $authCode->setExpiryDateTime((new \DateTime())->add($authCodeTTL));
        $authCode->setClient($client);
        $authCode->setUserIdentifier($userIdentifier);
@@ -365,9 +378,17 @@ abstract class AbstractGrant implements GrantTypeInterface
            $authCode->addScope($scope);
        }

-        $this->authCodeRepository->persistNewAuthCode($authCode);
-
-        return $authCode;
+        while ($maxGenerationAttempts-- > 0) {
+            $authCode->setIdentifier($this->generateUniqueIdentifier());
+            try {
+                $this->authCodeRepository->persistNewAuthCode($authCode);
+                return $authCode;
+            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
+                if ($maxGenerationAttempts === 0) {
+                    throw $e;
+                }
+            }
+        }
    }

    /**
@@ -377,14 +398,23 @@ abstract class AbstractGrant implements GrantTypeInterface
     */
    protected function issueRefreshToken(AccessTokenEntityInterface $accessToken)
    {
+        $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
+
        $refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
-        $refreshToken->setIdentifier($this->generateUniqueIdentifier());
        $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
        $refreshToken->setAccessToken($accessToken);

-        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
-
-        return $refreshToken;
+        while ($maxGenerationAttempts-- > 0) {
+            $refreshToken->setIdentifier($this->generateUniqueIdentifier());
+            try {
+                $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
+                return $refreshToken;
+            } catch (UniqueTokenIdentifierConstraintViolationException $e) {
+                if ($maxGenerationAttempts === 0) {
+                    throw $e;
+                }
+            }
+        }
    }

    /**