Merge branch 'connection-process' into 'develop'
Enhance token revocation process to include refresh tokens and adjust token TTLs See merge request easy-solutions/apps/easyportal!47
This commit is contained in:
commit
a428cf92f3
|
|
@ -3,9 +3,9 @@ league_oauth2_server:
|
||||||
private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%'
|
private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%'
|
||||||
private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%'
|
private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%'
|
||||||
encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%'
|
encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%'
|
||||||
access_token_ttl: PT3H # 3 hours
|
access_token_ttl: PT15M # 15 minutes
|
||||||
refresh_token_ttl: P1M # 1 month
|
refresh_token_ttl: PT7D # 7 days
|
||||||
auth_code_ttl: PT3H # 10 minutes
|
auth_code_ttl: PT30M # 30 minutes
|
||||||
require_code_challenge_for_public_clients: false
|
require_code_challenge_for_public_clients: false
|
||||||
resource_server:
|
resource_server:
|
||||||
public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%'
|
public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%'
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ class LoginSubscriber implements EventSubscriberInterface
|
||||||
$user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris')));
|
$user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris')));
|
||||||
|
|
||||||
$easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]);
|
$easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]);
|
||||||
if ($easySolution) {
|
/*if ($easySolution) {
|
||||||
$accessToken = new AccessToken(
|
$accessToken = new AccessToken(
|
||||||
identifier: bin2hex(random_bytes(40)),
|
identifier: bin2hex(random_bytes(40)),
|
||||||
expiry: new \DateTimeImmutable('+1 hour', new \DateTimeZone('Europe/Paris')),
|
expiry: new \DateTimeImmutable('+1 hour', new \DateTimeZone('Europe/Paris')),
|
||||||
|
|
@ -70,7 +70,7 @@ class LoginSubscriber implements EventSubscriberInterface
|
||||||
$this->entityManager->persist($user);
|
$this->entityManager->persist($user);
|
||||||
$this->entityManager->persist($accessToken);
|
$this->entityManager->persist($accessToken);
|
||||||
$this->entityManager->flush();
|
$this->entityManager->flush();
|
||||||
}
|
}*/
|
||||||
}
|
}
|
||||||
|
|
||||||
// Vérifier si un paramètre redirect_app est présent dans l'URL
|
// Vérifier si un paramètre redirect_app est présent dans l'URL
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ namespace App\Service;
|
||||||
|
|
||||||
use Doctrine\ORM\EntityManagerInterface;
|
use Doctrine\ORM\EntityManagerInterface;
|
||||||
use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
|
use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
|
||||||
|
use League\Bundle\OAuth2ServerBundle\Model\RefreshToken;
|
||||||
|
|
||||||
class AccessTokenService
|
class AccessTokenService
|
||||||
{
|
{
|
||||||
|
|
@ -19,12 +20,13 @@ class AccessTokenService
|
||||||
|
|
||||||
public function revokeUserTokens(string $userIdentifier): void
|
public function revokeUserTokens(string $userIdentifier): void
|
||||||
{
|
{
|
||||||
$tokens = $this->entityManager->getRepository(AccessToken::class)->findBy([
|
$accessTokens = $this->entityManager->getRepository(AccessToken::class)->findBy([
|
||||||
'userIdentifier' => $userIdentifier,
|
'userIdentifier' => $userIdentifier,
|
||||||
'revoked' => false
|
'revoked' => false
|
||||||
]);
|
]);
|
||||||
foreach ($tokens as $token) {
|
|
||||||
try{
|
foreach ($accessTokens as $token) {
|
||||||
|
try {
|
||||||
$token->revoke();
|
$token->revoke();
|
||||||
$this->loggerService->logTokenRevocation(
|
$this->loggerService->logTokenRevocation(
|
||||||
'Access token revoked for user',
|
'Access token revoked for user',
|
||||||
|
|
@ -33,17 +35,34 @@ class AccessTokenService
|
||||||
'token_id' => $token->getIdentifier(),
|
'token_id' => $token->getIdentifier(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}catch (\Exception $e){
|
|
||||||
|
// Révoquer les refresh tokens liés à cet access token
|
||||||
|
$refreshTokens = $this->entityManager->getRepository(RefreshToken::class)->findBy([
|
||||||
|
'accessToken' => $token,
|
||||||
|
'revoked' => false
|
||||||
|
]);
|
||||||
|
foreach ($refreshTokens as $refreshToken) {
|
||||||
|
$refreshToken->revoke();
|
||||||
|
$this->loggerService->logTokenRevocation(
|
||||||
|
'Refresh token revoked for user',
|
||||||
|
[
|
||||||
|
'user_identifier' => $userIdentifier,
|
||||||
|
'refresh_token_id' => $refreshToken->getIdentifier(),
|
||||||
|
]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
} catch (\Exception $e) {
|
||||||
$this->loggerService->logError(
|
$this->loggerService->logError(
|
||||||
'Error revoking access token: ' . $e->getMessage(),
|
'Error revoking tokens: ' . $e->getMessage(),
|
||||||
[
|
[
|
||||||
'user_identifier' => $userIdentifier,
|
'user_identifier' => $userIdentifier,
|
||||||
'token_id' => $token->getIdentifier(),
|
'token_id' => $token->getIdentifier(),
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$this->entityManager->flush();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue