Merge branch 'connection-process' into 'develop'
Enhance token revocation process to include refresh tokens and adjust token TTLs See merge request easy-solutions/apps/easyportal!47
This commit is contained in:
commit
a428cf92f3
|
|
@ -3,9 +3,9 @@ league_oauth2_server:
|
|||
private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%'
|
||||
private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%'
|
||||
encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%'
|
||||
access_token_ttl: PT3H # 3 hours
|
||||
refresh_token_ttl: P1M # 1 month
|
||||
auth_code_ttl: PT3H # 10 minutes
|
||||
access_token_ttl: PT15M # 15 minutes
|
||||
refresh_token_ttl: PT7D # 7 days
|
||||
auth_code_ttl: PT30M # 30 minutes
|
||||
require_code_challenge_for_public_clients: false
|
||||
resource_server:
|
||||
public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%'
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ class LoginSubscriber implements EventSubscriberInterface
|
|||
$user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris')));
|
||||
|
||||
$easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]);
|
||||
if ($easySolution) {
|
||||
/*if ($easySolution) {
|
||||
$accessToken = new AccessToken(
|
||||
identifier: bin2hex(random_bytes(40)),
|
||||
expiry: new \DateTimeImmutable('+1 hour', new \DateTimeZone('Europe/Paris')),
|
||||
|
|
@ -70,7 +70,7 @@ class LoginSubscriber implements EventSubscriberInterface
|
|||
$this->entityManager->persist($user);
|
||||
$this->entityManager->persist($accessToken);
|
||||
$this->entityManager->flush();
|
||||
}
|
||||
}*/
|
||||
}
|
||||
|
||||
// Vérifier si un paramètre redirect_app est présent dans l'URL
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ namespace App\Service;
|
|||
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
|
||||
use League\Bundle\OAuth2ServerBundle\Model\RefreshToken;
|
||||
|
||||
class AccessTokenService
|
||||
{
|
||||
|
|
@ -19,11 +20,12 @@ class AccessTokenService
|
|||
|
||||
public function revokeUserTokens(string $userIdentifier): void
|
||||
{
|
||||
$tokens = $this->entityManager->getRepository(AccessToken::class)->findBy([
|
||||
$accessTokens = $this->entityManager->getRepository(AccessToken::class)->findBy([
|
||||
'userIdentifier' => $userIdentifier,
|
||||
'revoked' => false
|
||||
]);
|
||||
foreach ($tokens as $token) {
|
||||
|
||||
foreach ($accessTokens as $token) {
|
||||
try {
|
||||
$token->revoke();
|
||||
$this->loggerService->logTokenRevocation(
|
||||
|
|
@ -33,17 +35,34 @@ class AccessTokenService
|
|||
'token_id' => $token->getIdentifier(),
|
||||
]
|
||||
);
|
||||
|
||||
// Révoquer les refresh tokens liés à cet access token
|
||||
$refreshTokens = $this->entityManager->getRepository(RefreshToken::class)->findBy([
|
||||
'accessToken' => $token,
|
||||
'revoked' => false
|
||||
]);
|
||||
foreach ($refreshTokens as $refreshToken) {
|
||||
$refreshToken->revoke();
|
||||
$this->loggerService->logTokenRevocation(
|
||||
'Refresh token revoked for user',
|
||||
[
|
||||
'user_identifier' => $userIdentifier,
|
||||
'refresh_token_id' => $refreshToken->getIdentifier(),
|
||||
]
|
||||
);
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
$this->loggerService->logError(
|
||||
'Error revoking access token: ' . $e->getMessage(),
|
||||
'Error revoking tokens: ' . $e->getMessage(),
|
||||
[
|
||||
'user_identifier' => $userIdentifier,
|
||||
'token_id' => $token->getIdentifier(),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
$this->entityManager->flush();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue