diff --git a/config/packages/league_oauth2_server.yaml b/config/packages/league_oauth2_server.yaml index cac96cd..9e6c08d 100644 --- a/config/packages/league_oauth2_server.yaml +++ b/config/packages/league_oauth2_server.yaml @@ -3,9 +3,9 @@ league_oauth2_server: private_key: '%env(resolve:OAUTH_PRIVATE_KEY)%' private_key_passphrase: '%env(resolve:OAUTH_PASSPHRASE)%' encryption_key: '%env(resolve:OAUTH_ENCRYPTION_KEY)%' - access_token_ttl: PT3H # 3 hours - refresh_token_ttl: P1M # 1 month - auth_code_ttl: PT3H # 10 minutes + access_token_ttl: PT15M # 15 minutes + refresh_token_ttl: PT7D # 7 days + auth_code_ttl: PT30M # 30 minutes require_code_challenge_for_public_clients: false resource_server: public_key: '%env(resolve:OAUTH_PUBLIC_KEY)%' diff --git a/src/EventSubscriber/LoginSubscriber.php b/src/EventSubscriber/LoginSubscriber.php index c63f9af..59c7c05 100644 --- a/src/EventSubscriber/LoginSubscriber.php +++ b/src/EventSubscriber/LoginSubscriber.php @@ -59,7 +59,7 @@ class LoginSubscriber implements EventSubscriberInterface $user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris'))); $easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]); - if ($easySolution) { + /*if ($easySolution) { $accessToken = new AccessToken( identifier: bin2hex(random_bytes(40)), expiry: new \DateTimeImmutable('+1 hour', new \DateTimeZone('Europe/Paris')), @@ -70,7 +70,7 @@ class LoginSubscriber implements EventSubscriberInterface $this->entityManager->persist($user); $this->entityManager->persist($accessToken); $this->entityManager->flush(); - } + }*/ } // Vérifier si un paramètre redirect_app est présent dans l'URL diff --git a/src/Service/AccessTokenService.php b/src/Service/AccessTokenService.php index b36a229..102fd56 100644 --- a/src/Service/AccessTokenService.php +++ b/src/Service/AccessTokenService.php @@ -4,6 +4,7 @@ namespace App\Service; use Doctrine\ORM\EntityManagerInterface; use League\Bundle\OAuth2ServerBundle\Model\AccessToken; +use League\Bundle\OAuth2ServerBundle\Model\RefreshToken; class AccessTokenService { @@ -19,12 +20,13 @@ class AccessTokenService public function revokeUserTokens(string $userIdentifier): void { - $tokens = $this->entityManager->getRepository(AccessToken::class)->findBy([ + $accessTokens = $this->entityManager->getRepository(AccessToken::class)->findBy([ 'userIdentifier' => $userIdentifier, 'revoked' => false ]); - foreach ($tokens as $token) { - try{ + + foreach ($accessTokens as $token) { + try { $token->revoke(); $this->loggerService->logTokenRevocation( 'Access token revoked for user', @@ -33,17 +35,34 @@ class AccessTokenService 'token_id' => $token->getIdentifier(), ] ); - }catch (\Exception $e){ + + // Révoquer les refresh tokens liés à cet access token + $refreshTokens = $this->entityManager->getRepository(RefreshToken::class)->findBy([ + 'accessToken' => $token, + 'revoked' => false + ]); + foreach ($refreshTokens as $refreshToken) { + $refreshToken->revoke(); + $this->loggerService->logTokenRevocation( + 'Refresh token revoked for user', + [ + 'user_identifier' => $userIdentifier, + 'refresh_token_id' => $refreshToken->getIdentifier(), + ] + ); + } + } catch (\Exception $e) { $this->loggerService->logError( - 'Error revoking access token: ' . $e->getMessage(), + 'Error revoking tokens: ' . $e->getMessage(), [ 'user_identifier' => $userIdentifier, 'token_id' => $token->getIdentifier(), ] ); } - } + + $this->entityManager->flush(); } }