Page Menu
Home
WickedGov Phorge
Search
Configure Global Search
Log In
Files
F1429736
RefreshTokenRepository.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
2 KB
Referenced Files
None
Subscribers
None
RefreshTokenRepository.php
View Options
<?php
namespace
MediaWiki\Extension\OAuth\Repository
;
use
InvalidArgumentException
;
use
League\OAuth2\Server\Entities\RefreshTokenEntityInterface
;
use
League\OAuth2\Server\Exception\UniqueTokenIdentifierConstraintViolationException
;
use
League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface
;
use
MediaWiki\Extension\OAuth\Entity\RefreshTokenEntity
;
class
RefreshTokenRepository
extends
CacheRepository
implements
RefreshTokenRepositoryInterface
{
/**
* Creates a new refresh token
*
* @return RefreshTokenEntityInterface|null
*/
public
function
getNewRefreshToken
()
{
return
new
RefreshTokenEntity
();
}
/**
* Create a new refresh token_name.
*
* @param RefreshTokenEntityInterface $refreshTokenEntity
*
* @throws UniqueTokenIdentifierConstraintViolationException
*/
public
function
persistNewRefreshToken
(
RefreshTokenEntityInterface
$refreshTokenEntity
)
{
if
(
!
$refreshTokenEntity
instanceof
RefreshTokenEntity
)
{
throw
new
InvalidArgumentException
(
'$refreshTokenEntity must be instance of '
.
RefreshTokenEntity
::
class
.
', got '
.
get_class
(
$refreshTokenEntity
)
.
' instead'
);
}
if
(
$this
->
has
(
$refreshTokenEntity
->
getIdentifier
()
)
)
{
throw
UniqueTokenIdentifierConstraintViolationException
::
create
();
}
$this
->
set
(
$refreshTokenEntity
->
getIdentifier
(),
$refreshTokenEntity
->
jsonSerialize
(),
$refreshTokenEntity
->
getExpiryDateTime
()->
getTimestamp
()
);
}
/**
* Revoke the refresh token.
*
* @param string $tokenId
*/
public
function
revokeRefreshToken
(
$tokenId
)
{
$this
->
delete
(
$tokenId
);
}
/**
* Check if the refresh token has been revoked.
*
* @param string $tokenId
*
* @return bool Return true if this token has been revoked
*/
public
function
isRefreshTokenRevoked
(
$tokenId
)
{
// Refresh tokens cannot be mass-revoked when the user revokes the approval for a client
// via SpecialMWOAuthManageMyGrants, because they are stored in a key-value store.
// instead we rely on the fact that the refresh token contains the access token ID
// (oaat_identifier), and access tokens are marked invalid but never deleted, except when
// the user revokes the approval for the client.
// TODO would be nicer to directly store the approval ID (oaac_id) in the refresh token repo.
$refreshTokenData
=
$this
->
get
(
$tokenId
);
if
(
$refreshTokenData
===
false
)
{
return
true
;
}
$accessTokenRepository
=
new
AccessTokenRepository
();
return
$accessTokenRepository
->
getApprovalId
(
$refreshTokenData
[
'accessToken'
]
)
===
false
;
}
/**
* Get object type for session key
*
* @return string
*/
protected
function
getCacheKeyType
():
string
{
return
"RefreshToken"
;
}
}
File Metadata
Details
Attached
Mime Type
text/x-php
Expires
Sat, May 16, 17:57 (9 h, 22 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
8d/06/36d20b49d009b34543e8a4d13f73
Default Alt Text
RefreshTokenRepository.php (2 KB)
Attached To
Mode
rMWPROD MediaWiki Production
Attached
Detach File
Event Timeline
Log In to Comment