Skip to content

Commit 4e4cbdf

Browse files
TitaKolevaTitaKoleva
committed
OXDEV-8407 Check expiration field during token validation
1 parent 6a4b8f0 commit 4e4cbdf

4 files changed

Lines changed: 37 additions & 7 deletions

File tree

src/Infrastructure/Token.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,26 @@ public function isTokenRegistered(string $tokenId): bool
4949
return $storage->isLoaded();
5050
}
5151

52+
public function isTokenExpired(string $tokenId): bool
53+
{
54+
$queryBuilder = $this->queryBuilderFactory->create()
55+
->select('oxid')
56+
->from('oegraphqltoken')
57+
->where('OXID = :tokenId')
58+
->andWhere('EXPIRES_AT <= NOW()')
59+
->setParameters([
60+
'tokenId' => $tokenId,
61+
]);
62+
63+
$result = $queryBuilder->execute();
64+
65+
if (is_object($result)) {
66+
return $result->fetchOne() > 0;
67+
}
68+
69+
return false;
70+
}
71+
5272
public function removeExpiredTokens(UserInterface $user): void
5373
{
5474
$queryBuilder = $this->queryBuilderFactory->create()

src/Service/TokenValidator.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ public function __construct(
4141
*/
4242
public function validateToken(UnencryptedToken $token): void
4343
{
44-
if (!$this->areConstraintsValid($token)) {
44+
if (!$this->areConstraintsValid($token) || $this->isTokenExpired($token)) {
4545
throw new InvalidToken();
4646
}
4747

@@ -62,6 +62,11 @@ private function areConstraintsValid(UnencryptedToken $token): bool
6262
return $validator->validate($token, ...$config->validationConstraints());
6363
}
6464

65+
private function isTokenExpired(UnencryptedToken $token): bool
66+
{
67+
return $this->tokenInfrastructure->isTokenExpired($token->claims()->get(Token::CLAIM_TOKENID));
68+
}
69+
6570
private function isUserBlocked(?string $userId): bool
6671
{
6772
$groups = $this->legacyInfrastructure->getUserGroupIds($userId);

tests/Integration/TestCase.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -323,6 +323,11 @@ public function isTokenRegistered(string $tokenId): bool
323323
return true;
324324
}
325325

326+
public function isTokenExpired(string $tokenId): bool
327+
{
328+
return false;
329+
}
330+
326331
public function registerToken(UnencryptedToken $token, DateTimeImmutable $time, DateTimeImmutable $expire): void
327332
{
328333
}

tests/Unit/Service/TokenValidatorTest.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ public function testTokenShopIdValidation(): void
2626

2727
$tokenInfrastructure = $this->createPartialMock(
2828
TokenInfrastructure::class,
29-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
29+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
3030
);
3131
$tokenInfrastructure->method('isTokenRegistered')->willReturn(true);
3232
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
@@ -54,7 +54,7 @@ public function testTokenShopUrlValidation(): void
5454

5555
$tokenInfrastructure = $this->createPartialMock(
5656
TokenInfrastructure::class,
57-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
57+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
5858
);
5959
$tokenInfrastructure->method('isTokenRegistered')->willReturn(true);
6060
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
@@ -85,7 +85,7 @@ public function testTokenUserInBlockedGroup(): void
8585

8686
$tokenInfrastructure = $this->createPartialMock(
8787
TokenInfrastructure::class,
88-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
88+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
8989
);
9090
$tokenInfrastructure->method('isTokenRegistered')->willReturn(true);
9191
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
@@ -108,7 +108,7 @@ public function testExpiredToken(): void
108108

109109
$tokenInfrastructure = $this->createPartialMock(
110110
TokenInfrastructure::class,
111-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
111+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
112112
);
113113
$tokenInfrastructure->method('isTokenRegistered')->willReturn(true);
114114
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
@@ -134,7 +134,7 @@ public function testDeletedToken(): void
134134

135135
$tokenInfrastructure = $this->createPartialMock(
136136
TokenInfrastructure::class,
137-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
137+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
138138
);
139139
$tokenInfrastructure->method('isTokenRegistered')->willReturn(false);
140140
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
@@ -157,7 +157,7 @@ public function testAnonymousToken(): void
157157

158158
$tokenInfrastructure = $this->createPartialMock(
159159
TokenInfrastructure::class,
160-
['registerToken', 'isTokenRegistered', 'removeExpiredTokens', 'canIssueToken']
160+
['registerToken', 'isTokenRegistered', 'isTokenExpired', 'removeExpiredTokens', 'canIssueToken']
161161
);
162162
$tokenInfrastructure->method('canIssueToken')->willReturn(true);
163163
$validator = $this->getTokenValidator($legacy, $tokenInfrastructure);

0 commit comments

Comments
 (0)