#mongodb #oauth-2.0 #yii2
#mongodb #oauth-2.0 #yii2
Вопрос:
Я пытался использовать Aouth2 для защиты API с помощью MongoDB и yii2. но не удается подключить Aouth с MongoDB. У кого-нибудь есть идея, как использовать MongoDB в качестве хранилища для oauth2 в yii2. Ваша помощь будет оценена по достоинству. Спасибо, поток кода такой же, как в
конфигурационный файл :
return [
'id' => 'app-api',
'basePath' => dirname(__DIR__),
'bootstrap' => ['oauth2'],
'modules' => [
'v1' => [
'basePath' => '@app/modules/v1',
'class' => 'apimodulesv1Module'
],
'oauth2' => [
'class' => 'filshyii2oauth2serverModule',
'tokenParamName' => 'accessToken',
'tokenAccessLifetime' => 3600 * 24,
'storageMap' => [
'user_credentials' => 'commonmodelsUsers',
'refresh_token' => 'filshyii2oauth2serverstorageMongo',
'access_token' => 'filshyii2oauth2serverstorageMongo',
'client' => 'filshyii2oauth2serverstorageMongo',
'authorization_code' => 'filshyii2oauth2serverstorageMongo',
'client_credentials' => 'filshyii2oauth2serverstorageMongo',
'public_key' => 'filshyii2oauth2serverstorageMongo',
'jwt_bearer' => 'filshyii2oauth2serverstorageMongo',
'scope' => 'filshyii2oauth2serverstorageMongo',
],
'grantTypes' => [
'user_credentials' => [
'class' => 'OAuth2GrantTypeUserCredentials',
],
'refresh_token' => [
'class' => 'OAuth2GrantTypeRefreshToken',
'always_issue_new_refresh_token' => true
]
]
]
],
Storgage/Mongo.php файл
namespace filshyii2oauth2serverstorage;
class Mongo extends OAuth2StorageMongo
{
protected $db;
protected $config;
public function __construct($connection, $config = array())
{
// print_r($connection);
if ($connection instanceof MongoDB) {
$this->db = $connection;
}
else {
if (!is_array($connection)) {
throw new InvalidArgumentException('First argument to OAuth2_Storage_Mongo must be an instance of MongoDB or a configuration array');
}
$server = sprintf('mongodb://%s:%d', "localhost", "27017");
$m = new MongoClient($server);
$this->db = $m->{"test"};
}
// Unix timestamps might get larger than 32 bits,
// so let's add native support for 64 bit ints.
ini_set('mongo.native_long', 1);
$this->config = array_merge(array(
'client_table' => 'oauth_clients',
'access_token_table' => 'oauth_access_tokens',
'refresh_token_table' => 'oauth_refresh_tokens',
'code_table' => 'oauth_authorization_codes',
'user_table' => 'oauth_users',
'jwt_table' => 'oauth_jwt',
), $config);
}
// Helper function to access a MongoDB collection by `type`:
protected function collection($name)
{
return $this->db->{$this->config[$name]};
}
/* ClientCredentialsInterface */
public function checkClientCredentials($client_id, $client_secret = null)
{
$result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
return $result['client_secret'] == $client_secret;
}
public function getClientDetails($client_id)
{
$result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
return is_null($result) ? false : $result;
}
public function checkRestrictedGrantType($client_id, $grant_type)
{
$details = $this->getClientDetails($client_id);
if (isset($details['grant_types'])) {
return in_array($grant_type, (array) $details['grant_types']);
}
// if grant_types are not defined, then none are restricted
return true;
}
/* AccessTokenInterface */
public function getAccessToken($access_token)
{
$token = $this->collection('access_token_table')->findOne(array('access_token' => $access_token));
return is_null($token) ? false : $token;
}
public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
{
// if it exists, update it.
if ($this->getAccessToken($access_token)) {
$this->collection('access_token_table')->update(
array('access_token' => $access_token),
array('$set' => array(
'client_id' => $client_id,
'expires' => $expires,
'user_id' => $user_id,
'scope' => $scope
))
);
} else {
$this->collection('access_token_table')->insert(
array(
'access_token' => $access_token,
'client_id' => $client_id,
'expires' => $expires,
'user_id' => $user_id,
'scope' => $scope
)
);
}
return true;
}
/* AuthorizationCodeInterface */
public function getAuthorizationCode($code)
{
$code = $this->collection('code_table')->findOne(array('authorization_code' => $code));
return is_null($code) ? false : $code;
}
public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $token_id = null)
{
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
$this->collection('code_table')->update(
array('authorization_code' => $code),
array('$set' => array(
'client_id' => $client_id,
'user_id' => $user_id,
'redirect_uri' => $redirect_uri,
'expires' => $expires,
'scope' => $scope
))
);
} else {
$this->collection('code_table')->insert(
array(
'authorization_code' => $code,
'client_id' => $client_id,
'user_id' => $user_id,
'redirect_uri' => $redirect_uri,
'expires' => $expires,
'scope' => $scope
)
);
}
return true;
}
public function expireAuthorizationCode($code)
{
$this->collection('code_table')->remove(array('authorization_code' => $code));
return true;
}
/* UserCredentialsInterface */
public function checkUserCredentials($username, $password)
{
if ($user = $this->getUser($username)) {
return $this->checkPassword($user, $password);
}
return false;
}
public function getUserDetails($username)
{
if ($user = $this->getUser($username)) {
$user['user_id'] = $user['username'];
}
return $user;
}
/* RefreshTokenInterface */
public function getRefreshToken($refresh_token)
{
$token = $this->collection('refresh_token_table')->findOne(array('refresh_token' => $refresh_token));
return is_null($token) ? false : $token;
}
public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
{
$this->collection('refresh_token_table')->insert(
array(
'refresh_token' => $refresh_token,
'client_id' => $client_id,
'user_id' => $user_id,
'expires' => $expires,
'scope' => $scope
)
);
return true;
}
public function unsetRefreshToken($refresh_token)
{
$this->collection('refresh_token_table')->remove(array('refresh_token' => $refresh_token));
return true;
}
// plaintext passwords are bad! Override this for your application
protected function checkPassword($user, $password)
{
return $user['password'] == $password;
}
public function getUser($username)
{
$result = $this->collection('user_table')->findOne(array('username' => $username));
return is_null($result) ? false : $result;
}
public function setUser($username, $password, $firstName = null, $lastName = null)
{
if ($this->getUser($username)) {
$this->collection('user_table')->update(
array('username' => $username),
array('$set' => array(
'password' => $password,
'first_name' => $firstName,
'last_name' => $lastName
))
);
} else {
$this->collection('user_table')->insert(
array(
'username' => $username,
'password' => $password,
'first_name' => $firstName,
'last_name' => $lastName
)
);
}
return true;
}
public function getClientKey($client_id, $subject)
{
$result = $this->collection('jwt_table')->findOne(array(
'client_id' => $client_id,
'subject' => $subject
));
return $result;
}
}
… Ошибка, которая отображается
{
"name": "Invalid Configuration",
"message": "Missing required parameter "connection" when instantiating "filsh\yii2\oauth2server\storage\Mongo".",
"code": 0,
"type": "yii\base\InvalidConfigException",
"file": "/var/www/html/advanced/vendor/yiisoft/yii2/di/Container.php",
"line": 457,
"stack-trace": [
"#0 /var/www/html/advanced/vendor/yiisoft/yii2/di/Container.php(367): yii\di\Container->resolveDependencies(Array, Object(ReflectionClass))",
"#1 /var/www/html/advanced/vendor/yiisoft/yii2/di/Container.php(154): yii\di\Container->build('filsh\yii2\oaut...', Array, Array)",
"#2 /var/www/html/advanced/vendor/yiisoft/yii2/di/Container.php(172): yii\di\Container->get('filsh\yii2\oaut...', Array, Array)",
"#3 /var/www/html/advanced/vendor/filsh/yii2-oauth2-server/Module.php(80): yii\di\Container->get('refresh_token')",
"#4 /var/www/html/advanced/vendor/filsh/yii2-oauth2-server/controllers/RestController.php(25): filsh\yii2\oauth2server\Module->getServer()",
"#5 [internal function]: filsh\yii2\oauth2server\controllers\RestController->actionToken()",
"#6 /var/www/html/advanced/vendor/yiisoft/yii2/base/InlineAction.php(55): call_user_func_array(Array, Array)",
"#7 /var/www/html/advanced/vendor/yiisoft/yii2/base/Controller.php(154): yii\base\InlineAction->runWithParams(Array)",
"#8 /var/www/html/advanced/vendor/yiisoft/yii2/base/Module.php(454): yii\base\Controller->runAction('token', Array)",
"#9 /var/www/html/advanced/vendor/yiisoft/yii2/web/Application.php(87): yii\base\Module->runAction('oauth2/rest/tok...', Array)",
"#10 /var/www/html/advanced/vendor/yiisoft/yii2/base/Application.php(375): yii\web\Application->handleRequest(Object(yii\web\Request))",
"#11 /var/www/html/advanced/api/web/index.php(19): yii\base\Application->run()",
"#12 {main}"
]
}
Комментарии:
1. Пожалуйста, предоставьте больше информации для вашего случая. Что пошло не так?
2. @ZhukovRA Я отредактировал свой вопрос, пожалуйста, просмотрите его
Ответ №1:
Я думаю, что ваша ошибка заключается в конфигурации модуля:
'refresh_token' => 'filshyii2oauth2serverstorageMongo',
'access_token' => 'filshyii2oauth2serverstorageMongo',
'client' => 'filshyii2oauth2serverstorageMongo',
'authorization_code' => 'filshyii2oauth2serverstorageMongo',
'client_credentials' => 'filshyii2oauth2serverstorageMongo',
'public_key' => 'filshyii2oauth2serverstorageMongo',
'jwt_bearer' => 'filshyii2oauth2serverstorageMongo',
'scope' => 'filshyii2oauth2serverstorageMongo',
Вам не нужны эти строки. Пожалуйста, прочитайте инструкции по установке в официальном репозитории github. Ваш User класс должен использовать соединение с MongoDB, если вы хотите использовать MongoDB.
Ответ №2:
введите описание изображения здесь Это моя модифицированная схема подключения к MongoDB «OAuth с MongoDB в yii2», которую можно использовать в обычном режиме после тестирования.Вот мой код: от KuangFeng
<?php
namespace appcomponentsoauth2storage;
use MongoDBClient;
use MongoDBDatabase;
use MongoDBDriverManager;
use yiihelpersJson;
/**
* Simple MongoDB storage for all storage types
*
* NOTE: This class is meant to get users started
* quickly. If your application requires further
* customization, extend this class or create your own.
*
* NOTE: Passwords are stored in plaintext, which is never
* a good idea. Be sure to override this for your application
*
* @author Julien Chaumond <chaumond@gmail.com>
*/
class MongoDB extends OAuth2StorageMongoDB
{
protected $db;
protected $config;
protected $connect = 'mongodb';
public function __construct($connection = [], $config = array())
{
if (empty($connection)) {
$connection = Yii::$app->get($this->connect);
}
if ($connection instanceof Database) {
$this->db = $connection;
} else {
if (!is_object($connection) amp;amp; !is_array($connection)) {
throw new InvalidArgumentException('First argument to OAuth2StorageMongo must be an instance of MongoDBDatabase or a configuration array');
}
$dsn = $connection->dsn;
$hostAndDb = explode("@", $dsn)[1];
$temp = explode('/', $hostAndDb);
$db = $temp[1];
$hostAndPort = $temp[0];
$username = $connection->options['username'];
$password = $connection->options['password'];
//$server = sprintf('mongodb://@%s', $hostAndDb);
$server = $connection->dsn;
$m = new Client($server,['username' => $username,'password' => $password]);
$this->db = $m->selectDatabase($db);
}
$this->config = array_merge(array(
'client_table' => 'oauth_clients',
'access_token_table' => 'oauth_access_tokens',
'refresh_token_table' => 'oauth_refresh_tokens',
'code_table' => 'oauth_authorization_codes',
'user_table' => 'oauth_users',
'jwt_table' => 'oauth_jwt',
'jti_table' => 'oauth_jti',
'scope_table' => 'oauth_scopes',
'key_table' => 'oauth_keys',
), $config);
}
/* ClientCredentialsInterface */
public function checkClientCredentials($client_id, $client_secret = null)
{
if ($result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
return $result['client_secret'] == $client_secret;
}
return false;
}
public function isPublicClient($client_id)
{
if (!$result = $this->collection('client_table')->findOne(array('client_id' => $client_id))) {
return false;
}
return empty($result['client_secret']);
}
/* ClientInterface */
public function getClientDetails($client_id)
{
$result = $this->collection('client_table')->findOne(array('client_id' => $client_id));
return is_null($result) ? false : $result;
}
public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
{
if ($this->getClientDetails($client_id)) {
$result = $this->collection('client_table')->updateOne(
array('client_id' => $client_id),
array('$set' => array(
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_types' => $grant_types,
'scope' => $scope,
'user_id' => $user_id,
))
);
return $result->getMatchedCount() > 0;
}
$client = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_types' => $grant_types,
'scope' => $scope,
'user_id' => $user_id,
);
$result = $this->collection('client_table')->insertOne($client);
return $result->getInsertedCount() > 0;
}
public function checkRestrictedGrantType($client_id, $grant_type)
{
$details = $this->getClientDetails($client_id);
if (isset($details['grant_types'])) {
$grant_types = explode(' ', $details['grant_types']);
return in_array($grant_type, $grant_types);
}
// if grant_types are not defined, then none are restricted
return true;
}
/* AccessTokenInterface */
public function getAccessToken($access_token)
{
$token = $this->collection('access_token_table')->findOne(array('access_token' => $access_token));
return is_null($token) ? false : $token;
}
public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
{
// if it exists, update it.
if ($this->getAccessToken($access_token)) {
$result = $this->collection('access_token_table')->updateOne(
array('access_token' => $access_token),
array('$set' => array(
'client_id' => $client_id,
'expires' => $expires,
'user_id' => $user_id,
'scope' => $scope,
))
);
return $result->getMatchedCount() > 0;
}
$token = array(
'access_token' => $access_token,
'client_id' => $client_id,
'expires' => $expires,
'user_id' => $user_id,
'scope' => $scope,
);
$result = $this->collection('access_token_table')->insertOne($token);
return $result->getInsertedCount() > 0;
}
public function unsetAccessToken($access_token)
{
$result = $this->collection('access_token_table')->deleteOne(array(
'access_token' => $access_token,
));
return $result->getDeletedCount() > 0;
}
/* AuthorizationCodeInterface */
public function getAuthorizationCode($code)
{
$code = $this->collection('code_table')->findOne(array(
'authorization_code' => $code,
));
return is_null($code) ? false : $code;
}
public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
{
// if it exists, update it.
if ($this->getAuthorizationCode($code)) {
$result = $this->collection('code_table')->updateOne(
array('authorization_code' => $code),
array('$set' => array(
'client_id' => $client_id,
'user_id' => $user_id,
'redirect_uri' => $redirect_uri,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
))
);
return $result->getMatchedCount() > 0;
}
$token = array(
'authorization_code' => $code,
'client_id' => $client_id,
'user_id' => $user_id,
'redirect_uri' => $redirect_uri,
'expires' => $expires,
'scope' => $scope,
'id_token' => $id_token,
);
$result = $this->collection('code_table')->insertOne($token);
return $result->getInsertedCount() > 0;
}
public function expireAuthorizationCode($code)
{
$result = $this->collection('code_table')->deleteOne(array(
'authorization_code' => $code,
));
return $result->getDeletedCount() > 0;
}
/* UserCredentialsInterface */
public function checkUserCredentials($username, $password)
{
if ($user = $this->getUser($username)) {
return $this->checkPassword($user, $password);
}
return false;
}
public function getUserDetails($username)
{
if ($user = $this->getUser($username)) {
$user['user_id'] = $user['username'];
}
return $user;
}
/* RefreshTokenInterface */
public function getRefreshToken($refresh_token)
{
$token = $this->collection('refresh_token_table')->findOne(array(
'refresh_token' => $refresh_token,
));
return is_null($token) ? false : $token;
}
public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
{
$token = array(
'refresh_token' => $refresh_token,
'client_id' => $client_id,
'user_id' => $user_id,
'expires' => $expires,
'scope' => $scope,
);
$result = $this->collection('refresh_token_table')->insertOne($token);
return $result->getInsertedCount() > 0;
}
public function unsetRefreshToken($refresh_token)
{
$result = $this->collection('refresh_token_table')->deleteOne(array(
'refresh_token' => $refresh_token,
));
return $result->getDeletedCount() > 0;
}
// plaintext passwords are bad! Override this for your application
protected function checkPassword($user, $password)
{
return $user['password'] == $password;
}
public function getUser($username)
{
$result = $this->collection('user_table')->findOne(array('username' => $username));
return is_null($result) ? false : $result;
}
public function setUser($username, $password, $firstName = null, $lastName = null)
{
if ($this->getUser($username)) {
$result = $this->collection('user_table')->updateOne(
array('username' => $username),
array('$set' => array(
'password' => $password,
'first_name' => $firstName,
'last_name' => $lastName,
))
);
return $result->getMatchedCount() > 0;
}
$user = array(
'username' => $username,
'password' => $password,
'first_name' => $firstName,
'last_name' => $lastName,
);
$result = $this->collection('user_table')->insertOne($user);
return $result->getInsertedCount() > 0;
}
public function getClientKey($client_id, $subject)
{
$result = $this->collection('jwt_table')->findOne(array(
'client_id' => $client_id,
'subject' => $subject,
));
return is_null($result) ? false : $result['key'];
}
public function getClientScope($client_id)
{
if (!$clientDetails = $this->getClientDetails($client_id)) {
return false;
}
if (isset($clientDetails['scope'])) {
return $clientDetails['scope'];
}
return null;
}
public function getJti($client_id, $subject, $audience, $expires, $jti)
{
//TODO: Needs mongodb implementation.
throw new Exception('getJti() for the MongoDB driver is currently unimplemented.');
}
public function setJti($client_id, $subject, $audience, $expires, $jti)
{
//TODO: Needs mongodb implementation.
throw new Exception('setJti() for the MongoDB driver is currently unimplemented.');
}
public function getPublicKey($client_id = null)
{
if ($client_id) {
$result = $this->collection('key_table')->findOne(array(
'client_id' => $client_id,
));
if ($result) {
return $result['public_key'];
}
}
$result = $this->collection('key_table')->findOne(array(
'client_id' => null,
));
return is_null($result) ? false : $result['public_key'];
}
public function getPrivateKey($client_id = null)
{
if ($client_id) {
$result = $this->collection('key_table')->findOne(array(
'client_id' => $client_id,
));
if ($result) {
return $result['private_key'];
}
}
$result = $this->collection('key_table')->findOne(array(
'client_id' => null,
));
return is_null($result) ? false : $result['private_key'];
}
public function getEncryptionAlgorithm($client_id = null)
{
if ($client_id) {
$result = $this->collection('key_table')->findOne(array(
'client_id' => $client_id,
));
if ($result) {
return $result['encryption_algorithm'];
}
}
$result = $this->collection('key_table')->findOne(array(
'client_id' => null,
));
return is_null($result) ? 'RS256' : $result['encryption_algorithm'];
}
// Helper function to access a MongoDB collection by `type`:
protected function collection($name)
{
return $this->db->{$this->config[$name]};
}
}