Oauth2_00001_CreateOauth2TablesMigration::safeUp() - Code Metrics - Inspection of "Fix for #3: Made oauth server compatible with Post..." - rhertogh/yii2-oauth2-server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 0a6cdc...dbb3a5 )

by Rutger

created 2022-09-08 00:42 UTC

Oauth2_00001_CreateOauth2TablesMigration::safeUp() B

↳ Parent: Oauth2_00001_CreateOauth2TablesMigration

Complexity

Conditions	7
Paths	13

Size

Total Lines	31
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	23
CRAP Score	7

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	25
c	1
b	0
f	0
dl	0
loc	31
ccs	23
cts	23
cp	1
rs	8.5866
cc	7
nc	13
nop	0
crap	7

<?php

namespace rhertogh\Yii2Oauth2Server\migrations;

use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AccessTokenInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AccessTokenScopeInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AuthCodeInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AuthCodeScopeInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ClientInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ClientScopeInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2RefreshTokenInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ScopeInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2UserClientInterface;
use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2UserClientScopeInterface;
use rhertogh\Yii2Oauth2Server\migrations\base\Oauth2BaseMigration;
use rhertogh\Yii2Oauth2Server\models\Oauth2AccessToken;
use rhertogh\Yii2Oauth2Server\models\Oauth2Client;
use rhertogh\Yii2Oauth2Server\models\Oauth2Scope;
use rhertogh\Yii2Oauth2Server\Oauth2Module;
use yii\base\InvalidConfigException;
use yii\db\ColumnSchemaBuilder;
use yii\db\Schema;

/**
 * phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps
 * phpcs:disable Generic.Files.LineLength.TooLong
 */
abstract class Oauth2_00001_CreateOauth2TablesMigration extends Oauth2BaseMigration
{
    /**
     * @var int Number of tables expected to be returned by getTables(),
     * when dependency injection is misconfigured this can be off.
     */
    protected $numTables = 10;

    /**
     * @inheritDoc
     */
    public static function generationIsActive($module)
    {
        return true;
    }

    /**
     * @inheritDoc
     */
    public function safeUp()
    {
        foreach ($this->getTables() as $table => $definition) {
            $this->createTable($table, $definition['table']);
            $rawTableName = $this->getDb()->getSchema()->getRawTableName($table);
            if (!empty($definition['primaryKey'])) {
                $this->addPrimaryKey(
                    $rawTableName . '_pk',
                    $table,
                    $definition['primaryKey']['columns']
                );
            }
            if (!empty($definition['indexes'])) {
                foreach ($definition['indexes'] as $index) {
                    $this->createIndex(
                        $rawTableName . '_' . $index['name'] . '_index',
                        $table,
                        $index['columns'],
                        $index['unique']);
                }
            }
            if (!empty($definition['foreignKeys'])) {
                foreach ($definition['foreignKeys'] as $foreignKey) {
                    $this->addForeignKey(
                        $rawTableName . '_' . $foreignKey['name'] . '_fk',
                        $table,
                        $foreignKey['columns'],
                        $foreignKey['refTable'],
                        $foreignKey['refColumns'],
                        $foreignKey['delete'],
                        $foreignKey['update'],
                    );
                }
            }
        }
    }

    /**
     * @inheritDoc
     */
    public function safeDown()
    {
        foreach (array_reverse($this->getTables()) as $table => $definition) {
            $this->dropTable($table);
        }
    }

    /**
     * Get all table definitions.
     * @return array[]
     * @throws InvalidConfigException
     * @since 1.0.0
     */
    protected function getTables()
    {
        $module = Oauth2Module::getInstance();
        if (empty($module)) {
            throw new InvalidConfigException('Oauth2Module is not instantiated. Is it added to the config in the "module" and "bootstrap" section?');
        }

        $accessTokenTable = $this->getTableName(Oauth2AccessTokenInterface::class);
        $accessTokenScopeTable = $this->getTableName(Oauth2AccessTokenScopeInterface::class);
        $authCodeTable = $this->getTableName(Oauth2AuthCodeInterface::class);
        $authCodeScopeTable = $this->getTableName(Oauth2AuthCodeScopeInterface::class);
        $clientTable = $this->getTableName(Oauth2ClientInterface::class);
        $clientScopeTable = $this->getTableName(Oauth2ClientScopeInterface::class);
        $refreshTokenTable = $this->getTableName(Oauth2RefreshTokenInterface::class);
        $scopeTable = $this->getTableName(Oauth2ScopeInterface::class);
        $userClientTable = $this->getTableName(Oauth2UserClientInterface::class);
        $userClientScopeTable = $this->getTableName(Oauth2UserClientScopeInterface::class);

        $userTableSchema = $this->getTableSchema($module->identityClass);
        if ($userTableSchema) {

            if (count($userTableSchema->primaryKey) != 1) {
                throw new InvalidConfigException('The primary key of `userClass` must consist of a single column');
            }
            $userTable = $userTableSchema->name;
            $userPkColumn = $userTableSchema->primaryKey[0];
            $userPkSchema = $userTableSchema->columns[$userPkColumn];
        } else {
            $userTable = false;
            $userPkColumn = null;
            $userPkSchema = null;
        }

        if ($userPkSchema) {

            /** @var ColumnSchemaBuilder $userPkSchemaColumnBuilder */
            $userPkSchemaColumnBuilder = $this->{$userPkSchema->type}();
        } else {
            $userPkSchemaColumnBuilder = $this->string();
        }

        // See https://datatracker.ietf.org/doc/html/rfc7591#section-2
        // (although not yet fully implemented, some fields follow this standard).
        $tables = [
            $clientTable => [
                'table' => [
                    'id' => $this->primaryKey(),
                    'identifier' => $this->string()->notNull()->unique(),
                    'name' => $this->string()->notNull(),
                    'type' => $this->integer()->notNull()->defaultValue(Oauth2ClientInterface::TYPE_CONFIDENTIAL),
                    'secret' => $this->text(),
                    'old_secret' => $this->text(),
                    'old_secret_valid_until' => $this->dateTime(),
                    'logo_uri' => $this->string(),
                    'tos_uri' => $this->string(),
                    'contacts' => $this->text()
                        ->comment('JSON encoded array of strings with contact details for the client.'),
                    'redirect_uris' => $this->json(),
                    'token_types' => $this->integer()->notNull()->defaultValue(Oauth2AccessToken::TYPE_BEARER),
                    'grant_types' => $this->integer()->notNull()->defaultValue(Oauth2Module::GRANT_TYPE_AUTH_CODE | Oauth2Module::GRANT_TYPE_REFRESH_TOKEN),
                    'scope_access' => $this->integer()->notNull()->defaultValue(Oauth2Client::SCOPE_ACCESS_STRICT)
                        ->comment('Determines how strict scopes must be defined for this client.'),
                    'user_account_selection' => $this->integer()->comment('Determines when to show user account selection screen. Using Oauth2Module::$defaultUserAccountSelection when `null`.'),
                    'allow_auth_code_without_pkce' => $this->boolean()->notNull()->defaultValue(false)
                        ->comment('Require clients to use PKCE when using the auth_code grant type.'),
                    'skip_authorization_if_scope_is_allowed' => $this->boolean()->notNull()->defaultValue(false)
                        ->comment('Skip user authorization of client if there are no scopes that require authorization.'),
                    'client_credentials_grant_user_id' => (clone $userPkSchemaColumnBuilder)
                        ->comment("Optional user id to use in case of grant type 'client_credentials'."
                        . " This user account should also be connected to the client via the `$userClientTable` table and, if applicable, the `$userClientScopeTable` table."),
                    'oidc_allow_offline_access_without_consent' => $this->boolean()->notNull()->defaultValue(false)
                        ->comment('Allow the OpenID Connect "offline_access" scope for this client without the "prompt" parameter contains "consent".'),
                    'oidc_userinfo_encrypted_response_alg' => $this->string(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'foreignKeys' => [
                    ...(
                        $userTable
                        ? [
                            [
                                'name' => 'client_credentials_grant_user_id',
                                'columns' => ['client_credentials_grant_user_id'],
                                'refTable' => $userTable,
                                'refColumns' => $userPkColumn,
                                'delete' => static::RESTRICT,
                                'update' => static::CASCADE,
                            ],
                        ]
                        : []
                    ),
                ],
                'indexes' => [
                    ...(
                        !$userTable
                        ? [
                            [
                                'name' => 'client_credentials_grant_user_id',
                                'columns' => ['client_credentials_grant_user_id'],
                                'unique' => false,
                            ],
                        ]
                        : []
                    ),
                    [
                        'name' => 'token_types',
                        'columns' => ['token_types'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'grant_types',
                        'columns' => ['grant_types'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $scopeTable => [
                'table' => [
                    'id' => $this->primaryKey(),
                    'identifier' => $this->string()->notNull()->unique(),
                    'description' => $this->text(),
                    'authorization_message' => $this->text(),
                    'applied_by_default' => $this->integer()->notNull()->defaultValue(Oauth2Scope::APPLIED_BY_DEFAULT_NO),
                    'required_on_authorization' => $this->boolean()->notNull()->defaultValue(true),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'indexes' => [
                    [
                        'name' => 'applied_by_default',
                        'columns' => ['applied_by_default'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $clientScopeTable => [
                'table' => [
                    'client_id' => $this->integer()->notNull(),
                    'scope_id' => $this->integer()->notNull(),
                    'applied_by_default' => $this->integer(),
                    'required_on_authorization' => $this->boolean(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'primaryKey' => [
                    'columns' => ['client_id', 'scope_id'],
                ],
                'foreignKeys' => [
                    [
                        'name' => 'client_id',
                        'columns' => ['client_id'],
                        'refTable' => $clientTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    [
                        'name' => 'scope_id',
                        'columns' => ['scope_id'],
                        'refTable' => $scopeTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                ],
                'indexes' => [
                    [
                        'name' => 'applied_by_default',
                        'columns' => ['applied_by_default'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $authCodeTable => [
                'table' => [
                    'id' => $this->bigPrimaryKey()->unsigned(),
                    'identifier' => $this->string()->notNull()->unique(),
                    'redirect_uri' => $this->string(),
                    'expiry_date_time' => $this->dateTime()->notNull(),
                    'client_id' => $this->integer()->notNull(),
                    'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
                    'enabled' => $this->boolean()->notNull()->defaultValue(true), // ToDo: do we need this ???
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'foreignKeys' => [
                    [
                        'name' => 'client_id',
                        'columns' => ['client_id'],
                        'refTable' => $clientTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    ...(
                    $userTable
                        ? [
                        [
                            'name' => 'user_id',
                            'columns' => ['user_id'],
                            'refTable' => $userTable,
                            'refColumns' => $userPkColumn,
                            'delete' => static::CASCADE,
                            'update' => static::CASCADE,
                        ],
                    ]
                        : []
                    ),
                ],
                'indexes' => [
                    ...(
                    !$userTable
                        ? [
                        [
                            'name' => 'user_id',
                            'columns' => ['user_id'],
                            'unique' => false,
                        ],
                    ]
                        : []
                    ),
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $authCodeScopeTable => [
                'table' => [
                    'auth_code_id' => $this->bigInteger()->unsigned()->notNull(),
                    'scope_id' => $this->integer()->notNull(),
                    'created_at' => $this->integer()->notNull(),
                ],
                'primaryKey' => [
                    'columns' => ['auth_code_id', 'scope_id'],
                ],
                'foreignKeys' => [
                    [
                        'name' => 'auth_code_id',
                        'columns' => ['auth_code_id'],
                        'refTable' => $authCodeTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    [
                        'name' => 'scope_id',
                        'columns' => ['scope_id'],
                        'refTable' => $scopeTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                ],
            ],

            $accessTokenTable => [
                'table' => [
                    'id' => $this->bigPrimaryKey()->unsigned(),
                    'identifier' => $this->string()->notNull()->unique(),
                    'client_id' => $this->integer()->notNull(),
                    'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' DEFAULT NULL',
                    'type' => $this->integer()->notNull(),
                    'mac_key' => $this->string(500),
                    'mac_algorithm' => Schema::TYPE_SMALLINT,
                    'allowance' => Schema::TYPE_SMALLINT,
                    'allowance_updated_at' => $this->integer(),
                    'expiry_date_time' => $this->dateTime()->notNull(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'foreignKeys' => [
                    [
                        'name' => 'client_id',
                        'columns' => ['client_id'],
                        'refTable' => $clientTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    ...(
                    $userTable
                        ? [
                            [
                                'name' => 'user_id',
                                'columns' => ['user_id'],
                                'refTable' => $userTable,
                                'refColumns' => $userPkColumn,
                                'delete' => static::CASCADE,
                                'update' => static::CASCADE,
                            ],
                        ]
                        : []
                    ),
                ],
                'indexes' => [
                    ...(
                    !$userTable
                        ? [
                            [
                                'name' => 'user_id',
                                'columns' => ['user_id'],
                                'unique' => false,
                            ],
                        ]
                        : []
                    ),
                    [
                        'name' => 'type',
                        'columns' => ['type'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'mac_algorithm',
                        'columns' => ['mac_algorithm'],
                        'unique' => false,
                    ],
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $accessTokenScopeTable => [
                'table' => [
                    'access_token_id' => $this->bigInteger()->unsigned()->notNull(),
                    'scope_id' => $this->integer()->notNull(),
                    'created_at' => $this->integer()->notNull(),
                ],
                'primaryKey' => [
                    'columns' => ['access_token_id', 'scope_id'],
                ],
                'foreignKeys' => [
                    [
                        'name' => 'access_token_id',
                        'columns' => ['access_token_id'],
                        'refTable' => $accessTokenTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    [
                        'name' => 'scope_id',
                        'columns' => ['scope_id'],
                        'refTable' => $scopeTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                ],
            ],

            $refreshTokenTable => [
                'table' => [
                    'id' => $this->bigPrimaryKey()->unsigned(),
                    'access_token_id' => $this->bigInteger()->unsigned(),
                    'identifier' => $this->string()->notNull()->unique(),
                    'expiry_date_time' => $this->dateTime()->notNull(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'foreignKeys' => [
                    [
                        'name' => 'access_token_id',
                        'columns' => ['access_token_id'],
                        'refTable' => $accessTokenTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                ],
                'indexes' => [
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $userClientTable => [
                'table' => [
                    'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
                    'client_id' => $this->integer()->notNull(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'primaryKey' => [
                    'columns' => ['user_id', 'client_id'],
                ],
                'foreignKeys' => [
                    [
                        'name' => 'client_id',
                        'columns' => ['client_id'],
                        'refTable' => $clientTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    ...(
                    $userTable
                        ? [
                            [
                                'name' => 'user_id',
                                'columns' => ['user_id'],
                                'refTable' => $userTable,
                                'refColumns' => $userPkColumn,
                                'delete' => static::CASCADE,
                                'update' => static::CASCADE,
                            ],
                        ]
                        : []
                    ),
                ],
                'indexes' => [
                    ...(
                    !$userTable
                        ? [
                            [
                                'name' => 'user_id',
                                'columns' => ['user_id'],
                                'unique' => false,
                            ],
                        ]
                        : []
                    ),
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],

            $userClientScopeTable => [
                'table' => [
                    'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
                    'client_id' => $this->integer()->notNull(),
                    'scope_id' => $this->integer()->notNull(),
                    'enabled' => $this->boolean()->notNull()->defaultValue(true),
                    'created_at' => $this->integer()->notNull(),
                    'updated_at' => $this->integer()->notNull(),
                ],
                'primaryKey' => [
                    'columns' => ['user_id', 'client_id', 'scope_id'],
                ],
                'foreignKeys' => [
                    [
                        'name' => 'user_client_id',
                        'columns' => ['user_id', 'client_id'],
                        'refTable' => $userClientTable,
                        'refColumns' => ['user_id', 'client_id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                    [ # Note: Not connected to client_scope table since scopes can also be applied by default to all clients
                        'name' => 'scope_id',
                        'columns' => ['scope_id'],
                        'refTable' => $scopeTable,
                        'refColumns' => ['id'],
                        'delete' => static::CASCADE,
                        'update' => static::CASCADE,
                    ],
                ],
                'indexes' => [
                    [
                        'name' => 'enabled',
                        'columns' => ['enabled'],
                        'unique' => false,
                    ],
                ],
            ],
        ];

        if (count(array_unique(array_keys($tables))) != $this->numTables) {
            throw new InvalidConfigException('Incorrect number of tables in definition. Are the Active Record classes correctly configured?');
        }

        return $tables;
    }

//    /**
//     * @param string $tableClass
//     * @return ActiveRecord
//     * @throws InvalidConfigException
//     */
//    protected function getArInstance($tableClass)
//    {
//        $activeRecord = Yii::createObject($tableClass);
//
//        if (!($activeRecord instanceof ActiveRecord)) {
//            throw new InvalidConfigException($tableClass . ' must be an instance of ActiveRecord');
//        }
//
//        return $activeRecord;
//    }
}


1		<?php
2
3		namespace rhertogh\Yii2Oauth2Server\migrations;
4
5		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AccessTokenInterface;
6		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AccessTokenScopeInterface;
7		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AuthCodeInterface;
8		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2AuthCodeScopeInterface;
9		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ClientInterface;
10		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ClientScopeInterface;
11		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2RefreshTokenInterface;
12		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ScopeInterface;
13		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2UserClientInterface;
14		use rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2UserClientScopeInterface;
15		use rhertogh\Yii2Oauth2Server\migrations\base\Oauth2BaseMigration;
16		use rhertogh\Yii2Oauth2Server\models\Oauth2AccessToken;
17		use rhertogh\Yii2Oauth2Server\models\Oauth2Client;
18		use rhertogh\Yii2Oauth2Server\models\Oauth2Scope;
19		use rhertogh\Yii2Oauth2Server\Oauth2Module;
20		use yii\base\InvalidConfigException;
21		use yii\db\ColumnSchemaBuilder;
22		use yii\db\Schema;
23
24		/**
25		* phpcs:disable Squiz.Classes.ValidClassName.NotCamelCaps
26		* phpcs:disable Generic.Files.LineLength.TooLong
27		*/
28		abstract class Oauth2_00001_CreateOauth2TablesMigration extends Oauth2BaseMigration
29		{
30		/**
31		* @var int Number of tables expected to be returned by getTables(),
32		* when dependency injection is misconfigured this can be off.
33		*/
34		protected $numTables = 10;
35
36		/**
37		* @inheritDoc
38		*/
39	1	public static function generationIsActive($module)
40		{
41	1	return true;
42		}
43
44		/**
45		* @inheritDoc
46		*/
47	2	public function safeUp()
48		{
49	2	foreach ($this->getTables() as $table => $definition) {
50	2	$this->createTable($table, $definition['table']);
51	2	$rawTableName = $this->getDb()->getSchema()->getRawTableName($table);
52	2	if (!empty($definition['primaryKey'])) {
53	2	$this->addPrimaryKey(
54	2	$rawTableName . '_pk',
55		$table,
56	2	$definition['primaryKey']['columns']
57		);
58		}
59	2	if (!empty($definition['indexes'])) {
60	2	foreach ($definition['indexes'] as $index) {
61	2	$this->createIndex(
62	2	$rawTableName . '_' . $index['name'] . '_index',
63		$table,
64	2	$index['columns'],
65	2	$index['unique']);
66		}
67		}
68	2	if (!empty($definition['foreignKeys'])) {
69	2	foreach ($definition['foreignKeys'] as $foreignKey) {
70	2	$this->addForeignKey(
71	2	$rawTableName . '_' . $foreignKey['name'] . '_fk',
72		$table,
73	2	$foreignKey['columns'],
74	2	$foreignKey['refTable'],
75	2	$foreignKey['refColumns'],
76	2	$foreignKey['delete'],
77	2	$foreignKey['update'],
78		);
79		}
80		}
81		}
82		}
83
84		/**
85		* @inheritDoc
86		*/
87	2	public function safeDown()
88		{
89	2	foreach (array_reverse($this->getTables()) as $table => $definition) {
90	2	$this->dropTable($table);
91		}
92		}
93
94		/**
95		* Get all table definitions.
96		* @return array[]
97		* @throws InvalidConfigException
98		* @since 1.0.0
99		*/
100	5	protected function getTables()
101		{
102	5	$module = Oauth2Module::getInstance();
103	5	if (empty($module)) {
104	1	throw new InvalidConfigException('Oauth2Module is not instantiated. Is it added to the config in the "module" and "bootstrap" section?');
105		}
106
107	4	$accessTokenTable = $this->getTableName(Oauth2AccessTokenInterface::class);
108	4	$accessTokenScopeTable = $this->getTableName(Oauth2AccessTokenScopeInterface::class);
109	4	$authCodeTable = $this->getTableName(Oauth2AuthCodeInterface::class);
110	4	$authCodeScopeTable = $this->getTableName(Oauth2AuthCodeScopeInterface::class);
111	4	$clientTable = $this->getTableName(Oauth2ClientInterface::class);
112	4	$clientScopeTable = $this->getTableName(Oauth2ClientScopeInterface::class);
113	4	$refreshTokenTable = $this->getTableName(Oauth2RefreshTokenInterface::class);
114	4	$scopeTable = $this->getTableName(Oauth2ScopeInterface::class);
115	4	$userClientTable = $this->getTableName(Oauth2UserClientInterface::class);
116	4	$userClientScopeTable = $this->getTableName(Oauth2UserClientScopeInterface::class);
117
118	4	$userTableSchema = $this->getTableSchema($module->identityClass);
119	4	if ($userTableSchema) {
		0 ignored issues – show introduced 2021-11-12 19:57 UTC by Report Bug Copy Issue Report `$userTableSchema` is of type `yii\db\TableSchema`, thus it always evaluated to `true`. Loading history...
120	3	if (count($userTableSchema->primaryKey) != 1) {
121	1	throw new InvalidConfigException('The primary key of `userClass` must consist of a single column');
122		}
123	2	$userTable = $userTableSchema->name;
124	2	$userPkColumn = $userTableSchema->primaryKey[0];
125	2	$userPkSchema = $userTableSchema->columns[$userPkColumn];
126		} else {
127	1	$userTable = false;
128	1	$userPkColumn = null;
129	1	$userPkSchema = null;
130		}
131
132	3	if ($userPkSchema) {
		0 ignored issues – show introduced 2022-09-08 00:56 UTC by Report Bug Copy Issue Report `$userPkSchema` is of type `yii\db\ColumnSchema`, thus it always evaluated to `true`. Loading history...
133		/** @var ColumnSchemaBuilder $userPkSchemaColumnBuilder */
134	2	$userPkSchemaColumnBuilder = $this->{$userPkSchema->type}();
135		} else {
136	1	$userPkSchemaColumnBuilder = $this->string();
137		}
138
139		// See https://datatracker.ietf.org/doc/html/rfc7591#section-2
140		// (although not yet fully implemented, some fields follow this standard).
141		$tables = [
142		$clientTable => [
143		'table' => [
144	3	'id' => $this->primaryKey(),
145	3	'identifier' => $this->string()->notNull()->unique(),
146	3	'name' => $this->string()->notNull(),
147	3	'type' => $this->integer()->notNull()->defaultValue(Oauth2ClientInterface::TYPE_CONFIDENTIAL),
148	3	'secret' => $this->text(),
149	3	'old_secret' => $this->text(),
150	3	'old_secret_valid_until' => $this->dateTime(),
151	3	'logo_uri' => $this->string(),
152	3	'tos_uri' => $this->string(),
153	3	'contacts' => $this->text()
154	3	->comment('JSON encoded array of strings with contact details for the client.'),
155	3	'redirect_uris' => $this->json(),
156	3	'token_types' => $this->integer()->notNull()->defaultValue(Oauth2AccessToken::TYPE_BEARER),
157	3	'grant_types' => $this->integer()->notNull()->defaultValue(Oauth2Module::GRANT_TYPE_AUTH_CODE \| Oauth2Module::GRANT_TYPE_REFRESH_TOKEN),
158	3	'scope_access' => $this->integer()->notNull()->defaultValue(Oauth2Client::SCOPE_ACCESS_STRICT)
159	3	->comment('Determines how strict scopes must be defined for this client.'),
160	3	'user_account_selection' => $this->integer()->comment('Determines when to show user account selection screen. Using Oauth2Module::$defaultUserAccountSelection when `null`.'),
161	3	'allow_auth_code_without_pkce' => $this->boolean()->notNull()->defaultValue(false)
162	3	->comment('Require clients to use PKCE when using the auth_code grant type.'),
163	3	'skip_authorization_if_scope_is_allowed' => $this->boolean()->notNull()->defaultValue(false)
164	3	->comment('Skip user authorization of client if there are no scopes that require authorization.'),
165		'client_credentials_grant_user_id' => (clone $userPkSchemaColumnBuilder)
166	3	->comment("Optional user id to use in case of grant type 'client_credentials'."
167	3	. " This user account should also be connected to the client via the `$userClientTable` table and, if applicable, the `$userClientScopeTable` table."),
168	3	'oidc_allow_offline_access_without_consent' => $this->boolean()->notNull()->defaultValue(false)
169	3	->comment('Allow the OpenID Connect "offline_access" scope for this client without the "prompt" parameter contains "consent".'),
170	3	'oidc_userinfo_encrypted_response_alg' => $this->string(),
171	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
172	3	'created_at' => $this->integer()->notNull(),
173	3	'updated_at' => $this->integer()->notNull(),
174		],
175		'foreignKeys' => [
176		...(
177	3	$userTable
178		? [
179		[
180	2	'name' => 'client_credentials_grant_user_id',
181		'columns' => ['client_credentials_grant_user_id'],
182		'refTable' => $userTable,
183		'refColumns' => $userPkColumn,
184		'delete' => static::RESTRICT,
185		'update' => static::CASCADE,
186		],
187		]
188		: []
189		),
190		],
191		'indexes' => [
192		...(
193	3	!$userTable
194		? [
195		[
196		'name' => 'client_credentials_grant_user_id',
197		'columns' => ['client_credentials_grant_user_id'],
198		'unique' => false,
199		],
200		]
201		: []
202		),
203		[
204		'name' => 'token_types',
205		'columns' => ['token_types'],
206		'unique' => false,
207		],
208		[
209		'name' => 'grant_types',
210		'columns' => ['grant_types'],
211		'unique' => false,
212		],
213		[
214		'name' => 'enabled',
215		'columns' => ['enabled'],
216		'unique' => false,
217		],
218		],
219		],
220
221		$scopeTable => [
222		'table' => [
223	3	'id' => $this->primaryKey(),
224	3	'identifier' => $this->string()->notNull()->unique(),
225	3	'description' => $this->text(),
226	3	'authorization_message' => $this->text(),
227	3	'applied_by_default' => $this->integer()->notNull()->defaultValue(Oauth2Scope::APPLIED_BY_DEFAULT_NO),
228	3	'required_on_authorization' => $this->boolean()->notNull()->defaultValue(true),
229	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
230	3	'created_at' => $this->integer()->notNull(),
231	3	'updated_at' => $this->integer()->notNull(),
232		],
233		'indexes' => [
234		[
235		'name' => 'applied_by_default',
236		'columns' => ['applied_by_default'],
237		'unique' => false,
238		],
239		[
240		'name' => 'enabled',
241		'columns' => ['enabled'],
242		'unique' => false,
243		],
244		],
245		],
246
247		$clientScopeTable => [
248		'table' => [
249	3	'client_id' => $this->integer()->notNull(),
250	3	'scope_id' => $this->integer()->notNull(),
251	3	'applied_by_default' => $this->integer(),
252	3	'required_on_authorization' => $this->boolean(),
253	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
254	3	'created_at' => $this->integer()->notNull(),
255	3	'updated_at' => $this->integer()->notNull(),
256		],
257		'primaryKey' => [
258		'columns' => ['client_id', 'scope_id'],
259		],
260		'foreignKeys' => [
261		[
262		'name' => 'client_id',
263		'columns' => ['client_id'],
264		'refTable' => $clientTable,
265		'refColumns' => ['id'],
266		'delete' => static::CASCADE,
267		'update' => static::CASCADE,
268		],
269		[
270	3	'name' => 'scope_id',
271		'columns' => ['scope_id'],
272		'refTable' => $scopeTable,
273		'refColumns' => ['id'],
274		'delete' => static::CASCADE,
275		'update' => static::CASCADE,
276		],
277		],
278		'indexes' => [
279		[
280		'name' => 'applied_by_default',
281		'columns' => ['applied_by_default'],
282		'unique' => false,
283		],
284		[
285		'name' => 'enabled',
286		'columns' => ['enabled'],
287		'unique' => false,
288		],
289		],
290		],
291
292		$authCodeTable => [
293		'table' => [
294	3	'id' => $this->bigPrimaryKey()->unsigned(),
295	3	'identifier' => $this->string()->notNull()->unique(),
296	3	'redirect_uri' => $this->string(),
297	3	'expiry_date_time' => $this->dateTime()->notNull(),
298	3	'client_id' => $this->integer()->notNull(),
299	3	'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
300	3	'enabled' => $this->boolean()->notNull()->defaultValue(true), // ToDo: do we need this ???
301	3	'created_at' => $this->integer()->notNull(),
302	3	'updated_at' => $this->integer()->notNull(),
303		],
304		'foreignKeys' => [
305		[
306		'name' => 'client_id',
307		'columns' => ['client_id'],
308		'refTable' => $clientTable,
309		'refColumns' => ['id'],
310		'delete' => static::CASCADE,
311		'update' => static::CASCADE,
312		],
313		...(
314	3	$userTable
315		? [
316		[
317	2	'name' => 'user_id',
318		'columns' => ['user_id'],
319		'refTable' => $userTable,
320		'refColumns' => $userPkColumn,
321		'delete' => static::CASCADE,
322		'update' => static::CASCADE,
323		],
324		]
325		: []
326		),
327		],
328		'indexes' => [
329		...(
330	3	!$userTable
331		? [
332		[
333		'name' => 'user_id',
334		'columns' => ['user_id'],
335		'unique' => false,
336		],
337		]
338		: []
339		),
340		[
341		'name' => 'enabled',
342		'columns' => ['enabled'],
343		'unique' => false,
344		],
345		],
346		],
347
348		$authCodeScopeTable => [
349		'table' => [
350	3	'auth_code_id' => $this->bigInteger()->unsigned()->notNull(),
351	3	'scope_id' => $this->integer()->notNull(),
352	3	'created_at' => $this->integer()->notNull(),
353		],
354		'primaryKey' => [
355		'columns' => ['auth_code_id', 'scope_id'],
356		],
357		'foreignKeys' => [
358		[
359		'name' => 'auth_code_id',
360		'columns' => ['auth_code_id'],
361		'refTable' => $authCodeTable,
362		'refColumns' => ['id'],
363		'delete' => static::CASCADE,
364		'update' => static::CASCADE,
365		],
366		[
367	3	'name' => 'scope_id',
368		'columns' => ['scope_id'],
369		'refTable' => $scopeTable,
370		'refColumns' => ['id'],
371		'delete' => static::CASCADE,
372		'update' => static::CASCADE,
373		],
374		],
375		],
376
377		$accessTokenTable => [
378		'table' => [
379	3	'id' => $this->bigPrimaryKey()->unsigned(),
380	3	'identifier' => $this->string()->notNull()->unique(),
381	3	'client_id' => $this->integer()->notNull(),
382	3	'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' DEFAULT NULL',
383	3	'type' => $this->integer()->notNull(),
384	3	'mac_key' => $this->string(500),
385		'mac_algorithm' => Schema::TYPE_SMALLINT,
386		'allowance' => Schema::TYPE_SMALLINT,
387	3	'allowance_updated_at' => $this->integer(),
388	3	'expiry_date_time' => $this->dateTime()->notNull(),
389	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
390	3	'created_at' => $this->integer()->notNull(),
391	3	'updated_at' => $this->integer()->notNull(),
392		],
393		'foreignKeys' => [
394		[
395		'name' => 'client_id',
396		'columns' => ['client_id'],
397		'refTable' => $clientTable,
398		'refColumns' => ['id'],
399		'delete' => static::CASCADE,
400		'update' => static::CASCADE,
401		],
402		...(
403	3	$userTable
404		? [
405		[
406	2	'name' => 'user_id',
407		'columns' => ['user_id'],
408		'refTable' => $userTable,
409		'refColumns' => $userPkColumn,
410		'delete' => static::CASCADE,
411		'update' => static::CASCADE,
412		],
413		]
414		: []
415		),
416		],
417		'indexes' => [
418		...(
419	3	!$userTable
420		? [
421		[
422		'name' => 'user_id',
423		'columns' => ['user_id'],
424		'unique' => false,
425		],
426		]
427		: []
428		),
429		[
430		'name' => 'type',
431		'columns' => ['type'],
432		'unique' => false,
433		],
434		[
435		'name' => 'mac_algorithm',
436		'columns' => ['mac_algorithm'],
437		'unique' => false,
438		],
439		[
440		'name' => 'enabled',
441		'columns' => ['enabled'],
442		'unique' => false,
443		],
444		],
445		],
446
447		$accessTokenScopeTable => [
448		'table' => [
449	3	'access_token_id' => $this->bigInteger()->unsigned()->notNull(),
450	3	'scope_id' => $this->integer()->notNull(),
451	3	'created_at' => $this->integer()->notNull(),
452		],
453		'primaryKey' => [
454		'columns' => ['access_token_id', 'scope_id'],
455		],
456		'foreignKeys' => [
457		[
458		'name' => 'access_token_id',
459		'columns' => ['access_token_id'],
460		'refTable' => $accessTokenTable,
461		'refColumns' => ['id'],
462		'delete' => static::CASCADE,
463		'update' => static::CASCADE,
464		],
465		[
466	3	'name' => 'scope_id',
467		'columns' => ['scope_id'],
468		'refTable' => $scopeTable,
469		'refColumns' => ['id'],
470		'delete' => static::CASCADE,
471		'update' => static::CASCADE,
472		],
473		],
474		],
475
476		$refreshTokenTable => [
477		'table' => [
478	3	'id' => $this->bigPrimaryKey()->unsigned(),
479	3	'access_token_id' => $this->bigInteger()->unsigned(),
480	3	'identifier' => $this->string()->notNull()->unique(),
481	3	'expiry_date_time' => $this->dateTime()->notNull(),
482	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
483	3	'created_at' => $this->integer()->notNull(),
484	3	'updated_at' => $this->integer()->notNull(),
485		],
486		'foreignKeys' => [
487		[
488		'name' => 'access_token_id',
489		'columns' => ['access_token_id'],
490		'refTable' => $accessTokenTable,
491		'refColumns' => ['id'],
492		'delete' => static::CASCADE,
493		'update' => static::CASCADE,
494		],
495		],
496		'indexes' => [
497		[
498		'name' => 'enabled',
499		'columns' => ['enabled'],
500		'unique' => false,
501		],
502		],
503		],
504
505		$userClientTable => [
506		'table' => [
507	3	'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
508	3	'client_id' => $this->integer()->notNull(),
509	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
510	3	'created_at' => $this->integer()->notNull(),
511	3	'updated_at' => $this->integer()->notNull(),
512		],
513		'primaryKey' => [
514		'columns' => ['user_id', 'client_id'],
515		],
516		'foreignKeys' => [
517		[
518		'name' => 'client_id',
519		'columns' => ['client_id'],
520		'refTable' => $clientTable,
521		'refColumns' => ['id'],
522		'delete' => static::CASCADE,
523		'update' => static::CASCADE,
524		],
525		...(
526	3	$userTable
527		? [
528		[
529	2	'name' => 'user_id',
530		'columns' => ['user_id'],
531		'refTable' => $userTable,
532		'refColumns' => $userPkColumn,
533		'delete' => static::CASCADE,
534		'update' => static::CASCADE,
535		],
536		]
537		: []
538		),
539		],
540		'indexes' => [
541		...(
542	3	!$userTable
543		? [
544		[
545		'name' => 'user_id',
546		'columns' => ['user_id'],
547		'unique' => false,
548		],
549		]
550		: []
551		),
552		[
553		'name' => 'enabled',
554		'columns' => ['enabled'],
555		'unique' => false,
556		],
557		],
558		],
559
560		$userClientScopeTable => [
561		'table' => [
562	3	'user_id' => ($userTable ? $userPkSchema->dbType : Schema::TYPE_STRING) . ' NOT NULL',
563	3	'client_id' => $this->integer()->notNull(),
564	3	'scope_id' => $this->integer()->notNull(),
565	3	'enabled' => $this->boolean()->notNull()->defaultValue(true),
566	3	'created_at' => $this->integer()->notNull(),
567	3	'updated_at' => $this->integer()->notNull(),
568		],
569		'primaryKey' => [
570		'columns' => ['user_id', 'client_id', 'scope_id'],
571		],
572		'foreignKeys' => [
573		[
574		'name' => 'user_client_id',
575		'columns' => ['user_id', 'client_id'],
576		'refTable' => $userClientTable,
577		'refColumns' => ['user_id', 'client_id'],
578		'delete' => static::CASCADE,
579		'update' => static::CASCADE,
580		],
581		[ # Note: Not connected to client_scope table since scopes can also be applied by default to all clients
582	3	'name' => 'scope_id',
583		'columns' => ['scope_id'],
584		'refTable' => $scopeTable,
585		'refColumns' => ['id'],
586		'delete' => static::CASCADE,
587		'update' => static::CASCADE,
588		],
589		],
590		'indexes' => [
591		[
592		'name' => 'enabled',
593		'columns' => ['enabled'],
594		'unique' => false,
595		],
596		],
597		],
598		];
599
600	3	if (count(array_unique(array_keys($tables))) != $this->numTables) {
601	1	throw new InvalidConfigException('Incorrect number of tables in definition. Are the Active Record classes correctly configured?');
602		}
603
604	2	return $tables;
605		}
606
607		// /**
608		// * @param string $tableClass
609		// * @return ActiveRecord
610		// * @throws InvalidConfigException
611		// */
612		// protected function getArInstance($tableClass)
613		// {
614		// $activeRecord = Yii::createObject($tableClass);
615		//
616		// if (!($activeRecord instanceof ActiveRecord)) {
617		// throw new InvalidConfigException($tableClass . ' must be an instance of ActiveRecord');
618		// }
619		//
620		// return $activeRecord;
621		// }
622		}
623

rhertogh / yii2-oauth2-server

Push — master ( 0a6cdc...dbb3a5 )

Oauth2_00001_CreateOauth2TablesMigration::safeUp() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like