wip oauth

composer.json

@@ -144,7 +144,9 @@
     "twig/extensions": "^1.5.1",
     "twig/twig": "^2.4.8",
     "vasek-purchart/console-errors-bundle": "^1.0.1",
-    "webmozart/assert": "^1.4"
+    "webmozart/assert": "^1.4",
+    "trikoder/oauth2-bundle": "^1.1",
+    "nyholm/psr7": "^1.1"
   },
   "require-dev": {
     "ext-pgsql": "*",

packages/api/src/Migrations/Version20190524102901.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace Shopsys\ApiBundle\Migrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Shopsys\MigrationBundle\Component\Doctrine\Migrations\AbstractMigration;
+
+class Version20190524102901 extends AbstractMigration
+{
+    /**
+     * @param \Doctrine\DBAL\Schema\Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        $this->sql('CREATE TABLE oauth2_access_token (identifier CHAR(80) NOT NULL, client VARCHAR(32) NOT NULL, expiry TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL, user_identifier VARCHAR(128) DEFAULT NULL, scopes TEXT DEFAULT NULL, revoked BOOLEAN NOT NULL, PRIMARY KEY(identifier));');
+        $this->sql('CREATE INDEX IDX_454D9673C7440455 ON oauth2_access_token (client);');
+        $this->sql('COMMENT ON COLUMN oauth2_access_token.scopes IS \'(DC2Type:oauth2_scope)\';');
+        $this->sql('CREATE TABLE oauth2_client (identifier VARCHAR(32) NOT NULL, secret VARCHAR(128) NOT NULL, redirect_uris TEXT DEFAULT NULL, grants TEXT DEFAULT NULL, scopes TEXT DEFAULT NULL, active BOOLEAN NOT NULL, PRIMARY KEY(identifier));');
+        $this->sql('COMMENT ON COLUMN oauth2_client.redirect_uris IS \'(DC2Type:oauth2_redirect_uri)\';');
+        $this->sql('COMMENT ON COLUMN oauth2_client.grants IS \'(DC2Type:oauth2_grant)\';');
+        $this->sql('COMMENT ON COLUMN oauth2_client.scopes IS \'(DC2Type:oauth2_scope)\';');
+        $this->sql('CREATE TABLE oauth2_refresh_token (identifier CHAR(80) NOT NULL, access_token CHAR(80) NOT NULL, expiry TIMESTAMP(0) WITHOUT TIME ZONE NOT NULL, revoked BOOLEAN NOT NULL, PRIMARY KEY(identifier));');
+        $this->sql('CREATE INDEX IDX_4DD90732B6A2DD68 ON oauth2_refresh_token (access_token);');
+        $this->sql('ALTER TABLE oauth2_access_token ADD CONSTRAINT FK_454D9673C7440455 FOREIGN KEY (client) REFERENCES oauth2_client (identifier) NOT DEFERRABLE INITIALLY IMMEDIATE;');
+        $this->sql('ALTER TABLE oauth2_refresh_token ADD CONSTRAINT FK_4DD90732B6A2DD68 FOREIGN KEY (access_token) REFERENCES oauth2_access_token (identifier) NOT DEFERRABLE INITIALLY IMMEDIATE;');
+    }
+
+    /**
+     * @param \Doctrine\DBAL\Schema\Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+    }
+}

packages/api/src/Resources/config/routing.yml

@@ -2,3 +2,6 @@ shopsys_api:
     resource: "@ShopsysApiBundle/Controller/V1"
     prefix: /api/v1
     type: annotation
+
+oauth2:
+    resource: '@TrikoderOAuth2Bundle/Resources/config/routes.xml'

project-base/app/AppKernel.php

@@ -51,6 +51,7 @@ public function registerBundles()
             new Shopsys\ReadModelBundle\ShopsysReadModelBundle(), // has to be loaded after ShopsysFrameworkBundle because it overrides Twig `image` function
             new Shopsys\ShopBundle\ShopsysShopBundle(), // must be loaded as last, because translations must overwrite other bundles
             new FOS\RestBundle\FOSRestBundle(),
+            new Trikoder\Bundle\OAuth2Bundle\TrikoderOAuth2Bundle(),
         ];
 
         if ($this->getEnvironment() === EnvironmentType::DEVELOPMENT) {

project-base/app/config/packages/security.yml

@@ -64,6 +64,14 @@ security:
                 csrf_token_generator: security.csrf.token_manager
                 csrf_token_id: frontend_logout
                 invalidate_session: false
+        api_token:
+            pattern: ^/api/token$
+            security: false
+        api:
+            pattern: ^/api
+            security: true
+            stateless: true
+            oauth2: true
 
     access_control:
         # same pattern must be in routing_front.yml

project-base/app/config/packages/trikoder_oauth2.yml

@@ -0,0 +1,33 @@
+trikoder_oauth2:
+    authorization_server:
+        # Full path to the private key file.
+        # How to generate a private key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys
+        private_key: '%shopsys.root_dir%/app/config/private.key'
+
+        # The string used as an encryption key.
+        # How to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password
+        encryption_key: iRuA3af4/Fva1lujo+7y3f9LUI8a7n1TVNw8WZvF1Tw=
+
+        # How long the issued access token should be valid for.
+        # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
+        access_token_ttl: PT1H
+
+        # How long the issued refresh token should be valid for.
+        # The value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters
+        refresh_token_ttl: P1M
+
+    resource_server:
+        # Full path to the public key file
+        # How to generate a public key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys
+        public_key: '%shopsys.root_dir%/app/config/public.key'
+
+    # Scopes that you wish to utilize in your application.
+    # This should be a simple array of strings.
+    scopes: []
+
+    # Configures different persistence methods that can be used by the bundle for saving client and token data.
+    # Only one persistence method can be configured at a time.
+    persistence:
+        doctrine:
+            # Name of the entity manager that you wish to use for managing clients and tokens.
+            entity_manager: default # Required

project-base/app/config/private.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA4Y3boig3D3Si/OxTJfGz2bm68lTydupL0f5vFU1pPfQ73eKR
+p7oFH2i5TNKtUY5Ys48Sr/iyv4s10YhjhouJmt/3OvaFD09yo07Vi7osoPqFZWIc
+84Z0lNmZxRjNhD5K3eIqKGBE9894mpSG4OoiWv610RvVdHOLNLq/tQtBWHwILPS/
+vkSn5pZxcBaLX285s5qGXskBLrbuU9oqZvfIArXxNhrVuGlhmMFKJ0cFOJ45OTtp
+ogBQYaLt0m8AN4RDE9Qy11t88mR2pLfHJlyx3gw2kh5itL9GkKsnfNS+zxh+2XqO
+G9oLsvtNskQEyjEaBXUX3r7B1lulHTibvnyl1QIDAQABAoIBAQCiDllincBJs4Sz
+clyfY5TT9zURjeUTeW12eHd5d8AIymUFHBeIygeKNKUGRExQz5R9lmtX0bkkFDJb
+1MGlVrZMd2RbkemyQWPdX/PgS6hrFPQpDqA8fDthAyMPUK3AuTzzRN8DWX/UCNXf
+Qp3SFYcPl/gsQPJRk/7NqOu6eVa+6i1qqMKwk/23+7JZYNK5m8cS9iPmYlItm60Q
+/S63E8bnrPSyHZxDp1HDdKsQePfSvRtYUPB4tePQew/32UOMAW5ur3sVaBgbFbMV
+ay9tFcfWlUJyVbhfYkfggUk7dtrvlayqZgydnGtkE4lYdwadeTfdCVYH5VEQFk8+
+9ZcqMcEVAoGBAPH6wL7sufFsKCkR5i6iw53QLfzgg92tikBVZ4tp6np7jDnBQTlE
+bXC1iaGwIdH6Z4X+bm6C09WkBAK50xljNM9y40poEs3WCxkrfjinjo/yhdIg55WA
+RIBfMyG4we2a9W7Mr2+PdOoQIXuR9LgyniF6UTLbvecbT3PosXq4SwMLAoGBAO6f
+eElspgJTj63GD/r+K2VakxLPyvjTl0eZoJyxWRofAElfcwi1RVWyaM8QxtPZ+3M0
+S/wFTybz+Psj9Ed83anlyt5I8AY017mcAfYYslLvjDF1am+ZmXf4c+tRSBb1y8IS
+AkI7S4CoKFM6JgoPV0/HtyBvIJ8dU1zh7aNdqoafAoGAdAld0nBsfkPyQjeOHQD6
+Mzw4QVJciboFWPJbc/Q3d8K1LKDqqQ6SOIElXb67iRi9+fhXdnEQKhu7vJ7lhwAW
+vAAI1I5xrfkdW1WK8poO+CJBX9FdnEhlEPYV6+7QOCOd3CMVYbb2RqOzmrEUHBxR
+zhX8yBmtyBxFjnygVwv3FJ8CgYEAwoxRzcs/LfZi1hL9RG2lg+TstBGmMmiQlley
+kw4kzx8nZKrlZtwjw1LKEMhk0qSOVcb1jGvntKKFBHyz1PUA5Fvton1k9CpxF2sS
+TkqkWOnlKw3H0WUxspZmLB0A4XdUwM1d+hHN5P80oWZvTRRk4y65J0BzIEcQiFHL
+Jb5gIZECgYEAtNeBia3WRDx5oWkgrQV30ykuOT5XMCaCSxzQkTCILCZ2mNbZ4pS1
+Lhx7/h1v3IC+xbSTIEtWwtoZB8K3HcUGqA/eMLx5kwp9TnM5W2AzTO6AouxiQD0E
+GzN9fI2yAxeS8A1DrRX/U/89p/swBT3E+GJ0/3KfTu9onaT/um1XpsY=
+-----END RSA PRIVATE KEY-----

project-base/app/config/public.key

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y3boig3D3Si/OxTJfGz
+2bm68lTydupL0f5vFU1pPfQ73eKRp7oFH2i5TNKtUY5Ys48Sr/iyv4s10YhjhouJ
+mt/3OvaFD09yo07Vi7osoPqFZWIc84Z0lNmZxRjNhD5K3eIqKGBE9894mpSG4Ooi
+Wv610RvVdHOLNLq/tQtBWHwILPS/vkSn5pZxcBaLX285s5qGXskBLrbuU9oqZvfI
+ArXxNhrVuGlhmMFKJ0cFOJ45OTtpogBQYaLt0m8AN4RDE9Qy11t88mR2pLfHJlyx
+3gw2kh5itL9GkKsnfNS+zxh+2XqOG9oLsvtNskQEyjEaBXUX3r7B1lulHTibvnyl
+1QIDAQAB
+-----END PUBLIC KEY-----