Account refreshing fix

sztyup · Jul 1, 2020 · 2a89a36 · 2a89a36
1 parent c2278b4
commit 2a89a36
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 27 deletions.
diff --git a/src/LAuth/AbstractProvider.php b/src/LAuth/AbstractProvider.php
@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 
 namespace Sztyup\LAuth;
@@ -11,8 +12,10 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Str;
+use Psr\Http\Message\MessageInterface;
 use Sztyup\LAuth\Entities\Account;
 use Sztyup\LAuth\Events\ProviderLogin;
+use Sztyup\LAuth\Events\ProviderUpdate;
 use Sztyup\LAuth\Exceptions\InvalidStateException;
 
 abstract class AbstractProvider implements ProviderInterface
@@ -80,26 +83,28 @@ public function callback(): ?Account
 
         $this->em->flush();
 
-        if ($this->dispatcher->until(new ProviderLogin($providerUser, $account)) === false) {
-            return null;
-        }
+        $this->dispatcher->dispatch(new ProviderLogin($providerUser, $account));
 
         return $account;
     }
 
     public function refresh(Account $account): Account
     {
-        $tokens = $this->getTokensFromCode($account->getAccessToken());
+        if ($account->getRefreshToken() !== null) {
+            $tokenResponse = $this->getTokensFromRefreshToken($account->getRefreshToken());
+        } else {
+            $tokenResponse = null;
+        }
 
-        $providerUser = $this->getUserByAccessToken($tokens->accessToken);
+        $providerUser = $this->getUserByAccessToken($tokenResponse->accessToken);
 
-        $this->updateAccount($account, $providerUser, $tokens);
+        $this->updateAccount($account, $providerUser, $tokenResponse);
 
         $account->setUpdatedAt(new DateTime());
 
         $this->em->flush();
 
-        $this->dispatcher->dispatch(new ProviderLogin($providerUser, $account));
+        $this->dispatcher->dispatch(new ProviderUpdate($providerUser, $account));
 
         return $account;
     }
@@ -128,7 +133,11 @@ protected function matchExistingAccount(ProviderUser $providerUser): ?Account
 
     abstract protected function createAccount(ProviderUser $providerUser, TokenResponse $tokens): Account;
 
-    abstract protected function updateAccount(Account $account, ProviderUser $providerUser, TokenResponse $tokens): void;
+    abstract protected function updateAccount(
+        Account $account,
+        ProviderUser $providerUser,
+        ?TokenResponse $tokens
+    ): void;
 
     abstract protected function redirectUrl(string $state): string;
 
@@ -138,7 +147,7 @@ abstract protected function redirectUrl(string $state): string;
     protected function checkState(): void
     {
         $expected = $this->request->session()->pull('state');
-        $given = $this->request->query->get('state');
+        $given    = $this->request->query->get('state');
 
         if ($expected !== $given) {
             throw new InvalidStateException($expected, $given);
@@ -147,24 +156,50 @@ protected function checkState(): void
 
     protected function getTokensFromCode(string $code): TokenResponse
     {
-        $response = $this->guzzle->post($this->config['token_url'], [
-            'headers' => ['Accept' => 'application/json'],
-            'form_params' => [
-                'client_id' => $this->config['client_id'],
-                'client_secret' => $this->config['client_secret'],
-                'code' => $code,
-                'redirect_uri' => $this->config['redirect_url'],
+        $response = $this->guzzle->post(
+            $this->config['token_url'],
+            [
+                'headers'     => ['Accept' => 'application/json'],
+                'form_params' => [
+                    'client_id'     => $this->config['client_id'],
+                    'client_secret' => $this->config['client_secret'],
+                    'code'          => $code,
+                    'redirect_uri'  => $this->config['redirect_url'],
+                ]
+            ]
+        );
+
+        return $this->parseTokenResponse($response);
+    }
+
+    protected function getTokensFromRefreshToken(string $refreshToken): TokenResponse
+    {
+        $response = $this->guzzle->post(
+            $this->config['token_url'],
+            [
+                'headers'     => ['Accept' => 'application/json'],
+                'form_params' => [
+                    'grant_type'    => 'refresh_token',
+                    'refresh_token' => $refreshToken,
+                    'client_id'     => $this->config['client_id'],
+                    'client_secret' => $this->config['client_secret'],
+                ]
             ]
-        ]);
+        );
+
+        return $this->parseTokenResponse($response);
+    }
 
-        $response = json_decode($response->getBody(), true);
+    protected function parseTokenResponse(MessageInterface $response): TokenResponse
+    {
+        $response = json_decode($response->getBody()->getContents(), true);
 
-        $return = new TokenResponse();
-        $return->accessToken = Arr::get($response, 'access_token');
-        $return->refreshToken = Arr::get($response, 'refresh_token');
-        $return->accessTokenExpiration = Arr::get($response, 'expires_in');
+        $tokenResponse                        = new TokenResponse();
+        $tokenResponse->accessToken           = Arr::get($response, 'access_token');
+        $tokenResponse->refreshToken          = Arr::get($response, 'refresh_token');
+        $tokenResponse->accessTokenExpiration = Arr::get($response, 'expires_in');
 
-        return $return;
+        return $tokenResponse;
     }
 
     abstract protected function getUserByAccessToken(string $accessToken): ProviderUser;

diff --git a/src/LAuth/Entities/Account.php b/src/LAuth/Entities/Account.php
@@ -126,7 +126,7 @@ public function setAccessToken(string $accessToken): Account
         return $this;
     }
 
-    public function getRefreshToken(): string
+    public function getRefreshToken(): ?string
     {
         return $this->refreshToken;
     }

diff --git a/src/LAuth/Events/ProviderUpdate.php b/src/LAuth/Events/ProviderUpdate.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Sztyup\LAuth\Events;
+
+use Sztyup\LAuth\Entities\Account;
+use Sztyup\LAuth\ProviderUser;
+
+class ProviderUpdate
+{
+    public $user;
+
+    public $account;
+
+    public function __construct(ProviderUser $user, Account $account)
+    {
+        $this->user    = $user;
+        $this->account = $account;
+    }
+}
diff --git a/src/LAuth/LAuth.php b/src/LAuth/LAuth.php
@@ -51,9 +51,6 @@ public function redirectToProvider(string $providerName)
         return $provider->redirect();
     }
 
-    /**
-     * @throws Exceptions\InvalidStateException
-     */
     public function handleProviderCallback(string $providerName): ?User
     {
         $provider = $this->providerRegistry->getProvider($providerName);

diff --git a/src/LAuth/ProviderRegistry.php b/src/LAuth/ProviderRegistry.php
@@ -54,6 +54,7 @@ public function loadClassMetadata(LoadClassMetadataEventArgs $event): void
 
     protected function baseAccount(ClassMetadata $metadata): void
     {
+        $metadata->discriminatorMap = []; // Delete auto generated map
         foreach ($this->providers as $name => $class) {
             $metadata->addDiscriminatorMapClass($name, $class::getAccountEntity());
         }