wearesho-team · Horat1us · Nov 29, 2023 · Nov 29, 2023 · Nov 29, 2023 · Nov 29, 2023
diff --git a/composer.lock b/composer.lock
diff --git a/src/Repository.php b/src/Repository.php
@@ -8,6 +8,7 @@
 use Ramsey\Uuid\Uuid;
 use Ramsey\Uuid\UuidFactory;
 use Ramsey\Uuid\UuidFactoryInterface;
+use Wearesho\Yii2\Authorization\Repository\RefreshTokenValueEncoder;
 use yii\di;
 use yii\base;
 use yii\redis;
@@ -23,6 +24,9 @@ class Repository extends base\BaseObject
     /** @var array|string|ConfigInterface */
     public $config = ConfigInterface::class;
 
+    /** @var array|string|RefreshTokenValueEncoder */
+    public $refreshEncoder = Repository\RefreshTokenValueEncoder::class;
+
     /**
      * @throws base\InvalidConfigException
      */
@@ -32,6 +36,10 @@ public function init(): void
         $this->redis = di\Instance::ensure($this->redis, redis\Connection::class);
         $this->config = di\Instance::ensure($this->config, ConfigInterface::class);
         $this->factory = di\Instance::ensure($this->factory, UuidFactoryInterface::class);
+        $this->refreshEncoder = di\Instance::ensure(
+            $this->refreshEncoder,
+            Repository\RefreshTokenValueEncoder::class
+        );
     }
 
     /**
@@ -80,21 +88,22 @@ public function delete(string $refresh): ?int
         }
 
         $refreshKey = $this->getRefreshKey($refresh);
-        $access = $this->redis->get($refreshKey);
-        if (is_null($access)) {
+        $refreshTokenValueEncoded = $this->redis->get($refreshKey);
+        if (is_null($refreshTokenValueEncoded)) {
+            return null;
+        }
+        $refreshTokenValue = $this->refreshEncoder->decode($refreshTokenValueEncoded);
+        if (is_null($refreshTokenValue)) {
+            $this->redis->del($refreshKey);
             return null;
         }
 
-        $accessKey = $this->getAccessKey($access);
-        /** @var string|null $userId */
-        $userId = $this->redis->get($accessKey);
-
+        $accessKey = $this->getAccessKey($refreshTokenValue->getAccessToken());
         $this->redis->del(
             $refreshKey,
             $accessKey
         );
-
-        return (int)$userId ?: null;
+        return $refreshTokenValue->getUserId();
     }
 
     public function create(int $userId): Token
@@ -116,10 +125,13 @@ public function create(int $userId): Token
             $expireAccess,
             $userId
         );
+
         $this->redis->setex(
-            $refreshKey = $this->getRefreshKey($token->getRefresh()),
+            $this->getRefreshKey($token->getRefresh()),
             $expireRefresh,
-            $token->getAccess()
+            $this->refreshEncoder->encode(
+                new Repository\RefreshTokenValue($token->getAccess(), $userId)
+            )
         );
 
         $this->redis->exec();

diff --git a/src/Repository/RefreshTokenValue.php b/src/Repository/RefreshTokenValue.php
@@ -0,0 +1,27 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Wearesho\Yii2\Authorization\Repository;
+
+class RefreshTokenValue
+{
+    private string $accessToken;
+    private int $userId;
+
+    public function __construct(string $accessToken, int $userId)
+    {
+        $this->accessToken = $accessToken;
+        $this->userId = $userId;
+    }
+
+    public function getAccessToken(): string
+    {
+        return $this->accessToken;
+    }
+
+    public function getUserId(): int
+    {
+        return $this->userId;
+    }
+}
diff --git a/src/Repository/RefreshTokenValueEncoder.php b/src/Repository/RefreshTokenValueEncoder.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Wearesho\Yii2\Authorization\Repository;
+
+class RefreshTokenValueEncoder
+{
+    public const VALUE_PREFIX = 'v2';
+    public const VALUE_SEPARATOR = ':';
+    public const VALUE_HASH_ALGO = 'fnv1a32';
+
+    public function encode(RefreshTokenValue $value): string
+    {
+        $values = [
+            static::VALUE_PREFIX,
+            $value->getAccessToken(),
+            $value->getUserId(),
+            $this->getHash($value),
+        ];
+        return implode(static::VALUE_SEPARATOR, $values);
+    }
+
+    public function decode(string $value): ?RefreshTokenValue
+    {
+        $values = explode(static::VALUE_SEPARATOR, $value, 4);
+        if (count($values) !== 4) {
+            return null;
+        }
+        [$prefix, $accessToken, $userId, $hash] = $values;
+        if ($prefix !== static::VALUE_PREFIX) {
+            return null;
+        }
+        $value = new RefreshTokenValue($accessToken, (int)$userId);
+        $validHash = $this->getHash($value);
+        if ($validHash !== $hash) {
+            return null;
+        }
+        return $value;
+    }
+
+    private function getHash(RefreshTokenValue $value): string
+    {
+        return hash(
+            static::VALUE_HASH_ALGO,
+            implode(static::VALUE_SEPARATOR, [
+                strrev($value->getAccessToken()),
+                static::VALUE_PREFIX,
+                strrev((string)$value->getUserId())
+            ])
+        );
+    }
+}
diff --git a/tests/Repository/RefreshTokenValueEncoderTest.php b/tests/Repository/RefreshTokenValueEncoderTest.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Wearesho\Yii2\Authorization\Tests\Repository;
+
+use PHPUnit\Framework\TestCase;
+use Ramsey\Uuid\Uuid;
+use Wearesho\Yii2\Authorization\Repository\RefreshTokenValue;
+use Wearesho\Yii2\Authorization\Repository\RefreshTokenValueEncoder;
+
+class RefreshTokenValueEncoderTest extends TestCase
+{
+    public function decodingDataProvider(): iterable
+    {
+        return [
+            [Uuid::uuid4()->toString(), null], // deprecated values
+            ['not-really-valid-data', null],
+            ['v2:eeea00b7-d766-4570-864c-a9fd5c288489:1337:invalid-hash', null,],
+            ['v2:eeea00b7-d766-4570-864c-a9fd5c288489:1337:8b9746bf', new RefreshTokenValue(
+                'eeea00b7-d766-4570-864c-a9fd5c288489',
+                1337,
+            )],
+        ];
+    }
+
+    /**
+     * @dataProvider decodingDataProvider
+     */
+    public function testDecoding(string $encodedValue, ?RefreshTokenValue $expectedValue): void
+    {
+        $encoder = new RefreshTokenValueEncoder();
+        $value = $encoder->decode($encodedValue);
+        $this->assertEquals($expectedValue, $value);
+    }
+
+    public function testEncodeAndDecode()
+    {
+        $accessToken = 'sampleAccessToken';
+        $userId = 123;
+
+        $value = new RefreshTokenValue($accessToken, $userId);
+        $encoder = new RefreshTokenValueEncoder();
+
+        $encodedValue = $encoder->encode($value);
+        $decodedValue = $encoder->decode($encodedValue);
+
+        $this->assertSame($accessToken, $decodedValue->getAccessToken());
+        $this->assertSame($userId, $decodedValue->getUserId());
+    }
+
+    public function testParseInvalidValue()
+    {
+        $invalidValue = 'invalid:value';
+
+        $encoder = new RefreshTokenValueEncoder();
+        $decodedValue = $encoder->decode($invalidValue);
+
+        $this->assertNull($decodedValue);
+    }
+}
diff --git a/tests/Repository/RefreshTokenValueTest.php b/tests/Repository/RefreshTokenValueTest.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Wearesho\Yii2\Authorization\Tests\Repository;
+
+use PHPUnit\Framework\TestCase;
+use Wearesho\Yii2\Authorization\Repository\RefreshTokenValue;
+
+class RefreshTokenValueTest extends TestCase
+{
+    public function testConstructorAndGetters()
+    {
+        $accessToken = 'sampleAccessToken';
+        $userId = 123;
+
+        $refreshToken = new RefreshTokenValue($accessToken, $userId);
+
+        $this->assertSame($accessToken, $refreshToken->getAccessToken());
+        $this->assertSame($userId, $refreshToken->getUserId());
+    }
+}