keii.dev
1<?php
2
3// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the GNU Affero General Public License v3.0.
4// See the LICENCE file in the repository root for full licence text.
5
6declare(strict_types=1);
7
8namespace App\Libraries\OAuth;
9
10use App\Models\OAuth\Token;
11use League\OAuth2\Server\Grant\RefreshTokenGrant as BaseRefreshTokenGrant;
12use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
13use Psr\Http\Message\ServerRequestInterface;
14
15class RefreshTokenGrant extends BaseRefreshTokenGrant
16{
17 private ?array $oldRefreshToken = null;
18
19 public function respondToAccessTokenRequest(
20 ServerRequestInterface $request,
21 ResponseTypeInterface $responseType,
22 \DateInterval $accessTokenTTL
23 ) {
24 $refreshTokenData = parent::respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
25
26 // Copy previous verification state
27 $accessToken = (new \ReflectionProperty($refreshTokenData, 'accessToken'))->getValue($refreshTokenData);
28 Token::where('id', $accessToken->getIdentifier())->update([
29 'verified' => Token::select('verified')->find($this->oldRefreshToken['access_token_id'])?->verified ?? false,
30 ]);
31 $this->oldRefreshToken = null;
32
33 return $refreshTokenData;
34 }
35
36 protected function validateOldRefreshToken(ServerRequestInterface $request, $clientId)
37 {
38 return $this->oldRefreshToken = parent::validateOldRefreshToken($request, $clientId);
39 }
40}