Skip to content

Commit 510fa0f

Browse files
author
ogorkun
committed
MC-32830: Do not store admin and customer tokens in DB
1 parent 8da0e80 commit 510fa0f

File tree

18 files changed

+84
-910
lines changed

18 files changed

+84
-910
lines changed

app/code/Magento/Integration/Model/Oauth/Token.php

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,11 @@
66
namespace Magento\Integration\Model\Oauth;
77

88
use Magento\Authorization\Model\UserContextInterface;
9+
use Magento\Framework\App\ObjectManager;
910
use Magento\Framework\Oauth\Exception as OauthException;
1011
use Magento\Framework\Oauth\Helper\Oauth as OauthHelper;
12+
use Magento\Integration\Api\Exception\UserTokenException;
13+
use Magento\Integration\Api\UserTokenReaderInterface;
1114
use Magento\Integration\Model\ResourceModel\Oauth\Token\Collection as TokenCollection;
1215

1316
/**
@@ -76,6 +79,11 @@ class Token extends \Magento\Framework\Model\AbstractModel
7679
*/
7780
protected $_keyLengthFactory;
7881

82+
/**
83+
* @var UserTokenReaderInterface
84+
*/
85+
private $reader;
86+
7987
/**
8088
* Initialize dependencies.
8189
*
@@ -89,6 +97,7 @@ class Token extends \Magento\Framework\Model\AbstractModel
8997
* @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
9098
* @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
9199
* @param array $data
100+
* @param UserTokenReaderInterface|null $reader
92101
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
93102
*/
94103
public function __construct(
@@ -101,14 +110,16 @@ public function __construct(
101110
OauthHelper $oauthHelper,
102111
\Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
103112
\Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
104-
array $data = []
113+
array $data = [],
114+
?UserTokenReaderInterface $reader = null
105115
) {
106116
parent::__construct($context, $registry, $resource, $resourceCollection, $data);
107117
$this->_keyLengthFactory = $keyLengthFactory;
108118
$this->_urlValidator = $urlValidator;
109119
$this->_consumerFactory = $consumerFactory;
110120
$this->_oauthData = $oauthData;
111121
$this->_oauthHelper = $oauthHelper;
122+
$this->reader = ObjectManager::getInstance()->get(UserTokenReaderInterface::class);
112123
}
113124

114125
/**
@@ -352,9 +363,30 @@ public function loadByCustomerId($customerId)
352363
*
353364
* @param string $token
354365
* @return $this
366+
* @deprecated Proper SPI for managing tokens was introduced.
367+
* @see UserTokenReaderInterface
355368
*/
356369
public function loadByToken($token)
357370
{
358-
return $this->load($token, 'token');
371+
$data = $this->load($token, 'token');
372+
if ($data->getId()) {
373+
return $data;
374+
}
375+
try {
376+
$data = $this->reader->read($token);
377+
} catch (UserTokenException $exception) {
378+
//Token is not valid, keeping this model's data empty
379+
return $this;
380+
}
381+
382+
$this->setUserType($data->getUserContext()->getUserType());
383+
if ($data->getUserContext()->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
384+
$this->setCustomerId($data->getUserContext()->getUserId());
385+
} else {
386+
$this->setAdminId($data->getUserContext()->getUserId());
387+
}
388+
$this->setId(PHP_INT_MAX);
389+
390+
return $this;
359391
}
360392
}

app/code/Magento/Integration/Test/Unit/Model/AdminTokenServiceTest.php

Lines changed: 0 additions & 150 deletions
This file was deleted.

app/code/Magento/Integration/Test/Unit/Model/CustomerTokenServiceTest.php

Lines changed: 0 additions & 164 deletions
This file was deleted.

0 commit comments

Comments
 (0)