fix: refresh tokens (#34)

* fix: refresh tokens

* feat: refresh token model

* refactor: refresh token feature

* refactor: php version constraint

* refactor: remove mongodb dependency, constraint is provided in another dependency

Author: Jaspar Gupta

composer.json

@@ -13,9 +13,10 @@
         "designmynight"
     ],
     "require": {
+        "php": ">=7.1",
         "illuminate/support": "^5.5 || ^6.0",
         "jenssegers/mongodb": "3.3.* || 3.4.* || 3.5.* || 3.6.*",
-        "laravel/passport": "4.0.* || 5.0.* || 6.0.* || 7.0.* || 7.4.* || 7.5.* || ^8.0"
+        "laravel/passport": "6.0.* || 7.0.* || 7.4.* || 7.5.* || ^8.0"
     },
     "autoload": {
         "psr-4": {

src/MongodbPassportServiceProvider.php

@@ -4,31 +4,28 @@
 
 use Illuminate\Support\ServiceProvider;
 use DesignMyNight\Mongodb\Passport\AuthCode;
+use DesignMyNight\Mongodb\Passport\Bridge\RefreshTokenRepository;
 use DesignMyNight\Mongodb\Passport\Client;
 use DesignMyNight\Mongodb\Passport\PersonalAccessClient;
 use DesignMyNight\Mongodb\Passport\RefreshToken;
 use DesignMyNight\Mongodb\Passport\Token;
+use Laravel\Passport\Bridge\RefreshTokenRepository as PassportRefreshTokenRepository;
+use Laravel\Passport\Passport;
 
 class MongodbPassportServiceProvider extends ServiceProvider
 {
+    /**
+     * @return void
+     */
     public function register()
     {
-        /*
-         * Passport client extends Eloquent model by default, so we alias them.
-         */
-        if (class_exists('Illuminate\Foundation\AliasLoader')) {
-            $loader = \Illuminate\Foundation\AliasLoader::getInstance();
-            $loader->alias('Laravel\Passport\AuthCode', AuthCode::class);
-            $loader->alias('Laravel\Passport\Client', Client::class);
-            $loader->alias('Laravel\Passport\PersonalAccessClient', PersonalAccessClient::class);
-            $loader->alias('Laravel\Passport\Token', Token::class);
-            $loader->alias('Laravel\Passport\RefreshToken', RefreshToken::class);
-        } else {
-            class_alias('Laravel\Passport\AuthCode', AuthCode::class);
-            class_alias('Laravel\Passport\Client', Client::class);
-            class_alias('Laravel\Passport\PersonalAccessClient', PersonalAccessClient::class);
-            class_alias('Laravel\Passport\Token', Token::class);
-            class_alias('Laravel\Passport\RefreshToken', RefreshToken::class);
-        }
+        Passport::useAuthCodeModel(AuthCode::class);
+        Passport::useClientModel(Client::class);
+        Passport::usePersonalAccessClientModel(PersonalAccessClient::class);
+        Passport::useTokenModel(Token::class);
+
+        $this->app->bind(PassportRefreshTokenRepository::class, function () {
+            return $this->app->make(RefreshTokenRepository::class);
+        });
     }
 }

src/Passport/Bridge/RefreshToken.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace DesignMyNight\Mongodb\Passport\Bridge;
+
+use Jenssegers\Mongodb\Eloquent\Model;
+use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
+use League\OAuth2\Server\Entities\Traits\EntityTrait;
+use League\OAuth2\Server\Entities\Traits\RefreshTokenTrait;
+
+/**
+ * Class RefreshToken
+ * @package DesignMyNight\Mongodb\Passport\Bridge
+ */
+class RefreshToken extends Model implements RefreshTokenEntityInterface
+{
+    use EntityTrait, RefreshTokenTrait;
+
+    /**
+     * @var string[]
+     */
+    protected $casts = [
+        'revoked' => 'bool',
+    ];
+
+    /**
+     * @var string[]
+     */
+    protected $dates = ['expires_at'];
+
+    /**
+     * @var array
+     */
+    protected $guarded = [];
+
+    /**
+     * @var bool
+     */
+    public $incrementing = false;
+
+    /**
+     * @var string
+     */
+    protected $primaryKey = 'id';
+
+    /**
+     * @var string
+     */
+    protected $table = 'oauth_refresh_tokens';
+
+    /**
+     * @var bool
+     */
+    public $timestamps = false;
+}

src/Passport/Bridge/RefreshTokenRepository.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace DesignMyNight\Mongodb\Passport\Bridge;
+
+use Laravel\Passport\Bridge\RefreshTokenRepository as BaseRefreshTokenRepository;
+use Laravel\Passport\Events\RefreshTokenCreated;
+use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
+
+/**
+ * Class RefreshTokenRepository
+ * @package App\Passport\Bridge
+ */
+class RefreshTokenRepository extends BaseRefreshTokenRepository
+{
+    /**
+     * @inheritDoc
+     */
+    public function getNewRefreshToken()
+    {
+        return new RefreshToken();
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isRefreshTokenRevoked($tokenId)
+    {
+        $refreshToken = $this->database->table('oauth_refresh_tokens')
+            ->where('id', $tokenId)->first();
+
+        return $refreshToken === null || $refreshToken['revoked'];
+    }
+
+    /**
+     * @param RefreshToken|RefreshTokenEntityInterface $refreshTokenEntity
+     */
+    public function persistNewRefreshToken(RefreshTokenEntityInterface $refreshTokenEntity)
+    {
+        $refreshTokenEntity->newModelQuery()->create([
+            'id' => $id = $refreshTokenEntity->getIdentifier(),
+            'access_token_id' => $accessTokenId = $refreshTokenEntity->getAccessToken()->getIdentifier(),
+            'revoked' => false,
+            'expires_at' => $refreshTokenEntity->getExpiryDateTime(),
+        ]);
+
+        $this->events->dispatch(new RefreshTokenCreated($id, $accessTokenId));
+    }
+}