Improve code

Author: Bui Sy Nguyen

fproject/authclient/AuthLogoutAction.php

@@ -19,7 +19,6 @@
 
 namespace fproject\authclient;
 use Yii;
-use yii\authclient\Collection;
 
 class AuthLogoutAction extends AuthLogoutActionBase
 {

fproject/authclient/AuthRevokeAction.php

@@ -19,7 +19,6 @@
 
 namespace fproject\authclient;
 use Yii;
-use yii\authclient\Collection;
 
 class AuthRevokeAction extends AuthLogoutActionBase
 {

fproject/authclient/OAuth2.php

@@ -21,7 +21,9 @@
 
 use Firebase\JWT\JWK;
 use Firebase\JWT\JWT;
+use fproject\web\User;
 use fproject\web\UserIdentity;
+use yii\authclient\Collection;
 use yii\helpers\Json;
 use Yii;
 
@@ -139,13 +141,15 @@ public function getPublicKey()
                 $jwk = Yii::$app->cache->get($cacheKey);
             }
 
-            if(!empty($jwk))
+            if(empty($jwk))
             {
                 $jwk = $this->sendRequest('GET', $this->jwkUrl);
                 if(!empty($jwk) && Yii::$app->cache)
                     Yii::$app->cache->set($cacheKey, $jwk, self::PUBLIC_KEY_EXPIRE_DURATION);
-                $this->_publicKey = JWK::parseKeySet($jwk);
             }
+
+            if(!empty($jwk))
+                $this->_publicKey = JWK::parseKeySet($jwk);
         }
         return $this->_publicKey;
     }
@@ -157,7 +161,21 @@ public function getPublicKey()
      */
     public function verifyAndDecodeToken($token)
     {
-        return JWT::decode($token, $this->getPublicKey(), [self::CRYPTO_ALG]);
+        $payload = JWT::decode($token, $this->getPublicKey(), [self::CRYPTO_ALG]);
+        if(!empty($payload) && property_exists($payload,'sub'))
+            if($this->checkRevokedSub($payload->sub))
+                throw new TokenRevokedException('Token is revoked.');
+        return $payload;
+    }
+
+    public function checkRevokedSub($sub)
+    {
+        if(Yii::$app->cache)
+        {
+            $cacheKey = "Revoked_JWT_".$sub;
+            return Yii::$app->cache->get($cacheKey) !== false;
+        }
+        return false;
     }
 
     /**
@@ -185,4 +203,32 @@ public function logout($globalLogout=true)
         }
         return true;
     }
+
+    /** @var OAuth2 $_instance Singleton instance */
+    private static $_instance;
+
+    /**
+     * Get singleton instance using Yii's auth client configuration
+     * @return null|OAuth2
+     * @throws \yii\base\InvalidConfigException
+     */
+    public static function getInstance()
+    {
+        if(!isset(self::$_instance))
+        {
+            /** @var User $user */
+            $user = Yii::$app->user;
+            if(isset($user->authClientConfig) && isset($user->authClientConfig['collection']) && isset($user->authClientConfig['id']))
+            {
+                /** @var Collection $collection */
+                $collection = Yii::$app->get($user->authClientConfig['collection']);
+                if($collection->hasClient($user->authClientConfig['id']))
+                {
+                    self::$_instance = $collection->getClient($user->authClientConfig['id']);
+                }
+            }
+        }
+
+        return self::$_instance;
+    }
 }

fproject/authclient/OAuthToken.php

@@ -19,7 +19,6 @@
 
 namespace fproject\authclient;
 
-use Firebase\JWT\JWK;
 use Firebase\JWT\JWT;
 use Yii;
 

fproject/authclient/TokenRevokedException.php

@@ -0,0 +1,15 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: Bui
+ * Date: 10/2/2015
+ * Time: 1:21 AM
+ */
+
+namespace fproject\authclient;
+
+
+class TokenRevokedException extends \UnexpectedValueException
+{
+
+}

fproject/web/UserIdentity.php

@@ -22,7 +22,6 @@
 use fproject\authclient\OAuth2;
 use fproject\authclient\OAuthTokenPayload;
 use Yii;
-use yii\authclient\Collection;
 use yii\web\IdentityInterface;
 
 /**
@@ -134,22 +133,13 @@ public static function findIdentity($id)
      */
     public static function findIdentityByAccessToken($token, $type = null)
     {
-        /** @var User $user */
-        $user = Yii::$app->user;
-        if(isset($user->authClientConfig) && isset($user->authClientConfig['collection']) && isset($user->authClientConfig['id']))
+        if(OAuth2::getInstance())
         {
-            /** @var Collection $collection */
-            $collection = Yii::$app->get($user->authClientConfig['collection']);
-            if($collection->hasClient($user->authClientConfig['id']))
+            $rawPayload = OAuth2::getInstance()->verifyAndDecodeToken($token);
+            if(!empty($rawPayload))
             {
-                /** @var OAuth2 $client */
-                $client = $collection->getClient($user->authClientConfig['id']);
-                $rawPayload = $client->verifyAndDecodeToken($token);
-                if(!empty($rawPayload))
-                {
-                    $payload = new OAuthTokenPayload($rawPayload);
-                    return new UserIdentity((array)$payload);
-                }
+                $payload = new OAuthTokenPayload($rawPayload);
+                return new UserIdentity((array)$payload);
             }
         }
         return null;