feature #32 add disable access token saving feature (Orkin)

This PR was squashed before being merged into the 0.1-dev branch.

Discussion
----------

add disable access token saving feature

`@mtarld`  `@chalasr` this is the port of disabled access token saving feature 😉

Commits
-------

03e815d add disable access token saving feature

docs/index.md

@@ -72,6 +72,9 @@ For implementation into Symfony projects, please see [bundle documentation](docs
             # Whether to require code challenge for public clients for the auth code grant
             require_code_challenge_for_public_clients: true
 
+            # Whether to enable access token saving to persistence layer (default to true)
+            persist_access_token: true
+
         resource_server:      # Required
 
             # Full path to the public key file

src/DependencyInjection/Configuration.php

@@ -106,6 +106,10 @@ private function createAuthorizationServerNode(): NodeDefinition
                     ->info('Whether to enable the implicit grant')
                     ->defaultTrue()
                 ->end()
+                ->booleanNode('persist_access_token')
+                    ->info('Whether to enable access token saving to persistence layer')
+                    ->defaultTrue()
+                ->end()
             ->end()
         ;
 

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -14,6 +14,7 @@
 use League\Bundle\OAuth2ServerBundle\Manager\Doctrine\AuthorizationCodeManager;
 use League\Bundle\OAuth2ServerBundle\Manager\Doctrine\ClientManager;
 use League\Bundle\OAuth2ServerBundle\Manager\Doctrine\RefreshTokenManager;
+use League\Bundle\OAuth2ServerBundle\Manager\InMemory\AccessTokenManager as InMemoryAccessTokenManager;
 use League\Bundle\OAuth2ServerBundle\Manager\ScopeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\Scope as ScopeModel;
 use League\Bundle\OAuth2ServerBundle\Persistence\Mapping\Driver;
@@ -54,6 +55,7 @@ public function load(array $configs, ContainerBuilder $container)
 
         $config = $this->processConfiguration(new Configuration(), $configs);
 
+        $this->configureAccessTokenSaving($loader, $config['authorization_server']);
         $this->configurePersistence($loader, $container, $config);
         $this->configureAuthorizationServer($container, $config['authorization_server']);
         $this->configureResourceServer($container, $config['resource_server']);
@@ -206,6 +208,15 @@ private function configureGrants(ContainerBuilder $container, array $config): vo
         ;
     }
 
+    private function configureAccessTokenSaving(LoaderInterface $loader, array $config): void
+    {
+        if ($config['persist_access_token']) {
+            $loader->load('access_token/default.php');
+        } else {
+            $loader->load('access_token/null.php');
+        }
+    }
+
     /**
      * @throws \Exception
      */
@@ -221,7 +232,7 @@ private function configurePersistence(LoaderInterface $loader, ContainerBuilder
         switch ($persistenceMethod) {
             case 'in_memory':
                 $loader->load('storage/in_memory.php');
-                $this->configureInMemoryPersistence($container);
+                $this->configureInMemoryPersistence($container, $config);
                 break;
             case 'doctrine':
                 $loader->load('storage/doctrine.php');
@@ -241,6 +252,7 @@ private function configureDoctrinePersistence(ContainerBuilder $container, array
         $container
             ->findDefinition(AccessTokenManager::class)
             ->replaceArgument(0, $entityManager)
+            ->replaceArgument(1, $config['authorization_server']['persist_access_token'])
         ;
 
         $container
@@ -267,14 +279,19 @@ private function configureDoctrinePersistence(ContainerBuilder $container, array
         $container
             ->findDefinition(Driver::class)
             ->replaceArgument(0, $config['client']['classname'])
+            ->replaceArgument(1, $config['authorization_server']['persist_access_token'])
         ;
 
         $container->setParameter('league.oauth2_server.persistence.doctrine.enabled', true);
         $container->setParameter('league.oauth2_server.persistence.doctrine.manager', $entityManagerName);
     }
 
-    private function configureInMemoryPersistence(ContainerBuilder $container): void
+    private function configureInMemoryPersistence(ContainerBuilder $container, array $config): void
     {
+        $container
+            ->findDefinition(InMemoryAccessTokenManager::class)
+            ->replaceArgument(0, $config['authorization_server']['persist_access_token'])
+        ;
         $container->setParameter('league.oauth2_server.persistence.in_memory.enabled', true);
     }
 

src/Manager/InMemory/AccessTokenManager.php

@@ -14,21 +14,41 @@ final class AccessTokenManager implements AccessTokenManagerInterface
      */
     private $accessTokens = [];
 
+    /** @var bool */
+    private $persistAccessToken;
+
+    public function __construct(bool $persistAccessToken)
+    {
+        $this->persistAccessToken = $persistAccessToken;
+    }
+
     /**
      * @psalm-mutation-free
      */
     public function find(string $identifier): ?AccessToken
     {
+        if (!$this->persistAccessToken) {
+            return null;
+        }
+
         return $this->accessTokens[$identifier] ?? null;
     }
 
     public function save(AccessToken $accessToken): void
     {
+        if (!$this->persistAccessToken) {
+            return;
+        }
+
         $this->accessTokens[$accessToken->getIdentifier()] = $accessToken;
     }
 
     public function clearExpired(): int
     {
+        if (!$this->persistAccessToken) {
+            return 0;
+        }
+
         $count = \count($this->accessTokens);
 
         $now = new \DateTimeImmutable();

src/Manager/Null/AccessTokenManager.php

@@ -0,0 +1,25 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Manager\Null;
+
+use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Model\AccessToken;
+
+final class AccessTokenManager implements AccessTokenManagerInterface
+{
+    public function find(string $identifier): ?AccessToken
+    {
+        return null;
+    }
+
+    public function save(AccessToken $accessToken): void
+    {
+    }
+
+    public function clearExpired(): int
+    {
+        return 0;
+    }
+}

src/Persistence/Mapping/Driver.php

@@ -25,9 +25,13 @@ class Driver implements MappingDriver
      */
     private $clientClass;
 
-    public function __construct(string $clientClass)
+    /** @var bool */
+    private $persistAccessToken;
+
+    public function __construct(string $clientClass, bool $persistAccessToken)
     {
         $this->clientClass = $clientClass;
+        $this->persistAccessToken = $persistAccessToken;
     }
 
     public function loadMetadataForClass($className, ClassMetadata $metadata): void
@@ -63,11 +67,11 @@ public function getAllClassNames(): array
         return array_merge(
             [
                 AbstractClient::class,
-                AccessToken::class,
                 AuthorizationCode::class,
                 RefreshToken::class,
             ],
-            Client::class === $this->clientClass ? [Client::class] : []
+            Client::class === $this->clientClass ? [Client::class] : [],
+            $this->persistAccessToken ? [AccessToken::class] : []
         );
     }
 
@@ -126,12 +130,18 @@ private function buildClientMetadata(ClassMetadata $metadata): void
 
     private function buildRefreshTokenMetadata(ClassMetadata $metadata): void
     {
-        (new ClassMetadataBuilder($metadata))
+        $classMetadataBuilder = (new ClassMetadataBuilder($metadata))
             ->setTable('oauth2_refresh_token')
             ->createField('identifier', 'string')->makePrimaryKey()->length(80)->option('fixed', true)->build()
             ->addField('expiry', 'datetime_immutable')
             ->addField('revoked', 'boolean')
-            ->createManyToOne('accessToken', AccessToken::class)->addJoinColumn('access_token', 'identifier', true, false, 'SET NULL')->build()
         ;
+
+        if ($this->persistAccessToken) {
+            $classMetadataBuilder->createManyToOne('accessToken', AccessToken::class)
+                                 ->addJoinColumn('access_token', 'identifier', true, false, 'SET NULL')
+                                 ->build()
+            ;
+        }
     }
 }

src/Repository/NullAccessTokenRepository.php

@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Repository;
+
+use League\Bundle\OAuth2ServerBundle\Entity\AccessToken as AccessTokenEntity;
+use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+
+final class NullAccessTokenRepository implements AccessTokenRepositoryInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null): AccessTokenEntityInterface
+    {
+        /** @var int|string|null $userIdentifier */
+        $accessToken = new AccessTokenEntity();
+        $accessToken->setClient($clientEntity);
+        $accessToken->setUserIdentifier($userIdentifier);
+
+        foreach ($scopes as $scope) {
+            $accessToken->addScope($scope);
+        }
+
+        return $accessToken;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity): void
+    {
+        // do nothing
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function revokeAccessToken($tokenId): void
+    {
+        // do nothing
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isAccessTokenRevoked($tokenId): bool
+    {
+        return false;
+    }
+}

src/Resources/config/access_token/default.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
+use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Repository\AccessTokenRepository;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
+
+return static function (ContainerConfigurator $container): void {
+    $container->services()
+
+        ->set('league.oauth2_server.repository.access_token', AccessTokenRepository::class)
+            ->args([
+                service(AccessTokenManagerInterface::class),
+                service(ClientManagerInterface::class),
+                service(ScopeConverterInterface::class),
+            ])
+        ->alias(AccessTokenRepositoryInterface::class, 'league.oauth2_server.repository.access_token')
+        ->alias(AccessTokenRepository::class, 'league.oauth2_server.repository.access_token');
+};

src/Resources/config/access_token/null.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+use League\Bundle\OAuth2ServerBundle\Manager\AccessTokenManagerInterface;
+use League\Bundle\OAuth2ServerBundle\Manager\Null\AccessTokenManager;
+use League\Bundle\OAuth2ServerBundle\Repository\AccessTokenRepository;
+use League\Bundle\OAuth2ServerBundle\Repository\NullAccessTokenRepository;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
+
+return static function (ContainerConfigurator $container): void {
+    $container->services()
+        ->set('league.oauth2_server.repository.access_token', NullAccessTokenRepository::class)
+        ->alias(AccessTokenRepositoryInterface::class, 'league.oauth2_server.repository.access_token')
+        ->alias(AccessTokenRepository::class, 'league.oauth2_server.repository.access_token')
+
+        ->set('league.oauth2_server.manager.null.access_token', AccessTokenManager::class)
+        ->alias(AccessTokenManagerInterface::class, 'league.oauth2_server.manager.null.access_token')
+        ->alias(AccessTokenManager::class, 'league.oauth2_server.manager.null.access_token');
+};

src/Resources/config/services.php

@@ -28,7 +28,6 @@
 use League\Bundle\OAuth2ServerBundle\Manager\RefreshTokenManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ScopeManagerInterface;
 use League\Bundle\OAuth2ServerBundle\OAuth2Events;
-use League\Bundle\OAuth2ServerBundle\Repository\AccessTokenRepository;
 use League\Bundle\OAuth2ServerBundle\Repository\AuthCodeRepository;
 use League\Bundle\OAuth2ServerBundle\Repository\ClientRepository;
 use League\Bundle\OAuth2ServerBundle\Repository\RefreshTokenRepository;
@@ -70,15 +69,6 @@
         ->alias(ClientRepositoryInterface::class, 'league.oauth2_server.repository.client')
         ->alias(ClientRepository::class, 'league.oauth2_server.repository.client')
 
-        ->set('league.oauth2_server.repository.access_token', AccessTokenRepository::class)
-            ->args([
-                service(AccessTokenManagerInterface::class),
-                service(ClientManagerInterface::class),
-                service(ScopeConverterInterface::class),
-            ])
-        ->alias(AccessTokenRepositoryInterface::class, 'league.oauth2_server.repository.access_token')
-        ->alias(AccessTokenRepository::class, 'league.oauth2_server.repository.access_token')
-
         ->set('league.oauth2_server.repository.refresh_token', RefreshTokenRepository::class)
             ->args([
                 service(RefreshTokenManagerInterface::class),

src/Resources/config/storage/doctrine.php

@@ -23,6 +23,7 @@
         ->set('league.oauth2_server.persistence.driver', Driver::class)
             ->args([
                 null,
+                null,
             ])
         ->alias(Driver::class, 'league.oauth2_server.persistence.driver')
 
@@ -38,6 +39,7 @@
         ->set('league.oauth2_server.manager.doctrine.access_token', AccessTokenManager::class)
             ->args([
                 null,
+                null,
             ])
         ->alias(AccessTokenManagerInterface::class, 'league.oauth2_server.manager.doctrine.access_token')
         ->alias(AccessTokenManager::class, 'league.oauth2_server.manager.doctrine.access_token')