search

laravel / passport

Laravel Passport provides OAuth2 server support to Laravel.
https://laravel.com/docs/passport
MIT License
3.28k stars 777 forks source link

[13.x] Fix determining revoked records #1751

Closed hafezdivandari closed 3 months ago

hafezdivandari commented 4 months ago

This PR fixes how we determine if the specified record is revoked and adds integration tests for this.

Auth Code

If the given auth code does not exist (removed), Bridge/AuthCodeRepository::isAuthCodeRevoked() returns false mistakenly.

Access Token

TokenRepository::isAccessTokenRevoked() is using find to determine if the given access token is revoked, this causes performance issue as TokenGaurd calls find twice on every request.

Refresh Token

RefreshTokenRepository::isRefreshTokenRevoked() also uses find to determine if the given refresh token is revoked.

github-actions[bot] commented 4 months ago

Thanks for submitting a PR!

Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface.

Pull requests that are abandoned in draft may be closed due to inactivity.

driesvints commented 4 months ago

I guess this solves the long outstanding https://github.com/laravel/passport/issues/382 issue? If that's the case then we should definitely give this a go.