MC-32830: Do not store admin and customer tokens in DB

Author: ogorkun

app/code/Magento/Integration/Model/Oauth/Token.php

@@ -9,8 +9,11 @@
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Oauth\Exception as OauthException;
 use Magento\Framework\Oauth\Helper\Oauth as OauthHelper;
+use Magento\Integration\Api\Data\UserTokenParametersInterfaceFactory;
 use Magento\Integration\Api\Exception\UserTokenException;
+use Magento\Integration\Api\UserTokenIssuerInterface;
 use Magento\Integration\Api\UserTokenReaderInterface;
+use Magento\Integration\Model\CustomUserContext;
 use Magento\Integration\Model\ResourceModel\Oauth\Token\Collection as TokenCollection;
 
 /**
@@ -84,6 +87,16 @@ class Token extends \Magento\Framework\Model\AbstractModel
      */
     private $reader;
 
+    /**
+     * @var UserTokenIssuerInterface
+     */
+    private $issuer;
+
+    /**
+     * @var UserTokenParametersInterfaceFactory
+     */
+    private $tokenParamsFactory;
+
     /**
      * Initialize dependencies.
      *
@@ -98,6 +111,8 @@ class Token extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
      * @param UserTokenReaderInterface|null $reader
+     * @param UserTokenIssuerInterface|null $issuer
+     * @param UserTokenParametersInterfaceFactory|null $paramsFactory
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -111,7 +126,9 @@ public function __construct(
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
         array $data = [],
-        ?UserTokenReaderInterface $reader = null
+        ?UserTokenReaderInterface $reader = null,
+        ?UserTokenIssuerInterface $issuer = null,
+        ?UserTokenParametersInterfaceFactory $paramsFactory = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
         $this->_keyLengthFactory = $keyLengthFactory;
@@ -120,6 +137,8 @@ public function __construct(
         $this->_oauthData = $oauthData;
         $this->_oauthHelper = $oauthHelper;
         $this->reader = ObjectManager::getInstance()->get(UserTokenReaderInterface::class);
+        $this->issuer = ObjectManager::getInstance()->get(UserTokenIssuerInterface::class);
+        $this->tokenParamsFactory = ObjectManager::getInstance()->get(UserTokenParametersInterfaceFactory::class);
     }
 
     /**
@@ -195,23 +214,35 @@ public function convertToAccess()
      *
      * @param int $userId
      * @return $this
+     * @deprecated New proper SPI for warking with tokens has been introduced.
+     * @see UserTokenIssuerInterface
      */
     public function createAdminToken($userId)
     {
-        $this->setAdminId($userId);
-        return $this->saveAccessToken(UserContextInterface::USER_TYPE_ADMIN);
+        return $this->loadByToken(
+            $this->issuer->create(
+                new CustomUserContext((int) $userId, UserContextInterface::USER_TYPE_ADMIN),
+                $this->tokenParamsFactory->create()
+            )
+        );
     }
 
     /**
      * Create access token for a customer
      *
      * @param int $userId
      * @return $this
+     * @deprecated New proper SPI for warking with tokens has been introduced.
+     * @see UserTokenIssuerInterface
      */
     public function createCustomerToken($userId)
     {
-        $this->setCustomerId($userId);
-        return $this->saveAccessToken(UserContextInterface::USER_TYPE_CUSTOMER);
+        return $this->loadByToken(
+            $this->issuer->create(
+                new CustomUserContext((int) $userId, UserContextInterface::USER_TYPE_CUSTOMER),
+                $this->tokenParamsFactory->create()
+            )
+        );
     }
 
     /**
@@ -386,6 +417,7 @@ public function loadByToken($token)
             $this->setAdminId($data->getUserContext()->getUserId());
         }
         $this->setId(PHP_INT_MAX);
+        $this->setToken($token);
 
         return $this;
     }

app/code/Magento/Integration/Model/OpaqueToken/Issuer.php

@@ -14,6 +14,7 @@
 use Magento\Integration\Api\UserTokenIssuerInterface;
 use Magento\Integration\Model\Oauth\Token;
 use Magento\Integration\Model\Oauth\TokenFactory as TokenModelFactory;
+use Magento\Framework\Oauth\Helper\Oauth as OauthHelper;
 
 /**
  * Issues opaque tokens (legacy).
@@ -25,12 +26,18 @@ class Issuer implements UserTokenIssuerInterface
      */
     private $tokenFactory;
 
+    /**
+     * @var OauthHelper
+     */
+    private $helper;
+
     /**
      * @param TokenModelFactory $tokenFactory
      */
-    public function __construct(TokenModelFactory $tokenFactory)
+    public function __construct(TokenModelFactory $tokenFactory, OauthHelper $helper)
     {
         $this->tokenFactory = $tokenFactory;
+        $this->helper = $helper;
     }
 
     /**
@@ -42,20 +49,24 @@ public function create(UserContextInterface $userContext, UserTokenParametersInt
         $token = $this->tokenFactory->create();
 
         if ($userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
-            $token = $token->createCustomerToken($userContext->getUserId());
+            $token->setAdminId($userContext->getUserId());
         } elseif ($userContext->getUserType() === UserContextInterface::USER_TYPE_ADMIN) {
             $token = $token->createAdminToken($userContext->getUserId());
         } else {
             throw new UserTokenException('Can only create tokens for customers and admin users');
         }
-
+        $token->setUserType($userContext->getUserType());
+        $token->setType(Token::TYPE_ACCESS);
+        $token->setToken($this->helper->generateToken());
+        $token->setSecret($this->helper->generateTokenSecret());
         if ($params->getForcedIssuedTime()) {
             if ($params->getForcedIssuedTime()->getTimezone()->getName() !== 'UTC') {
                 throw new UserTokenException('Invalid forced issued time provided');
             }
             $token->setCreatedAt($params->getForcedIssuedTime()->format('Y-m-d H:i:s'));
-            $token->save();
         }
+        $token = $token->save();
+
 
         return $token->getToken();
     }

app/code/Magento/Integration/Model/OpaqueToken/Reader.php

@@ -45,7 +45,7 @@ public function read(string $token): UserToken
     {
         /** @var Token $tokenModel */
         $tokenModel = $this->tokenFactory->create();
-        $tokenModel = $tokenModel->loadByToken($token);
+        $tokenModel = $tokenModel->load($token, 'token');
 
         if (!$tokenModel->getId()) {
             throw new UserTokenException('Token does not exist');

app/code/Magento/JwtUserToken/etc/db_schema_whitelist.json

@@ -6,7 +6,7 @@
             "revoke_before": true
         },
         "constraint": {
-            "JWT_AUTH_REVOKED_USER_TYPE_ID_USER_ID": true
+            "PRIMARY": true
         }
     }
 }