MAGETWO-31999: oAuth issue [from github]

- Fixed consumer expiry calculation to be more deterministic and removed use of Stdlib\DateTime\DateTime from Token provider

Author: anupdugar

app/code/Magento/Integration/Model/Oauth/Consumer.php

@@ -165,4 +165,15 @@ public function getCreatedAt()
     {
         return $this->getData('created_at');
     }
+
+    /**
+     * Get time in seconds since consumer was created
+     *
+     * @param int $consumerId
+     * @return int - time lapsed in seconds
+     */
+    public function getTimeInSecondsSinceCreation($consumerId)
+    {
+        return $this->getResource()->getTimeInSecondsSinceCreation($consumerId);
+    }
 }

app/code/Magento/Integration/Model/Oauth/Token/Provider.php

@@ -26,11 +26,6 @@ class Provider implements TokenProviderInterface
      */
     protected $_dataHelper;
 
-    /**
-     * @var \Magento\Framework\Stdlib\DateTime\DateTime
-     */
-    protected $_date;
-
     /**
      * @var Token
      */
@@ -40,20 +35,17 @@ class Provider implements TokenProviderInterface
      * @param \Magento\Integration\Model\Oauth\Consumer\Factory $consumerFactory
      * @param \Magento\Integration\Model\Oauth\Token\Factory $tokenFactory
      * @param \Magento\Integration\Helper\Oauth\Data $dataHelper
-     * @param \Magento\Framework\Stdlib\DateTime\DateTime $date
      * @param Token $token
      */
     public function __construct(
         \Magento\Integration\Model\Oauth\Consumer\Factory $consumerFactory,
         \Magento\Integration\Model\Oauth\Token\Factory $tokenFactory,
         \Magento\Integration\Helper\Oauth\Data $dataHelper,
-        \Magento\Framework\Stdlib\DateTime\DateTime $date,
         Token $token
     ) {
         $this->_consumerFactory = $consumerFactory;
         $this->_tokenFactory = $tokenFactory;
         $this->_dataHelper = $dataHelper;
-        $this->_date = $date;
         $this->token = $token;
     }
 
@@ -62,10 +54,9 @@ public function __construct(
      */
     public function validateConsumer($consumer)
     {
-        // Must use consumer within expiration period.
-        $consumerTS = strtotime($consumer->getCreatedAt());
         $expiry = $this->_dataHelper->getConsumerExpirationPeriod();
-        if ($this->_date->timestamp() - $consumerTS > $expiry) {
+        // Must use consumer within expiration period.
+        if ($this->_consumerFactory->create()->getTimeInSecondsSinceCreation($consumer->getId()) > $expiry) {
             throw new \Magento\Framework\Oauth\Exception(
                 'Consumer key has expired'
             );

app/code/Magento/Integration/Model/Resource/Oauth/Consumer.php

@@ -56,4 +56,22 @@ public function _afterDelete(\Magento\Framework\Model\AbstractModel $object)
         $adapter->delete($this->getTable('oauth_token'), ['consumer_id' => $object->getId()]);
         return parent::_afterDelete($object);
     }
+
+    /**
+     * Compute time in seconds since consumer was created.
+     *
+     * @param int $consumerId - The consumer id
+     * @return int - time lapsed in seconds
+     */
+    public function getTimeInSecondsSinceCreation($consumerId)
+    {
+        $adapter = $this->_getReadAdapter();
+        $select = $adapter->select()
+            ->from($this->getMainTable())
+            ->reset(\Zend_Db_Select::COLUMNS)
+            ->columns('CURRENT_TIMESTAMP() - created_at')
+            ->where('entity_id = ?', $consumerId);
+
+        return $adapter->fetchOne($select);
+    }
 }

dev/tests/unit/testsuite/Magento/Integration/Oauth/OauthTest.php

@@ -65,6 +65,7 @@ public function setUp()
                     'getCallbackUrl',
                     'save',
                     'getData',
+                    'getTimeInSecondsSinceCreation',
                     '__wakeup',
                 ]
             )
@@ -122,7 +123,6 @@ public function setUp()
             $this->_consumerFactory,
             $this->_tokenFactory,
             $this->_dataHelperMock,
-            $this->_dateMock,
             $this->_tokenMock
         );
         $this->_oauth = new \Magento\Framework\Oauth\Oauth(
@@ -218,7 +218,10 @@ public function testGetRequestTokenConsumerKeyNotFound()
     public function testGetRequestTokenOutdatedConsumerKey()
     {
         $this->_setupConsumer();
-        $this->_dateMock->expects($this->any())->method('timestamp')->will($this->returnValue(9999999999));
+        $this->_consumerMock
+            ->expects($this->any())
+            ->method('getTimeInSecondsSinceCreation')
+            ->will($this->returnValue(9999999999));
         $this->_dataHelperMock->expects(
             $this->once()
         )->method(
@@ -267,14 +270,14 @@ protected function _setupConsumer($isLoadable = true)
 
     protected function _makeValidExpirationPeriod()
     {
-        $this->_dateMock->expects($this->any())->method('timestamp')->will($this->returnValue(0));
-        $this->_dataHelperMock->expects(
-            $this->once()
-        )->method(
-            'getConsumerExpirationPeriod'
-        )->will(
-            $this->returnValue(300)
-        );
+        $this->_consumerMock
+            ->expects($this->any())
+            ->method('getTimeInSecondsSinceCreation')
+            ->will($this->returnValue(0));
+        $this->_dataHelperMock
+            ->expects($this->once())
+            ->method('getConsumerExpirationPeriod')
+            ->will($this->returnValue(300));
     }
 
     /**