Search code examples
phplaraveloauth-2.0laravel-5.3laravel-passport

laravel passport revoke and prune event listener is not doing anything

I've added this two event listeners to my : EventServiceProvider

/**
 * The event listener mappings for the application.
 *
 * @var array
 */
protected $listen = [
    'Laravel\Passport\Events\AccessTokenCreated' => [
        'App\Listeners\RevokeOldTokens',
    ],

    'Laravel\Passport\Events\RefreshTokenCreated' => [
        'App\Listeners\PruneOldTokens',
    ],
];

And in my AuthServiceProvider I have : 

 public function boot()
    {
        $this->registerPolicies();

        Passport::routes();
        passport::$revokeOtherTokens;
        passport::$pruneRevokedTokens;
        Passport::tokensExpireIn(Carbon::now()->addDays(1));
        Passport::refreshTokensExpireIn(Carbon::now()->addDays(2));

    }

I want passport to revoke all other user access tokens and then prune them if they are revoked. but nothing is happening and every time I request an access token from postman I get a new access Token while there are several access tokens in the database.

Solution

  • I've Solved My problem This way : Step1 - In EventServiceProvider should change the path to the Access Token created and also refresh token created : 

     protected $listen = [
        'Laravel\Passport\Events\AccessTokenCreated' => [
            'App\Listeners\RevokeOldTokens',
        ],

        'Laravel\Passport\Events\RefreshTokenCreated' => [
            'App\Listeners\PruneOldTokens',
        ],
    ];

    Step2- generate this two listeners events : 

    php artisan event:generate

    Step3- Modify AccessTokenCreated & RefreshTokenCreated event handle methods :

    RevokeOldTokens Class :

    namespace App\Listeners;

use Laravel\Passport\Events\AccessTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;

class RevokeOldTokens
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  AccessTokenCreated  $event
     * @return void
     */
    public function handle(AccessTokenCreated $event)
    {


        DB::table('oauth_access_tokens')
            ->where('id', '<>', $event->tokenId)
            ->where('user_id', $event->userId)
            ->where('client_id', $event->clientId)
            ->update(['revoked' => true]);


    }
}

    PruneOldTokens Class :

    namespace App\Listeners;

use Laravel\Passport\Events\RefreshTokenCreated;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Contracts\Queue\ShouldQueue;
use DB;

class PruneOldTokens
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  RefreshTokenCreated  $event
     * @return void
     */
    public function handle(RefreshTokenCreated $event)
    {

        DB::table('oauth_refresh_tokens')
            ->where('id', '<>', $event->refreshTokenId)
            ->where('access_token_id', '<>', $event->accessTokenId)
            ->update(['revoked' => true]);

    }
}

    After This steps if I send any request to my project it will check for tokens and if there is another token it will revoke it and make it unathorized.