Add support for multiple access tokens per user (#977)

modules/restful_token_auth/src/Entity/RestfulTokenAuthController.php

@@ -56,19 +56,6 @@ public function generateAccessToken($uid) {
    *   The token entity.
    */
   private function generateRefreshToken($uid) {
-    // Check if there are other refresh tokens for the user.
-    $query = new \EntityFieldQuery();
-    $results = $query
-      ->entityCondition('entity_type', 'restful_token_auth')
-      ->entityCondition('bundle', 'refresh_token')
-      ->propertyCondition('uid', $uid)
-      ->execute();
-
-    if (!empty($results['restful_token_auth'])) {
-      // Delete the tokens.
-      entity_delete_multiple('restful_token_auth', array_keys($results['restful_token_auth']));
-    }
-
     // Create a new refresh token.
     $values = array(
       'uid' => $uid,

modules/restful_token_auth/src/Plugin/resource/AccessToken__1_0.php

@@ -46,7 +46,7 @@ public function controllersInfo() {
     return array(
       '' => array(
         // Get or create a new token.
-        RequestInterface::METHOD_GET => 'getOrCreateToken',
+        RequestInterface::METHOD_GET => 'createToken',
         RequestInterface::METHOD_OPTIONS => 'discover',
       ),
     );
@@ -55,9 +55,10 @@ public function controllersInfo() {
   /**
    * Create a token for a user, and return its value.
    */
-  public function getOrCreateToken() {
+  public function createToken() {
     $entity_type = $this->getEntityType();
     $account = $this->getAccount();
+
     // Check if there is a token that did not expire yet.
     /* @var DataProviderEntityInterface $data_provider */
     $data_provider = $this->getDataProvider();
@@ -66,32 +67,25 @@ public function getOrCreateToken() {
       ->entityCondition('entity_type', $entity_type)
       ->entityCondition('bundle', 'access_token')
       ->propertyCondition('uid', $account->uid)
-      ->range(0, 1)
       ->execute();
 
-    $token_exists = FALSE;
-
     if (!empty($result[$entity_type])) {
-      $id = key($result[$entity_type]);
-      $access_token = entity_load_single($entity_type, $id);
-
-      $token_exists = TRUE;
-      if (!empty($access_token->expire) && $access_token->expire < REQUEST_TIME) {
-        if (variable_get('restful_token_auth_delete_expired_tokens', TRUE)) {
-          // Token has expired, so we can delete this token.
-          $access_token->delete();
+      foreach ($result[$entity_type] as $id => $value) {
+        $access_token = entity_load_single($entity_type, $id);
+        if (!empty($access_token->expire) && $access_token->expire < REQUEST_TIME) {
+          if (variable_get('restful_token_auth_delete_expired_tokens', TRUE)) {
+            // Token has expired, so we can delete this token.
+            $access_token->delete();
+          }
         }
-
-        $token_exists = FALSE;
       }
     }
 
-    if (!$token_exists) {
-      /* @var \Drupal\restful_token_auth\Entity\RestfulTokenAuthController $controller */
-      $controller = entity_get_controller($this->getEntityType());
-      $access_token = $controller->generateAccessToken($account->uid);
-      $id = $access_token->id;
-    }
+    /* @var \Drupal\restful_token_auth\Entity\RestfulTokenAuthController $controller */
+    $controller = entity_get_controller($this->getEntityType());
+    $access_token = $controller->generateAccessToken($account->uid);
+    $id = $access_token->id;
+
     $output = $this->view($id);
 
     return $output;