Add refresh token service for company and put company data to user lo…

…gin section, And check company_id in token and cache is same

data/user.global.php.dist

@@ -54,6 +54,17 @@ return [
         'private_key' => '', // PATH_TO_FILE
         'iss'         => $baseUrl,
         'aud'         => $baseUrl,
+        'additional'  => [
+            'company_id',
+            'company_title',
+            'identity',
+            'email',
+            'name',
+            'first_name',
+            'last_name',
+            'avatar',
+            'roles',
+        ],
     ],
     'account' => [
         'otp_email'    => [

src/Middleware/AuthenticationMiddleware.php

@@ -104,7 +104,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $type = 'access';
         if (
             isset($routeParams['module'])
-            && $routeParams['module'] == 'user'
+            && in_array($routeParams['module'], ['user', 'company'])
             && isset($routeParams['handler'])
             && $routeParams['handler'] == 'refresh'
         ) {
@@ -179,6 +179,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         $request = $request->withAttribute('account', $user['account']);
         $request = $request->withAttribute('roles', $user['roles']);
         $request = $request->withAttribute('token_id', $tokenParsed['id']);
+        $request = $request->withAttribute('token_data', $tokenParsed['data']);
         $request = $request->withAttribute('current_token', $token);
         return $handler->handle($request);
     }

src/Service/AccountService.php

@@ -307,6 +307,10 @@ public function postLoginSuccess($account, $params): array
         $account['roles']      = $this->roleService->getRoleAccount((int)$account['id']);
         $account['roles_full'] = $this->roleService->canonizeAccountRole($account['roles']);
 
+        // Set company to account if exist
+        $account['company_id']    = $user['authorization']['company_id'] ?? 0;
+        $account['company_title'] = $user['authorization']['company']['title'] ?? '';
+
         // Generate access token
         $accessToken = $this->tokenService->encryptToken(
             [
@@ -1854,20 +1858,19 @@ public function deleteUserByAdmin($params, array $operator = []): array
      *
      * @return array
      */
-    public function refreshToken($params): array
+    public function refreshToken($account, $tokenOldId): array
     {
+        // Generate new token
         $accessToken = $this->tokenService->encryptToken(
             [
-                'user_id' => $params['user_id'],
+                'account' => $account,
                 'type'    => 'access',
-                'roles'   => [
-                    'member',
-                ],
             ]
         );
 
         // Update cache
-        $this->cacheService->setUserItem($params['user_id'], 'access_keys', $accessToken['key']);
+        $this->cacheService->setUserItem($account['id'], 'access_keys', $accessToken['key']);
+        $this->cacheService->deleteUserItem($account['id'], 'access_keys', $tokenOldId);
 
         // Set result array
         return [

src/Service/TokenService.php

@@ -77,6 +77,7 @@ public function decryptToken($token): array
                     'id'      => $decoded->id,
                     'user_id' => $decoded->uid,
                     'type'    => $decoded->type,
+                    'data'    => (array)$decoded,
                 ];
             } elseif (
                 !empty($decoded)
@@ -89,6 +90,7 @@ public function decryptToken($token): array
                     'id'      => $decoded->id,
                     'user_id' => $decoded->uid,
                     'type'    => $decoded->type,
+                    'data'    => (array)$decoded,
                 ];
             } else {
                 return [