No OneTemporary
Actions

Size

12 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php b/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
	index b1590b9c82..7133cff042 100644
	--- a/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
	+++ b/src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
	@@ -1,285 +1,285 @@
	<?php

	abstract class PhabricatorOAuth1AuthProvider
	extends PhabricatorOAuthAuthProvider {

	protected $adapter;

	const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key';
	const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret';
	const PROPERTY_PRIVATE_KEY = 'oauth1:private:key';

	protected function getIDKey() {
	return self::PROPERTY_CONSUMER_KEY;
	}

	protected function getSecretKey() {
	return self::PROPERTY_CONSUMER_SECRET;
	}

	protected function configureAdapter(PhutilOAuth1AuthAdapter $adapter) {
	$config = $this->getProviderConfig();
	$adapter->setConsumerKey($config->getProperty(self::PROPERTY_CONSUMER_KEY));
	$secret = $config->getProperty(self::PROPERTY_CONSUMER_SECRET);
	if (phutil_nonempty_string($secret)) {
	$adapter->setConsumerSecret(new PhutilOpaqueEnvelope($secret));
	}
	$adapter->setCallbackURI(PhabricatorEnv::getURI($this->getLoginURI()));
	return $adapter;
	}

	protected function renderLoginForm(AphrontRequest $request, $mode) {
	$attributes = array(
	'method' => 'POST',
	'uri' => $this->getLoginURI(),
	);
	return $this->renderStandardLoginButton($request, $mode, $attributes);
	}

	public function processLoginRequest(
	PhabricatorAuthLoginController $controller) {

	$request = $controller->getRequest();
	$adapter = $this->getAdapter();
	$account = null;
	$response = null;

	if ($request->isHTTPPost()) {
	// Add a CSRF code to the callback URI, which we'll verify when
	// performing the login.

	$client_code = $this->getAuthCSRFCode($request);

	$callback_uri = $adapter->getCallbackURI();
	$callback_uri = $callback_uri.$client_code.'/';
	$adapter->setCallbackURI($callback_uri);

	$uri = $adapter->getClientRedirectURI();

	$this->saveHandshakeTokenSecret(
	$client_code,
	$adapter->getTokenSecret());

	$response = id(new AphrontRedirectResponse())
	->setIsExternal(true)
	->setURI($uri);
	return array($account, $response);
	}

	$denied = $request->getStr('denied');
	- if (strlen($denied)) {
	+ if ($denied) {
	// Twitter indicates that the user cancelled the login attempt by
	// returning "denied" as a parameter.
	throw new PhutilAuthUserAbortedException();
	}

	// NOTE: You can get here via GET, this should probably be a bit more
	// user friendly.

	$this->verifyAuthCSRFCode($request, $controller->getExtraURIData());

	$token = $request->getStr('oauth_token');
	$verifier = $request->getStr('oauth_verifier');

	if (!$token) {
	throw new Exception(pht("Expected '%s' in request!", 'oauth_token'));
	}

	if (!$verifier) {
	throw new Exception(pht("Expected '%s' in request!", 'oauth_verifier'));
	}

	$adapter->setToken($token);
	$adapter->setVerifier($verifier);

	$client_code = $this->getAuthCSRFCode($request);
	$token_secret = $this->loadHandshakeTokenSecret($client_code);
	$adapter->setTokenSecret($token_secret);

	// NOTE: As a side effect, this will cause the OAuth adapter to request
	// an access token.

	try {
	$identifiers = $adapter->getAccountIdentifiers();
	} catch (Exception $ex) {
	// TODO: Handle this in a more user-friendly way.
	throw $ex;
	}

	if (!$identifiers) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'The OAuth provider failed to retrieve an account ID.'));

	return array($account, $response);
	}

	$account = $this->newExternalAccountForIdentifiers($identifiers);

	return array($account, $response);
	}

	public function processEditForm(
	AphrontRequest $request,
	array $values) {

	$key_ckey = self::PROPERTY_CONSUMER_KEY;
	$key_csecret = self::PROPERTY_CONSUMER_SECRET;

	return $this->processOAuthEditForm(
	$request,
	$values,
	pht('Consumer key is required.'),
	pht('Consumer secret is required.'));
	}

	public function extendEditForm(
	AphrontRequest $request,
	AphrontFormView $form,
	array $values,
	array $issues) {

	return $this->extendOAuthEditForm(
	$request,
	$form,
	$values,
	$issues,
	pht('OAuth Consumer Key'),
	pht('OAuth Consumer Secret'));
	}

	public function renderConfigPropertyTransactionTitle(
	PhabricatorAuthProviderConfigTransaction $xaction) {

	$author_phid = $xaction->getAuthorPHID();
	$old = $xaction->getOldValue();
	$new = $xaction->getNewValue();
	$key = $xaction->getMetadataValue(
	PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);

	switch ($key) {
	case self::PROPERTY_CONSUMER_KEY:
	if (strlen($old)) {
	return pht(
	'%s updated the OAuth consumer key for this provider from '.
	'"%s" to "%s".',
	$xaction->renderHandleLink($author_phid),
	$old,
	$new);
	} else {
	return pht(
	'%s set the OAuth consumer key for this provider to '.
	'"%s".',
	$xaction->renderHandleLink($author_phid),
	$new);
	}
	case self::PROPERTY_CONSUMER_SECRET:
	if (strlen($old)) {
	return pht(
	'%s updated the OAuth consumer secret for this provider.',
	$xaction->renderHandleLink($author_phid));
	} else {
	return pht(
	'%s set the OAuth consumer secret for this provider.',
	$xaction->renderHandleLink($author_phid));
	}
	}

	return parent::renderConfigPropertyTransactionTitle($xaction);
	}

	protected function synchronizeOAuthAccount(
	PhabricatorExternalAccount $account) {
	$adapter = $this->getAdapter();

	$oauth_token = $adapter->getToken();
	$oauth_token_secret = $adapter->getTokenSecret();

	$account->setProperty('oauth1.token', $oauth_token);
	$account->setProperty('oauth1.token.secret', $oauth_token_secret);
	}

	public function willRenderLinkedAccount(
	PhabricatorUser $viewer,
	PHUIObjectItemView $item,
	PhabricatorExternalAccount $account) {

	$item->addAttribute(pht('OAuth1 Account'));

	parent::willRenderLinkedAccount($viewer, $item, $account);
	}

	protected function getContentSecurityPolicyFormActions() {
	return $this->getAdapter()->getContentSecurityPolicyFormActions();
	}

	/* -( Temporary Secrets )-------------------------------------------------- */


	private function saveHandshakeTokenSecret($client_code, $secret) {
	$secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE;
	$key = $this->getHandshakeTokenKeyFromClientCode($client_code);
	$type = $this->getTemporaryTokenType($secret_type);

	// Wipe out an existing token, if one exists.
	$token = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withTokenResources(array($key))
	->withTokenTypes(array($type))
	->executeOne();
	if ($token) {
	$token->delete();
	}

	// Save the new secret.
	id(new PhabricatorAuthTemporaryToken())
	->setTokenResource($key)
	->setTokenType($type)
	->setTokenExpires(time() + phutil_units('1 hour in seconds'))
	->setTokenCode($secret)
	->save();
	}

	private function loadHandshakeTokenSecret($client_code) {
	$secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE;
	$key = $this->getHandshakeTokenKeyFromClientCode($client_code);
	$type = $this->getTemporaryTokenType($secret_type);

	$token = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withTokenResources(array($key))
	->withTokenTypes(array($type))
	->withExpired(false)
	->executeOne();

	if (!$token) {
	throw new Exception(
	pht(
	'Unable to load your OAuth1 token secret from storage. It may '.
	'have expired. Try authenticating again.'));
	}

	return $token->getTokenCode();
	}

	private function getTemporaryTokenType($core_type) {
	// Namespace the type so that multiple providers don't step on each
	// others' toes if a user starts Mediawiki and Bitbucket auth at the
	// same time.

	// TODO: This isn't really a proper use of the table and should get
	// cleaned up some day: the type should be constant.

	return $core_type.':'.$this->getProviderConfig()->getID();
	}

	private function getHandshakeTokenKeyFromClientCode($client_code) {
	// NOTE: This is very slightly coercive since the TemporaryToken table
	// expects an "objectPHID" as an identifier, but nothing about the storage
	// is bound to PHIDs.

	return 'oauth1:secret/'.$client_code;
	}

	}
	diff --git a/src/applications/auth/view/PhabricatorAuthAccountView.php b/src/applications/auth/view/PhabricatorAuthAccountView.php
	index 9746be7841..f903f45d26 100644
	--- a/src/applications/auth/view/PhabricatorAuthAccountView.php
	+++ b/src/applications/auth/view/PhabricatorAuthAccountView.php
	@@ -1,113 +1,114 @@
	<?php

	final class PhabricatorAuthAccountView extends AphrontView {

	private $externalAccount;
	private $provider;

	public function setExternalAccount(
	PhabricatorExternalAccount $external_account) {
	$this->externalAccount = $external_account;
	return $this;
	}

	public function setAuthProvider(PhabricatorAuthProvider $provider) {
	$this->provider = $provider;
	return $this;
	}

	public function render() {
	$account = $this->externalAccount;
	$provider = $this->provider;

	require_celerity_resource('auth-css');

	$content = array();

	$dispname = $account->getDisplayName();
	$username = $account->getUsername();
	$realname = $account->getRealName();

	$use_name = null;
	- if (strlen($dispname)) {
	+ if (phutil_nonempty_string($dispname)) {
	$use_name = $dispname;
	- } else if (strlen($username) && strlen($realname)) {
	+ } else if (phutil_nonempty_string($username) &&
	+ phutil_nonempty_string($realname)) {
	$use_name = $username.' ('.$realname.')';
	- } else if (strlen($username)) {
	+ } else if (phutil_nonempty_string($username)) {
	$use_name = $username;
	- } else if (strlen($realname)) {
	+ } else if (phutil_nonempty_string($realname)) {
	$use_name = $realname;
	}

	$content[] = phutil_tag(
	'div',
	array(
	'class' => 'auth-account-view-name',
	),
	$use_name);

	if ($provider) {
	$prov_name = pht('%s Account', $provider->getProviderName());
	} else {
	$prov_name = pht('"%s" Account', $account->getProviderType());
	}

	$content[] = phutil_tag(
	'div',
	array(
	'class' => 'auth-account-view-provider-name',
	),
	array(
	$prov_name,
	));

	$account_uri = $account->getAccountURI();
	if (strlen($account_uri)) {

	// Make sure we don't link a "javascript:" URI if a user somehow
	// managed to get one here.

	if (PhabricatorEnv::isValidRemoteURIForLink($account_uri)) {
	$account_uri = phutil_tag(
	'a',
	array(
	'href' => $account_uri,
	'target' => '_blank',
	'rel' => 'noreferrer',
	),
	$account_uri);
	}

	$content[] = phutil_tag(
	'div',
	array(
	'class' => 'auth-account-view-account-uri',
	),
	$account_uri);
	}

	$image_file = $account->getProfileImageFile();
	$xform = PhabricatorFileTransform::getTransformByKey(
	PhabricatorFileThumbnailTransform::TRANSFORM_PROFILE);
	$image_uri = $image_file->getURIForTransform($xform);
	list($x, $y) = $xform->getTransformedDimensions($image_file);

	$profile_image = phutil_tag(
	'div',
	array(
	'class' => 'auth-account-view-profile-image',
	'style' => 'background-image: url('.$image_uri.');',
	));

	return phutil_tag(
	'div',
	array(
	'class' => 'auth-account-view',
	),
	array(
	$profile_image,
	$content,
	));
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Wed, Apr 30, 1:58 AM (1 d, 1 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 108512
Default Alt Text: (12 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions