Page MenuHomestyx hydra
Files F232892

No OneTemporary
Actions

View Options

diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
index fd991dc22b..1f36e06df3 100644
--- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
@@ -1,350 +1,335 @@
<?php
final class PhabricatorOAuthLoginController
extends PhabricatorAuthController {
private $provider;
private $userID;
private $accessToken;
- private $tokenExpires;
private $oauthState;
public function shouldRequireLogin() {
return false;
}
public function willProcessRequest(array $data) {
$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
}
public function processRequest() {
$current_user = $this->getRequest()->getUser();
$provider = $this->provider;
if (!$provider->isProviderEnabled()) {
return new Aphront400Response();
}
$provider_name = $provider->getProviderName();
$provider_key = $provider->getProviderKey();
$request = $this->getRequest();
if ($request->getStr('error')) {
$error_view = id(new PhabricatorOAuthFailureView())
->setRequest($request);
return $this->buildErrorResponse($error_view);
}
$error_response = $this->retrieveAccessToken($provider);
if ($error_response) {
return $error_response;
}
$userinfo_uri = new PhutilURI($provider->getUserInfoURI());
$userinfo_uri->setQueryParam('access_token', $this->accessToken);
$userinfo_uri = (string)$userinfo_uri;
try {
$user_data_request = new HTTPSFuture($userinfo_uri);
// NOTE: GitHub requires a User-Agent header.
$user_data_request->addHeader('User-Agent', 'Phabricator');
list($body) = $user_data_request->resolvex();
$provider->setUserData($body);
} catch (PhabricatorOAuthProviderException $e) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView(), $e);
}
$provider->setAccessToken($this->accessToken);
$user_id = $provider->retrieveUserID();
$provider_key = $provider->getProviderKey();
$oauth_info = $this->retrieveOAuthInfo($provider);
if ($current_user->getPHID()) {
if ($oauth_info->getID()) {
if ($oauth_info->getUserID() != $current_user->getID()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Already Linked to Another Account'));
$dialog->appendChild(phutil_tag(
'p',
array(),
pht(
'The %s account you just authorized is already linked to '.
'another Phabricator account. Before you can associate your %s '.
'account with this Phabriactor account, you must unlink it from '.
'the Phabricator account it is currently linked to.',
$provider_name,
$provider_name)));
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
} else {
$this->saveOAuthInfo($oauth_info); // Refresh token.
return id(new AphrontRedirectResponse())
->setURI($provider->getSettingsPanelURI());
}
}
$existing_oauth = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'userID = %d AND oauthProvider = %s',
$current_user->getID(),
$provider_key);
if ($existing_oauth) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(
pht('Already Linked to an Account From This Provider'));
$dialog->appendChild(phutil_tag(
'p',
array(),
pht(
'The account you are logged in with is already linked to a %s '.
'account. Before you can link it to a different %s account, you '.
'must unlink the old account.',
$provider_name,
$provider_name)));
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Link %s Account', $provider_name));
$dialog->appendChild(phutil_tag('p', array(), pht(
'Link your %s account to your Phabricator account?',
$provider_name)));
$dialog->addHiddenInput('confirm_token', $provider->getAccessToken());
- $dialog->addHiddenInput('expires', $oauth_info->getTokenExpires());
$dialog->addHiddenInput('state', $this->oauthState);
$dialog->addHiddenInput('scope', $oauth_info->getTokenScope());
$dialog->addSubmitButton('Link Accounts');
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$oauth_info->setUserID($current_user->getID());
$this->saveOAuthInfo($oauth_info);
return id(new AphrontRedirectResponse())
->setURI($provider->getSettingsPanelURI());
}
// Login with known auth.
if ($oauth_info->getID()) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$known_user = id(new PhabricatorUser())->load($oauth_info->getUserID());
$request->getApplicationConfiguration()->willAuthenticateUserWithOAuth(
$known_user,
$oauth_info,
$provider);
$session_key = $known_user->establishSession('web');
$this->saveOAuthInfo($oauth_info);
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $known_user->getUsername(),
));
return id(new AphrontRedirectResponse())->setURI((string)$uri);
}
$oauth_email = $provider->retrieveUserEmail();
if ($oauth_email) {
$known_email = id(new PhabricatorUserEmail())
->loadOneWhere('address = %s', $oauth_email);
if ($known_email) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Already Linked to Another Account'));
$dialog->appendChild(phutil_tag(
'p',
array(),
pht(
'The %s account you just authorized has an email address which '.
'is already in use by another Phabricator account. To link the '.
'accounts, log in to your Phabricator account and then go to '.
'Settings.',
$provider_name)));
$user = id(new PhabricatorUser())
->loadOneWhere('phid = %s', $known_email->getUserPHID());
$oauth_infos = id(new PhabricatorUserOAuthInfo())
->loadAllWhere('userID = %d', $user->getID());
if ($oauth_infos) {
$providers = array();
foreach ($oauth_infos as $info) {
$provider = $info->getOAuthProvider();
$providers[] = PhabricatorOAuthProvider::newProvider($provider)
->getProviderName();
}
$dialog->appendChild(phutil_tag(
'p',
array(),
pht(
'The account is associated with: %s.',
implode(', ', $providers))));
}
$dialog->addCancelButton('/login/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
}
if (!$provider->isProviderRegistrationEnabled()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('No Account Registration with %s', $provider_name));
$dialog->appendChild(phutil_tag(
'p',
array(),
pht(
'You can not register a new account using %s; you can only use '.
'your %s account to log into an existing Phabricator account which '.
'you have registered through other means.',
$provider_name,
$provider_name)));
$dialog->addCancelButton('/login/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$controller = PhabricatorEnv::newObjectFromConfig(
'controller.oauth-registration',
array($this->getRequest()));
$controller->setOAuthProvider($provider);
$controller->setOAuthInfo($oauth_info);
$controller->setOAuthState($this->oauthState);
return $this->delegateToController($controller);
}
private function buildErrorResponse(PhabricatorOAuthFailureView $view,
Exception $e = null) {
$provider = $this->provider;
$provider_name = $provider->getProviderName();
$view->setOAuthProvider($provider);
if ($e) {
$view->setException($e);
}
return $this->buildStandardPageResponse(
$view,
array(
'title' => pht('Auth Failed'),
));
}
private function retrieveAccessToken(PhabricatorOAuthProvider $provider) {
$request = $this->getRequest();
$token = $request->getStr('confirm_token');
if ($token) {
- $this->tokenExpires = $request->getInt('expires');
$this->accessToken = $token;
$this->oauthState = $request->getStr('state');
return null;
}
$client_id = $provider->getClientID();
$client_secret = $provider->getClientSecret();
$redirect_uri = $provider->getRedirectURI();
$auth_uri = $provider->getTokenURI();
$code = $request->getStr('code');
$query_data = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'code' => $code,
) + $provider->getExtraTokenParameters();
$future = new HTTPSFuture($auth_uri, $query_data);
$future->setMethod('POST');
try {
list($response) = $future->resolvex();
} catch (Exception $ex) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
}
$data = $provider->decodeTokenResponse($response);
$token = idx($data, 'access_token');
if (!$token) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
}
- $this->tokenExpires = $provider->getTokenExpiryFromArray($data);
$this->accessToken = $token;
$this->oauthState = $request->getStr('state');
return null;
}
private function retrieveOAuthInfo(PhabricatorOAuthProvider $provider) {
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'oauthProvider = %s and oauthUID = %s',
$provider->getProviderKey(),
$provider->retrieveUserID());
$scope = $this->getRequest()->getStr('scope');
if (!$oauth_info) {
$oauth_info = new PhabricatorUserOAuthInfo();
$oauth_info->setOAuthProvider($provider->getProviderKey());
$oauth_info->setOAuthUID($provider->retrieveUserID());
// some providers don't tell you what scope you got, so default
// to the minimum Phabricator requires rather than assuming no scope
if (!$scope) {
$scope = $provider->getMinimumScope();
}
}
$oauth_info->setAccountURI($provider->retrieveUserAccountURI());
$oauth_info->setAccountName($provider->retrieveUserAccountName());
$oauth_info->setToken($provider->getAccessToken());
- $oauth_info->setTokenStatus(PhabricatorUserOAuthInfo::TOKEN_STATUS_GOOD);
+ $oauth_info->setTokenStatus('unused');
$oauth_info->setTokenScope($scope);
- // If we have out-of-date expiration info, just clear it out. Then replace
- // it with good info if the provider gave it to us.
- $expires = $oauth_info->getTokenExpires();
- if ($expires <= time()) {
- $expires = null;
- }
- if ($this->tokenExpires) {
- $expires = $this->tokenExpires;
- }
- $oauth_info->setTokenExpires($expires);
-
return $oauth_info;
}
private function saveOAuthInfo(PhabricatorUserOAuthInfo $info) {
// UNGUARDED WRITES: Logging-in users don't have their CSRF set up yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$info->save();
}
}
diff --git a/src/applications/people/storage/PhabricatorUserOAuthInfo.php b/src/applications/people/storage/PhabricatorUserOAuthInfo.php
index e5140c25cf..6fcb332354 100644
--- a/src/applications/people/storage/PhabricatorUserOAuthInfo.php
+++ b/src/applications/people/storage/PhabricatorUserOAuthInfo.php
@@ -1,54 +1,17 @@
<?php
final class PhabricatorUserOAuthInfo extends PhabricatorUserDAO {
- const TOKEN_STATUS_NONE = 'none';
- const TOKEN_STATUS_GOOD = 'good';
- const TOKEN_STATUS_FAIL = 'fail';
- const TOKEN_STATUS_EXPIRED = 'xpyr';
-
protected $userID;
protected $oauthProvider;
protected $oauthUID;
protected $accountURI;
protected $accountName;
protected $token;
- protected $tokenExpires;
- protected $tokenScope;
- protected $tokenStatus;
-
- public function getTokenStatus() {
- if (!$this->token) {
- return self::TOKEN_STATUS_NONE;
- }
-
- if ($this->tokenExpires && $this->tokenExpires <= time()) {
- return self::TOKEN_STATUS_EXPIRED;
- }
-
- return $this->tokenStatus;
- }
-
- public static function getReadableTokenStatus($status) {
- static $map = array(
- self::TOKEN_STATUS_NONE => 'No Token',
- self::TOKEN_STATUS_GOOD => 'Token Good',
- self::TOKEN_STATUS_FAIL => 'Token Failed',
- self::TOKEN_STATUS_EXPIRED => 'Token Expired',
- );
- return idx($map, $status, 'Unknown');
- }
-
- public static function getRappableTokenStatus($status) {
- static $map = array(
- self::TOKEN_STATUS_NONE => 'There is no token',
- self::TOKEN_STATUS_GOOD => 'Your token is good',
- self::TOKEN_STATUS_FAIL => 'Your token has failed',
- self::TOKEN_STATUS_EXPIRED => 'Your token is old',
- );
- return idx($map, $status, 'This code\'s got bugs');
- }
+ protected $tokenExpires = 0;
+ protected $tokenScope = '';
+ protected $tokenStatus = 'unused';
}
diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php b/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php
index 0ae40dd29a..6800fec3ed 100644
--- a/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php
+++ b/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php
@@ -1,303 +1,157 @@
<?php
final class PhabricatorSettingsPanelOAuth
extends PhabricatorSettingsPanel {
public function getPanelKey() {
return 'oauth-'.$this->provider->getProviderKey();
}
public function getPanelName() {
return $this->provider->getProviderName();
}
public function getPanelGroup() {
return pht('Linked Accounts');
}
public function buildPanels() {
$panels = array();
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
$panel = clone $this;
$panel->setOAuthProvider($provider);
$panels[] = $panel;
}
return $panels;
}
public function isEnabled() {
return $this->provider->isProviderEnabled();
}
private $provider;
public function setOAuthProvider(PhabricatorOAuthProvider $oauth_provider) {
$this->provider = $oauth_provider;
return $this;
}
private function prepareAuthForm(AphrontFormView $form) {
$provider = $this->provider;
$auth_uri = $provider->getAuthURI();
$client_id = $provider->getClientID();
$redirect_uri = $provider->getRedirectURI();
$minimum_scope = $provider->getMinimumScope();
$form
->setAction($auth_uri)
->setMethod('GET')
->addHiddenInput('redirect_uri', $redirect_uri)
->addHiddenInput('client_id', $client_id)
->addHiddenInput('scope', $minimum_scope);
foreach ($provider->getExtraAuthParameters() as $key => $value) {
$form->addHiddenInput($key, $value);
}
return $form;
}
public function processRequest(AphrontRequest $request) {
$user = $request->getUser();
$provider = $this->provider;
$notice = null;
$provider_name = $provider->getProviderName();
$provider_key = $provider->getProviderKey();
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'userID = %d AND oauthProvider = %s',
$user->getID(),
$provider->getProviderKey());
- if ($request->isFormPost() && $oauth_info) {
- $notice = $this->refreshProfileImage($request, $oauth_info);
- }
-
$form = new AphrontFormView();
$form->setUser($user);
$forms = array();
$forms[] = $form;
if (!$oauth_info) {
$form
->appendChild(hsprintf(
'<p class="aphront-form-instructions">%s</p>',
pht('There is currently no %s '.
'account linked to your Phabricator account. You can link an '.
'account, which will allow you to use it to log into Phabricator.',
$provider_name)));
$this->prepareAuthForm($form);
$form
->appendChild(
id(new AphrontFormSubmitControl())
->setValue(pht("Link %s Account \xC2\xBB", $provider_name)));
} else {
- $expires = $oauth_info->getTokenExpires();
-
$form
->appendChild(hsprintf(
'<p class="aphront-form-instructions">%s</p>',
pht('Your account is linked with '.
'a %s account. You may use your %s credentials to log into '.
'Phabricator.',
$provider_name,
$provider_name)))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel(pht('%s ID', $provider_name))
->setValue($oauth_info->getOAuthUID()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel(pht('%s Name', $provider_name))
->setValue($oauth_info->getAccountName()))
->appendChild(
id(new AphrontFormStaticControl())
->setLabel(pht('%s URI', $provider_name))
->setValue($oauth_info->getAccountURI()));
- if (!$expires || $expires > time()) {
- $form->appendChild(
- id(new AphrontFormSubmitControl())
- ->setValue(pht('Refresh Profile Image from %s', $provider_name)));
- }
-
if (!$provider->isProviderLinkPermanent()) {
$unlink = pht('Unlink %s Account', $provider_name);
$unlink_form = new AphrontFormView();
$unlink_form
->setUser($user)
->appendChild(hsprintf(
'<p class="aphront-form-instructions">%s</p>',
pht('You may unlink this account from your %s account. This will '.
'prevent you from logging in with your %s credentials.',
$provider_name,
$provider_name)))
->appendChild(
id(new AphrontFormSubmitControl())
->addCancelButton('/oauth/'.$provider_key.'/unlink/', $unlink));
$forms['Unlink Account'] = $unlink_form;
}
-
- if ($expires) {
- if ($expires <= time()) {
- $expires_text = pht("Expired");
- } else {
- $expires_text = phabricator_datetime($expires, $user);
- }
- } else {
- $expires_text = pht('No Information Available');
- }
-
- $scope = $oauth_info->getTokenScope();
- if (!$scope) {
- $scope = pht('No Information Available');
- }
-
- $status = $oauth_info->getTokenStatus();
- $readable_status = PhabricatorUserOAuthInfo::getReadableTokenStatus(
- $status);
- $rappable_status = PhabricatorUserOAuthInfo::getRappableTokenStatus(
- $status);
- $beat = self::getBeat();
-
- // The plenty %2$s are supposed to point at the line break
- $rap = pht(
- '%1$s Yo yo yo %2$s'.
- 'My name\'s DJ Token and I\'m here to say %2$s'.
- // pronounce as "dollar rappable status" for meter to work
- '%3$s, hey hey hey hey %2$s'.
- 'I rap \'bout tokens, that might be why %2$s'.
- 'I\'m such a cool and popular guy',
- $beat,
- hsprintf('<br />'),
- $rappable_status);
-
- $token_form = new AphrontFormView();
- $token_form
- ->setUser($user)
- ->appendChild(hsprintf(
- '<p class="aphront-form-instructions">%s</p>',
- $rap))
- ->appendChild(
- id(new AphrontFormStaticControl())
- ->setLabel(pht('Token Status'))
- ->setValue($readable_status))
- ->appendChild(
- id(new AphrontFormStaticControl())
- ->setLabel(pht('Expires'))
- ->setValue($expires_text))
- ->appendChild(
- id(new AphrontFormStaticControl())
- ->setLabel(pht('Scope'))
- ->setValue($scope));
-
- if ($expires <= time()) {
- $this->prepareAuthForm($token_form);
- $token_form
- ->appendChild(
- id(new AphrontFormSubmitControl())
- ->setValue(pht('Refresh %s Token', $provider_name)));
- }
-
- $forms['Account Token Information'] = $token_form;
}
$header = new PhabricatorHeaderView();
$header->setHeader(pht('%s Account Settings', $provider_name));
$formbox = new PHUIBoxView();
foreach ($forms as $name => $form) {
if ($name) {
$head = new PhabricatorHeaderView();
$head->setHeader($name);
$formbox->appendChild($head);
}
$formbox->appendChild($form);
}
return id(new AphrontNullView())
->appendChild(
array(
$notice,
$header,
$formbox,
));
}
-
- private function refreshProfileImage(
- AphrontRequest $request,
- PhabricatorUserOAuthInfo $oauth_info) {
-
- $user = $request->getUser();
- $provider = $this->provider;
- $error = false;
- $userinfo_uri = new PhutilURI($provider->getUserInfoURI());
- $token = $oauth_info->getToken();
- try {
- $userinfo_uri->setQueryParam('access_token', $token);
- $user_data = HTTPSFuture::loadContent($userinfo_uri);
- $provider->setUserData($user_data);
- $provider->setAccessToken($token);
- $image = $provider->retrieveUserProfileImage();
- if ($image) {
- $file = PhabricatorFile::newFromFileData(
- $image,
- array(
- 'name' => $provider->getProviderKey().'-profile.jpg',
- 'authorPHID' => $user->getPHID(),
- ));
-
- $xformer = new PhabricatorImageTransformer();
-
- // Resize OAuth image to a reasonable size
- $small_xformed = $xformer->executeProfileTransform(
- $file,
- $width = 50,
- $min_height = 50,
- $max_height = 50);
-
- $user->setProfileImagePHID($small_xformed->getPHID());
- $user->save();
- } else {
- $error = pht('Unable to retrieve image.');
- }
- } catch (Exception $e) {
- if ($e instanceof PhabricatorOAuthProviderException) {
- // Check plz
- $error = pht('Unable to retrieve image from %s',
- $provider->getProviderName());
- } else {
- $error = pht('Unable to save image.');
- }
- }
- $notice = new AphrontErrorView();
- if ($error) {
- $notice
- ->setTitle(pht('Error Refreshing Profile Picture'))
- ->setErrors(array($error));
- } else {
- $notice
- ->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
- ->setTitle(pht('Successfully Refreshed Profile Picture'));
- }
- return $notice;
- }
-
- private static function getBeat() {
- // Gangsta's Paradise (karaoke version).
- // Chosen because it's the only thing I listen to.
- $song_id = pht("Gangsta's Paradise");
-
- // Make a musical note which you can click for the beat.
- $beat = hsprintf(
- '<a href="javascript:void(0);" onclick="%s">&#9835;</a>',
- jsprintf('alert(%s); return 0;', pht("Think about %s.", $song_id)));
- return $beat;
- }
}

File Metadata

Mime Type
text/x-diff
Expires
Sun, Jul 27, 5:06 PM (1 w, 8 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
186016
Default Alt Text
(24 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)