Page MenuHomePhabricator
Files F13175388

D20015.diff
No OneTemporary
Actions

D20015.diff
View Options

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -340,6 +340,7 @@
'PhutilOpaqueEnvelope' => 'error/PhutilOpaqueEnvelope.php',
'PhutilOpaqueEnvelopeKey' => 'error/PhutilOpaqueEnvelopeKey.php',
'PhutilOpaqueEnvelopeTestCase' => 'error/__tests__/PhutilOpaqueEnvelopeTestCase.php',
+ 'PhutilOpenIDConnectAuthAdapter' => 'auth/PhutilOpenIDConnectAuthAdapter.php',
'PhutilPHPCodeSnippetContextFreeGrammar' => 'grammar/code/PhutilPHPCodeSnippetContextFreeGrammar.php',
'PhutilPHPFragmentLexer' => 'lexer/PhutilPHPFragmentLexer.php',
'PhutilPHPFragmentLexerHighlighterTestCase' => 'markup/syntax/highlighter/__tests__/PhutilPHPFragmentLexerHighlighterTestCase.php',
@@ -904,7 +905,7 @@
'PhutilGitHubResponse' => 'Phobject',
'PhutilGitURI' => 'Phobject',
'PhutilGitURITestCase' => 'PhutilTestCase',
- 'PhutilGoogleAuthAdapter' => 'PhutilOAuthAuthAdapter',
+ 'PhutilGoogleAuthAdapter' => 'PhutilOpenIDConnectAuthAdapter',
'PhutilHTTPEngineExtension' => 'Phobject',
'PhutilHTTPResponse' => 'Phobject',
'PhutilHTTPResponseParser' => 'Phobject',
@@ -988,6 +989,7 @@
'PhutilOpaqueEnvelope' => 'Phobject',
'PhutilOpaqueEnvelopeKey' => 'Phobject',
'PhutilOpaqueEnvelopeTestCase' => 'PhutilTestCase',
+ 'PhutilOpenIDConnectAuthAdapter' => 'PhutilOAuthAuthAdapter',
'PhutilPHPCodeSnippetContextFreeGrammar' => 'PhutilCLikeCodeSnippetContextFreeGrammar',
'PhutilPHPFragmentLexer' => 'PhutilLexer',
'PhutilPHPFragmentLexerHighlighterTestCase' => 'PhutilTestCase',
diff --git a/src/auth/PhutilGoogleAuthAdapter.php b/src/auth/PhutilGoogleAuthAdapter.php
--- a/src/auth/PhutilGoogleAuthAdapter.php
+++ b/src/auth/PhutilGoogleAuthAdapter.php
@@ -1,9 +1,9 @@
<?php
/**
- * Authentication adapter for Google OAuth2.
+ * Authentication adapter for Google Open ID Connect.
*/
-final class PhutilGoogleAuthAdapter extends PhutilOAuthAuthAdapter {
+final class PhutilGoogleAuthAdapter extends PhutilOpenIDConnectAuthAdapter {
public function getAdapterType() {
return 'google';
@@ -14,16 +14,15 @@
}
public function getAccountID() {
- $emails = $this->getOAuthAccountData('emails', array());
- foreach ($emails as $email) {
- if (idx($email, 'type') == 'account') {
- return idx($email, 'value');
- }
+ $email = $this->getOAuthAccountData('email', null);
+
+ if ($email != null) {
+ return $email;
}
throw new Exception(
pht(
- 'Expected to retrieve an "account" email from Google Plus API call '.
+ 'Expected to retrieve an "account" email from Google API call '.
'to identify account, but failed.'));
}
@@ -40,18 +39,17 @@
}
public function getAccountImageURI() {
- $image = $this->getOAuthAccountData('image', array());
- $uri = idx($image, 'url');
+ $image_uri = $this->getOAuthAccountData('picture', null);
// Change the "sz" parameter ("size") from the default to 100 to ask for
// a 100x100px image.
- if ($uri !== null) {
- $uri = new PhutilURI($uri);
- $uri->setQueryParam('sz', 100);
- $uri = (string)$uri;
+ if ($image_uri !== null) {
+ $image_uri = new PhutilURI($image_uri);
+ $image_uri->setQueryParam('sz', 100);
+ $image_uri = (string)$image_uri;
}
- return $uri;
+ return $image_uri;
}
public function getAccountURI() {
@@ -65,10 +63,8 @@
// this should work to unbreak logins.
$parts = array();
- $parts[] = idx($name, 'givenName');
- unset($name['givenName']);
- $parts[] = idx($name, 'familyName');
- unset($name['familyName']);
+ $parts[] = $this->getOAuthAccountData('given_name', array());
+ $parts[] = $this->getOAuthAccountData('family_name', array());
$parts = array_merge($parts, $name);
$parts = array_filter($parts);
@@ -105,8 +101,8 @@
}
protected function loadOAuthAccountData() {
- $uri = new PhutilURI('https://www.googleapis.com/plus/v1/people/me');
- $uri->setQueryParam('access_token', $this->getAccessToken());
+ $uri = new PhutilURI('https://oauth2.googleapis.com/tokeninfo');
+ $uri->setQueryParam('id_token', $this->getIdToken());
$future = new HTTPSFuture($uri);
list($status, $body) = $future->resolve();
@@ -150,20 +146,9 @@
if ($domain == 'usageLimits' && $reason == 'accessNotConfigured') {
throw new PhutilAuthConfigurationException(
pht(
- 'Google returned an "%s" error. This usually means you need to '.
- 'enable the "Google+ API" in your Google Cloud Console, under '.
- '"APIs".'.
- "\n\n".
- 'Around March 2014, Google made some API changes which require this '.
- 'configuration adjustment.'.
- "\n\n".
- 'Normally, you can resolve this issue by going to %s, then '.
- 'clicking "API Project", then "APIs & auth", then turning the '.
- '"Google+ API" on. The names you see on the console may be '.
- 'different depending on how your integration is set up. If you '.
- 'are not sure, you can hunt through the projects until you find '.
- 'the one associated with the right Application ID under '.
- '"Credentials". The Application ID this install is using is "%s".'.
+ 'Google returned an "%s" error.'.
+ 'You can try checking the configuration on %s.'.
+ 'The Application ID this install is using is "%s".'.
"\n\n".
'(If you are unable to log into Phabricator, you can use '.
'"%s" to recover access to an administrator account.)'.
diff --git a/src/auth/PhutilOpenIDConnectAuthAdapter.php b/src/auth/PhutilOpenIDConnectAuthAdapter.php
new file mode 100644
--- /dev/null
+++ b/src/auth/PhutilOpenIDConnectAuthAdapter.php
@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * Abstract adapter for OpenIDConnect providers.
+ */
+abstract class PhutilOpenIDConnectAuthAdapter extends PhutilOAuthAuthAdapter {
+
+ public function getAdapterType() {
+ $this_class = get_class($this);
+ $type_name = str_replace('PhutilAuthAdapterOAuth', '', $this_class);
+ return strtolower($type_name);
+ }
+
+ public function getIdToken() {
+ return $this->getAccessTokenData('id_token');
+ }
+}

File Metadata

Mime Type
text/plain
Expires
Thu, May 9, 4:55 AM (2 w, 11 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6267085
Default Alt Text
D20015.diff (6 KB)

Event Timeline

Phabricator · Built by Phacility