Page MenuHomePhabricator

D16763.id40401.diff
No OneTemporary

D16763.id40401.diff

diff --git a/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php b/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
--- a/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
+++ b/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
@@ -18,11 +18,35 @@
$grant_type = $request->getStr('grant_type');
$code = $request->getStr('code');
$redirect_uri = $request->getStr('redirect_uri');
- $client_phid = $request->getStr('client_id');
- $client_secret = $request->getStr('client_secret');
$response = new PhabricatorOAuthResponse();
$server = new PhabricatorOAuthServer();
+ $client_id_parameter = $request->getStr('client_id');
+ $client_id_header = idx($_SERVER, 'PHP_AUTH_USER');
+ if (strlen($client_id_parameter) && strlen($client_id_header)) {
+ if ($client_id_parameter !== $client_id_header) {
+ throw new Exception(
+ pht(
+ 'Request included a client_id parameter and an "Authorization" '.
+ 'header with a username, but the values "%s" and "%s") disagree. '.
+ 'The values must match.',
+ $client_id_parameter,
+ $client_id_header));
+ }
+ }
+
+ $client_secret_parameter = $request->getStr('client_secret');
+ $client_secret_header = idx($_SERVER, 'PHP_AUTH_PW');
+ if (strlen($client_secret_parameter)) {
+ // If the `client_secret` parameter is present, prefer parameters.
+ $client_phid = $client_id_parameter;
+ $client_secret = $client_secret_parameter;
+ } else {
+ // Otherwise, read values from the "Authorization" header.
+ $client_phid = $client_id_header;
+ $client_secret = $client_secret_header;
+ }
+
if ($grant_type != 'authorization_code') {
$response->setError('unsupported_grant_type');
$response->setErrorDescription(

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 16, 3:39 PM (7 h, 39 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6734593
Default Alt Text
D16763.id40401.diff (1 KB)

Event Timeline