Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
| Show First 20 Lines • Show All 46 Lines • ▼ Show 20 Lines | public function processLoginRequest( | ||||
| $response = null; | $response = null; | ||||
| if ($request->isHTTPPost()) { | if ($request->isHTTPPost()) { | ||||
| // Add a CSRF code to the callback URI, which we'll verify when | // Add a CSRF code to the callback URI, which we'll verify when | ||||
| // performing the login. | // performing the login. | ||||
| $client_code = $this->getAuthCSRFCode($request); | $client_code = $this->getAuthCSRFCode($request); | ||||
| if ($adapter->shouldAddCSRFTokenToCallbackURI()) { | |||||
| $callback_uri = $adapter->getCallbackURI(); | $callback_uri = $adapter->getCallbackURI(); | ||||
| $callback_uri = $callback_uri.$client_code.'/'; | $callback_uri = $callback_uri.$client_code.'/'; | ||||
| $adapter->setCallbackURI($callback_uri); | $adapter->setCallbackURI($callback_uri); | ||||
| } | |||||
| $uri = $adapter->getClientRedirectURI(); | $uri = $adapter->getClientRedirectURI(); | ||||
| $this->saveHandshakeTokenSecret( | $this->saveHandshakeTokenSecret( | ||||
| $client_code, | $client_code, | ||||
| $adapter->getTokenSecret()); | $adapter->getTokenSecret()); | ||||
| $response = id(new AphrontRedirectResponse()) | $response = id(new AphrontRedirectResponse()) | ||||
| ->setIsExternal(true) | ->setIsExternal(true) | ||||
| ->setURI($uri); | ->setURI($uri); | ||||
| return array($account, $response); | return array($account, $response); | ||||
| } | } | ||||
| $denied = $request->getStr('denied'); | $denied = $request->getStr('denied'); | ||||
| if (strlen($denied)) { | if (strlen($denied)) { | ||||
| // Twitter indicates that the user cancelled the login attempt by | // Twitter indicates that the user cancelled the login attempt by | ||||
| // returning "denied" as a parameter. | // returning "denied" as a parameter. | ||||
| throw new PhutilAuthUserAbortedException(); | throw new PhutilAuthUserAbortedException(); | ||||
| } | } | ||||
| // NOTE: You can get here via GET, this should probably be a bit more | // NOTE: You can get here via GET, this should probably be a bit more | ||||
| // user friendly. | // user friendly. | ||||
| if ($adapter->shouldAddCSRFTokenToCallbackURI()) { | |||||
| $this->verifyAuthCSRFCode($request, $controller->getExtraURIData()); | $this->verifyAuthCSRFCode($request, $controller->getExtraURIData()); | ||||
| } | |||||
| $token = $request->getStr('oauth_token'); | $token = $request->getStr('oauth_token'); | ||||
| $verifier = $request->getStr('oauth_verifier'); | $verifier = $request->getStr('oauth_verifier'); | ||||
| if (!$token) { | if (!$token) { | ||||
| throw new Exception("Expected 'oauth_token' in request!"); | throw new Exception("Expected 'oauth_token' in request!"); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 188 Lines • Show Last 20 Lines | |||||