Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
Show First 20 Lines • Show All 46 Lines • ▼ Show 20 Lines | public function processLoginRequest( | ||||
$response = null; | $response = null; | ||||
if ($request->isHTTPPost()) { | if ($request->isHTTPPost()) { | ||||
// Add a CSRF code to the callback URI, which we'll verify when | // Add a CSRF code to the callback URI, which we'll verify when | ||||
// performing the login. | // performing the login. | ||||
$client_code = $this->getAuthCSRFCode($request); | $client_code = $this->getAuthCSRFCode($request); | ||||
if ($adapter->shouldAddCSRFTokenToCallbackURI()) { | |||||
$callback_uri = $adapter->getCallbackURI(); | $callback_uri = $adapter->getCallbackURI(); | ||||
$callback_uri = $callback_uri.$client_code.'/'; | $callback_uri = $callback_uri.$client_code.'/'; | ||||
$adapter->setCallbackURI($callback_uri); | $adapter->setCallbackURI($callback_uri); | ||||
} | |||||
$uri = $adapter->getClientRedirectURI(); | $uri = $adapter->getClientRedirectURI(); | ||||
$this->saveHandshakeTokenSecret( | $this->saveHandshakeTokenSecret( | ||||
$client_code, | $client_code, | ||||
$adapter->getTokenSecret()); | $adapter->getTokenSecret()); | ||||
$response = id(new AphrontRedirectResponse()) | $response = id(new AphrontRedirectResponse()) | ||||
->setIsExternal(true) | ->setIsExternal(true) | ||||
->setURI($uri); | ->setURI($uri); | ||||
return array($account, $response); | return array($account, $response); | ||||
} | } | ||||
$denied = $request->getStr('denied'); | $denied = $request->getStr('denied'); | ||||
if (strlen($denied)) { | if (strlen($denied)) { | ||||
// Twitter indicates that the user cancelled the login attempt by | // Twitter indicates that the user cancelled the login attempt by | ||||
// returning "denied" as a parameter. | // returning "denied" as a parameter. | ||||
throw new PhutilAuthUserAbortedException(); | throw new PhutilAuthUserAbortedException(); | ||||
} | } | ||||
// NOTE: You can get here via GET, this should probably be a bit more | // NOTE: You can get here via GET, this should probably be a bit more | ||||
// user friendly. | // user friendly. | ||||
if ($adapter->shouldAddCSRFTokenToCallbackURI()) { | |||||
$this->verifyAuthCSRFCode($request, $controller->getExtraURIData()); | $this->verifyAuthCSRFCode($request, $controller->getExtraURIData()); | ||||
} | |||||
$token = $request->getStr('oauth_token'); | $token = $request->getStr('oauth_token'); | ||||
$verifier = $request->getStr('oauth_verifier'); | $verifier = $request->getStr('oauth_verifier'); | ||||
if (!$token) { | if (!$token) { | ||||
throw new Exception("Expected 'oauth_token' in request!"); | throw new Exception("Expected 'oauth_token' in request!"); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 188 Lines • Show Last 20 Lines |