Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
<?php | <?php | ||||
abstract class PhabricatorOAuth1AuthProvider | abstract class PhabricatorOAuth1AuthProvider | ||||
extends PhabricatorOAuthAuthProvider { | extends PhabricatorOAuthAuthProvider { | ||||
protected $adapter; | protected $adapter; | ||||
const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key'; | const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key'; | ||||
const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret'; | const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret'; | ||||
const PROPERTY_PRIVATE_KEY = 'oauth1:private:key'; | const PROPERTY_PRIVATE_KEY = 'oauth1:private:key'; | ||||
const TEMPORARY_TOKEN_TYPE = 'oauth1:request:secret'; | |||||
protected function getIDKey() { | protected function getIDKey() { | ||||
return self::PROPERTY_CONSUMER_KEY; | return self::PROPERTY_CONSUMER_KEY; | ||||
} | } | ||||
protected function getSecretKey() { | protected function getSecretKey() { | ||||
return self::PROPERTY_CONSUMER_SECRET; | return self::PROPERTY_CONSUMER_SECRET; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 188 Lines • ▼ Show 20 Lines | public function willRenderLinkedAccount( | ||||
parent::willRenderLinkedAccount($viewer, $item, $account); | parent::willRenderLinkedAccount($viewer, $item, $account); | ||||
} | } | ||||
/* -( Temporary Secrets )-------------------------------------------------- */ | /* -( Temporary Secrets )-------------------------------------------------- */ | ||||
private function saveHandshakeTokenSecret($client_code, $secret) { | private function saveHandshakeTokenSecret($client_code, $secret) { | ||||
$secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE; | |||||
$key = $this->getHandshakeTokenKeyFromClientCode($client_code); | $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | ||||
$type = $this->getTemporaryTokenType(self::TEMPORARY_TOKEN_TYPE); | $type = $this->getTemporaryTokenType($secret_type); | ||||
// Wipe out an existing token, if one exists. | // Wipe out an existing token, if one exists. | ||||
$token = id(new PhabricatorAuthTemporaryTokenQuery()) | $token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
->withTokenResources(array($key)) | ->withTokenResources(array($key)) | ||||
->withTokenTypes(array($type)) | ->withTokenTypes(array($type)) | ||||
->executeOne(); | ->executeOne(); | ||||
if ($token) { | if ($token) { | ||||
$token->delete(); | $token->delete(); | ||||
} | } | ||||
// Save the new secret. | // Save the new secret. | ||||
id(new PhabricatorAuthTemporaryToken()) | id(new PhabricatorAuthTemporaryToken()) | ||||
->setTokenResource($key) | ->setTokenResource($key) | ||||
->setTokenType($type) | ->setTokenType($type) | ||||
->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ||||
->setTokenCode($secret) | ->setTokenCode($secret) | ||||
->save(); | ->save(); | ||||
} | } | ||||
private function loadHandshakeTokenSecret($client_code) { | private function loadHandshakeTokenSecret($client_code) { | ||||
$secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE; | |||||
$key = $this->getHandshakeTokenKeyFromClientCode($client_code); | $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | ||||
$type = $this->getTemporaryTokenType(self::TEMPORARY_TOKEN_TYPE); | $type = $this->getTemporaryTokenType($secret_type); | ||||
$token = id(new PhabricatorAuthTemporaryTokenQuery()) | $token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
->withTokenResources(array($key)) | ->withTokenResources(array($key)) | ||||
->withTokenTypes(array($type)) | ->withTokenTypes(array($type)) | ||||
->withExpired(false) | ->withExpired(false) | ||||
->executeOne(); | ->executeOne(); | ||||
if (!$token) { | if (!$token) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'Unable to load your OAuth1 token secret from storage. It may '. | 'Unable to load your OAuth1 token secret from storage. It may '. | ||||
'have expired. Try authenticating again.')); | 'have expired. Try authenticating again.')); | ||||
} | } | ||||
return $token->getTokenCode(); | return $token->getTokenCode(); | ||||
} | } | ||||
private function getTemporaryTokenType($core_type) { | private function getTemporaryTokenType($core_type) { | ||||
// Namespace the type so that multiple providers don't step on each | // Namespace the type so that multiple providers don't step on each | ||||
// others' toes if a user starts Mediawiki and Bitbucket auth at the | // others' toes if a user starts Mediawiki and Bitbucket auth at the | ||||
// same time. | // same time. | ||||
// TODO: This isn't really a proper use of the table and should get | |||||
// cleaned up some day: the type should be constant. | |||||
return $core_type.':'.$this->getProviderConfig()->getID(); | return $core_type.':'.$this->getProviderConfig()->getID(); | ||||
} | } | ||||
private function getHandshakeTokenKeyFromClientCode($client_code) { | private function getHandshakeTokenKeyFromClientCode($client_code) { | ||||
// NOTE: This is very slightly coersive since the TemporaryToken table | // NOTE: This is very slightly coersive since the TemporaryToken table | ||||
// expects an "objectPHID" as an identifier, but nothing about the storage | // expects an "objectPHID" as an identifier, but nothing about the storage | ||||
// is bound to PHIDs. | // is bound to PHIDs. | ||||
return 'oauth1:secret/'.$client_code; | return 'oauth1:secret/'.$client_code; | ||||
} | } | ||||
} | } |