Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/provider/PhabricatorOAuth1AuthProvider.php
| <?php | <?php | ||||
| abstract class PhabricatorOAuth1AuthProvider | abstract class PhabricatorOAuth1AuthProvider | ||||
| extends PhabricatorOAuthAuthProvider { | extends PhabricatorOAuthAuthProvider { | ||||
| protected $adapter; | protected $adapter; | ||||
| const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key'; | const PROPERTY_CONSUMER_KEY = 'oauth1:consumer:key'; | ||||
| const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret'; | const PROPERTY_CONSUMER_SECRET = 'oauth1:consumer:secret'; | ||||
| const PROPERTY_PRIVATE_KEY = 'oauth1:private:key'; | const PROPERTY_PRIVATE_KEY = 'oauth1:private:key'; | ||||
| const TEMPORARY_TOKEN_TYPE = 'oauth1:request:secret'; | |||||
| protected function getIDKey() { | protected function getIDKey() { | ||||
| return self::PROPERTY_CONSUMER_KEY; | return self::PROPERTY_CONSUMER_KEY; | ||||
| } | } | ||||
| protected function getSecretKey() { | protected function getSecretKey() { | ||||
| return self::PROPERTY_CONSUMER_SECRET; | return self::PROPERTY_CONSUMER_SECRET; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 188 Lines • ▼ Show 20 Lines | public function willRenderLinkedAccount( | ||||
| parent::willRenderLinkedAccount($viewer, $item, $account); | parent::willRenderLinkedAccount($viewer, $item, $account); | ||||
| } | } | ||||
| /* -( Temporary Secrets )-------------------------------------------------- */ | /* -( Temporary Secrets )-------------------------------------------------- */ | ||||
| private function saveHandshakeTokenSecret($client_code, $secret) { | private function saveHandshakeTokenSecret($client_code, $secret) { | ||||
| $secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE; | |||||
| $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | ||||
| $type = $this->getTemporaryTokenType(self::TEMPORARY_TOKEN_TYPE); | $type = $this->getTemporaryTokenType($secret_type); | ||||
| // Wipe out an existing token, if one exists. | // Wipe out an existing token, if one exists. | ||||
| $token = id(new PhabricatorAuthTemporaryTokenQuery()) | $token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
| ->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
| ->withTokenResources(array($key)) | ->withTokenResources(array($key)) | ||||
| ->withTokenTypes(array($type)) | ->withTokenTypes(array($type)) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if ($token) { | if ($token) { | ||||
| $token->delete(); | $token->delete(); | ||||
| } | } | ||||
| // Save the new secret. | // Save the new secret. | ||||
| id(new PhabricatorAuthTemporaryToken()) | id(new PhabricatorAuthTemporaryToken()) | ||||
| ->setTokenResource($key) | ->setTokenResource($key) | ||||
| ->setTokenType($type) | ->setTokenType($type) | ||||
| ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ||||
| ->setTokenCode($secret) | ->setTokenCode($secret) | ||||
| ->save(); | ->save(); | ||||
| } | } | ||||
| private function loadHandshakeTokenSecret($client_code) { | private function loadHandshakeTokenSecret($client_code) { | ||||
| $secret_type = PhabricatorOAuth1SecretTemporaryTokenType::TOKENTYPE; | |||||
| $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | $key = $this->getHandshakeTokenKeyFromClientCode($client_code); | ||||
| $type = $this->getTemporaryTokenType(self::TEMPORARY_TOKEN_TYPE); | $type = $this->getTemporaryTokenType($secret_type); | ||||
| $token = id(new PhabricatorAuthTemporaryTokenQuery()) | $token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
| ->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
| ->withTokenResources(array($key)) | ->withTokenResources(array($key)) | ||||
| ->withTokenTypes(array($type)) | ->withTokenTypes(array($type)) | ||||
| ->withExpired(false) | ->withExpired(false) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if (!$token) { | if (!$token) { | ||||
| throw new Exception( | throw new Exception( | ||||
| pht( | pht( | ||||
| 'Unable to load your OAuth1 token secret from storage. It may '. | 'Unable to load your OAuth1 token secret from storage. It may '. | ||||
| 'have expired. Try authenticating again.')); | 'have expired. Try authenticating again.')); | ||||
| } | } | ||||
| return $token->getTokenCode(); | return $token->getTokenCode(); | ||||
| } | } | ||||
| private function getTemporaryTokenType($core_type) { | private function getTemporaryTokenType($core_type) { | ||||
| // Namespace the type so that multiple providers don't step on each | // Namespace the type so that multiple providers don't step on each | ||||
| // others' toes if a user starts Mediawiki and Bitbucket auth at the | // others' toes if a user starts Mediawiki and Bitbucket auth at the | ||||
| // same time. | // same time. | ||||
| // TODO: This isn't really a proper use of the table and should get | |||||
| // cleaned up some day: the type should be constant. | |||||
| return $core_type.':'.$this->getProviderConfig()->getID(); | return $core_type.':'.$this->getProviderConfig()->getID(); | ||||
| } | } | ||||
| private function getHandshakeTokenKeyFromClientCode($client_code) { | private function getHandshakeTokenKeyFromClientCode($client_code) { | ||||
| // NOTE: This is very slightly coersive since the TemporaryToken table | // NOTE: This is very slightly coersive since the TemporaryToken table | ||||
| // expects an "objectPHID" as an identifier, but nothing about the storage | // expects an "objectPHID" as an identifier, but nothing about the storage | ||||
| // is bound to PHIDs. | // is bound to PHIDs. | ||||
| return 'oauth1:secret/'.$client_code; | return 'oauth1:secret/'.$client_code; | ||||
| } | } | ||||
| } | } | ||||