Page MenuHomePhabricator
Differential D15620 Diff 37653 src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php

Changeset View

Standalone View

View Options

src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php

Show First 20 LinesShow All 61 Lines▼ Show 20 Lines public function handleRequest(AphrontRequest $request) {
try { try {
$auth_code = id(new PhabricatorOAuthServerAuthorizationCode()) $auth_code = id(new PhabricatorOAuthServerAuthorizationCode())
->loadOneWhere('code = %s', ->loadOneWhere('code = %s',
$code); $code);
if (!$auth_code) { if (!$auth_code) {
$response->setError('invalid_grant'); $response->setError('invalid_grant');
$response->setErrorDescription( $response->setErrorDescription(
pht( pht(
'Authorization code %d not found.', 'Authorization code %s not found.',
$code)); $code));
return $response; return $response;
} }
// if we have an auth code redirect URI, there must be a redirect_uri // if we have an auth code redirect URI, there must be a redirect_uri
// in the request and it must match the auth code redirect uri *exactly* // in the request and it must match the auth code redirect uri *exactly*
$auth_code_redirect_uri = $auth_code->getRedirectURI(); $auth_code_redirect_uri = $auth_code->getRedirectURI();
if ($auth_code_redirect_uri) { if ($auth_code_redirect_uri) {
Show All 18 Lines try {
} }
$client = id(new PhabricatorOAuthServerClient()) $client = id(new PhabricatorOAuthServerClient())
->loadOneWhere('phid = %s', $client_phid); ->loadOneWhere('phid = %s', $client_phid);
if (!$client) { if (!$client) {
$response->setError('invalid_client'); $response->setError('invalid_client');
$response->setErrorDescription( $response->setErrorDescription(
pht( pht(
'Client with %s %d not found.', 'Client with %s %s not found.',
'client_id', 'client_id',
$client_phid)); $client_phid));
return $response; return $response;
} }
if ($client->getIsDisabled()) {
$response->setError('invalid_client');
$response->setErrorDescription(
pht(
'OAuth application "%s" has been disabled.',
$client->getName()));
return $response;
}
$server->setClient($client); $server->setClient($client);
$user_phid = $auth_code->getUserPHID(); $user_phid = $auth_code->getUserPHID();
$user = id(new PhabricatorUser()) $user = id(new PhabricatorUser())
->loadOneWhere('phid = %s', $user_phid); ->loadOneWhere('phid = %s', $user_phid);
if (!$user) { if (!$user) {
$response->setError('invalid_grant'); $response->setError('invalid_grant');
$response->setErrorDescription( $response->setErrorDescription(
pht( pht(
'User with PHID %d not found.', 'User with PHID %s not found.',
$user_phid)); $user_phid));
return $response; return $response;
} }
$server->setUser($user); $server->setUser($user);
$test_code = new PhabricatorOAuthServerAuthorizationCode(); $test_code = new PhabricatorOAuthServerAuthorizationCode();
$test_code->setClientSecret($client_secret); $test_code->setClientSecret($client_secret);
$test_code->setClientPHID($client_phid); $test_code->setClientPHID($client_phid);
$is_good_code = $server->validateAuthorizationCode( $is_good_code = $server->validateAuthorizationCode(
$auth_code, $auth_code,
$test_code); $test_code);
if (!$is_good_code) { if (!$is_good_code) {
$response->setError('invalid_grant'); $response->setError('invalid_grant');
$response->setErrorDescription( $response->setErrorDescription(
pht( pht(
'Invalid authorization code %d.', 'Invalid authorization code %s.',
$code)); $code));
return $response; return $response;
} }
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$access_token = $server->generateAccessToken(); $access_token = $server->generateAccessToken();
$auth_code->delete(); $auth_code->delete();
unset($unguarded); unset($unguarded);
Show All 17 Lines
Phabricator · Built by Phacility