Differential D15620 Diff 37653 src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
Show First 20 Lines • Show All 61 Lines • ▼ Show 20 Lines | public function handleRequest(AphrontRequest $request) { | ||||
try { | try { | ||||
$auth_code = id(new PhabricatorOAuthServerAuthorizationCode()) | $auth_code = id(new PhabricatorOAuthServerAuthorizationCode()) | ||||
->loadOneWhere('code = %s', | ->loadOneWhere('code = %s', | ||||
$code); | $code); | ||||
if (!$auth_code) { | if (!$auth_code) { | ||||
$response->setError('invalid_grant'); | $response->setError('invalid_grant'); | ||||
$response->setErrorDescription( | $response->setErrorDescription( | ||||
pht( | pht( | ||||
'Authorization code %d not found.', | 'Authorization code %s not found.', | ||||
$code)); | $code)); | ||||
return $response; | return $response; | ||||
} | } | ||||
// if we have an auth code redirect URI, there must be a redirect_uri | // if we have an auth code redirect URI, there must be a redirect_uri | ||||
// in the request and it must match the auth code redirect uri *exactly* | // in the request and it must match the auth code redirect uri *exactly* | ||||
$auth_code_redirect_uri = $auth_code->getRedirectURI(); | $auth_code_redirect_uri = $auth_code->getRedirectURI(); | ||||
if ($auth_code_redirect_uri) { | if ($auth_code_redirect_uri) { | ||||
Show All 18 Lines | try { | ||||
} | } | ||||
$client = id(new PhabricatorOAuthServerClient()) | $client = id(new PhabricatorOAuthServerClient()) | ||||
->loadOneWhere('phid = %s', $client_phid); | ->loadOneWhere('phid = %s', $client_phid); | ||||
if (!$client) { | if (!$client) { | ||||
$response->setError('invalid_client'); | $response->setError('invalid_client'); | ||||
$response->setErrorDescription( | $response->setErrorDescription( | ||||
pht( | pht( | ||||
'Client with %s %d not found.', | 'Client with %s %s not found.', | ||||
'client_id', | 'client_id', | ||||
$client_phid)); | $client_phid)); | ||||
return $response; | return $response; | ||||
} | } | ||||
if ($client->getIsDisabled()) { | |||||
$response->setError('invalid_client'); | |||||
$response->setErrorDescription( | |||||
pht( | |||||
'OAuth application "%s" has been disabled.', | |||||
$client->getName())); | |||||
return $response; | |||||
} | |||||
$server->setClient($client); | $server->setClient($client); | ||||
$user_phid = $auth_code->getUserPHID(); | $user_phid = $auth_code->getUserPHID(); | ||||
$user = id(new PhabricatorUser()) | $user = id(new PhabricatorUser()) | ||||
->loadOneWhere('phid = %s', $user_phid); | ->loadOneWhere('phid = %s', $user_phid); | ||||
if (!$user) { | if (!$user) { | ||||
$response->setError('invalid_grant'); | $response->setError('invalid_grant'); | ||||
$response->setErrorDescription( | $response->setErrorDescription( | ||||
pht( | pht( | ||||
'User with PHID %d not found.', | 'User with PHID %s not found.', | ||||
$user_phid)); | $user_phid)); | ||||
return $response; | return $response; | ||||
} | } | ||||
$server->setUser($user); | $server->setUser($user); | ||||
$test_code = new PhabricatorOAuthServerAuthorizationCode(); | $test_code = new PhabricatorOAuthServerAuthorizationCode(); | ||||
$test_code->setClientSecret($client_secret); | $test_code->setClientSecret($client_secret); | ||||
$test_code->setClientPHID($client_phid); | $test_code->setClientPHID($client_phid); | ||||
$is_good_code = $server->validateAuthorizationCode( | $is_good_code = $server->validateAuthorizationCode( | ||||
$auth_code, | $auth_code, | ||||
$test_code); | $test_code); | ||||
if (!$is_good_code) { | if (!$is_good_code) { | ||||
$response->setError('invalid_grant'); | $response->setError('invalid_grant'); | ||||
$response->setErrorDescription( | $response->setErrorDescription( | ||||
pht( | pht( | ||||
'Invalid authorization code %d.', | 'Invalid authorization code %s.', | ||||
$code)); | $code)); | ||||
return $response; | return $response; | ||||
} | } | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
$access_token = $server->generateAccessToken(); | $access_token = $server->generateAccessToken(); | ||||
$auth_code->delete(); | $auth_code->delete(); | ||||
unset($unguarded); | unset($unguarded); | ||||
Show All 17 Lines |