Changeset View
Changeset View
Standalone View
Standalone View
src/applications/oauthserver/PhabricatorOAuthServer.php
| Show First 20 Lines • Show All 171 Lines • ▼ Show 20 Lines | if (!$authorization) { | ||||
| return null; | return null; | ||||
| } | } | ||||
| $application = $authorization->getClient(); | $application = $authorization->getClient(); | ||||
| if ($application->getIsDisabled()) { | if ($application->getIsDisabled()) { | ||||
| return null; | return null; | ||||
| } | } | ||||
| // TODO: This should probably be reworked; expiration should be an | |||||
| // exclusive property of the token. For now, this logic reads: tokens for | |||||
| // authorizations with "offline_access" never expire. | |||||
| $is_expired = $token->isExpired(); | |||||
| if ($is_expired) { | |||||
| $offline_access = PhabricatorOAuthServerScope::SCOPE_OFFLINE_ACCESS; | |||||
| $authorization_scope = $authorization->getScope(); | |||||
| if (empty($authorization_scope[$offline_access])) { | |||||
| return null; | |||||
| } | |||||
| } | |||||
| return $authorization; | return $authorization; | ||||
| } | } | ||||
| public function validateRedirectURI($uri) { | public function validateRedirectURI($uri) { | ||||
| try { | try { | ||||
| $this->assertValidRedirectURI($uri); | $this->assertValidRedirectURI($uri); | ||||
| return true; | return true; | ||||
| } catch (Exception $ex) { | } catch (Exception $ex) { | ||||
| ▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines | |||||