Changeset View
Changeset View
Standalone View
Standalone View
src/applications/oauthserver/PhabricatorOAuthServer.php
Show First 20 Lines • Show All 171 Lines • ▼ Show 20 Lines | if (!$authorization) { | ||||
return null; | return null; | ||||
} | } | ||||
$application = $authorization->getClient(); | $application = $authorization->getClient(); | ||||
if ($application->getIsDisabled()) { | if ($application->getIsDisabled()) { | ||||
return null; | return null; | ||||
} | } | ||||
// TODO: This should probably be reworked; expiration should be an | |||||
// exclusive property of the token. For now, this logic reads: tokens for | |||||
// authorizations with "offline_access" never expire. | |||||
$is_expired = $token->isExpired(); | |||||
if ($is_expired) { | |||||
$offline_access = PhabricatorOAuthServerScope::SCOPE_OFFLINE_ACCESS; | |||||
$authorization_scope = $authorization->getScope(); | |||||
if (empty($authorization_scope[$offline_access])) { | |||||
return null; | |||||
} | |||||
} | |||||
return $authorization; | return $authorization; | ||||
} | } | ||||
public function validateRedirectURI($uri) { | public function validateRedirectURI($uri) { | ||||
try { | try { | ||||
$this->assertValidRedirectURI($uri); | $this->assertValidRedirectURI($uri); | ||||
return true; | return true; | ||||
} catch (Exception $ex) { | } catch (Exception $ex) { | ||||
▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines |