phorge-phorge/src/applications/auth/oauth/provider/PhabricatorOAuthProviderGitHub.php

<?php

/*
 * Copyright 2012 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {

  private $userData;

  public function getProviderKey() {
    return self::PROVIDER_GITHUB;
  }

  public function getProviderName() {
    return 'GitHub';
  }

  public function isProviderEnabled() {
    return PhabricatorEnv::getEnvConfig('github.auth-enabled');
  }

  public function isProviderLinkPermanent() {
    return PhabricatorEnv::getEnvConfig('github.auth-permanent');
  }

  public function isProviderRegistrationEnabled() {
    return PhabricatorEnv::getEnvConfig('github.registration-enabled');
  }

  public function getClientID() {
    return PhabricatorEnv::getEnvConfig('github.application-id');
  }

  public function renderGetClientIDHelp() {
    return null;
  }

  public function getClientSecret() {
    return PhabricatorEnv::getEnvConfig('github.application-secret');
  }

  public function renderGetClientSecretHelp() {
    return null;
  }

  public function getAuthURI() {
    return 'https://github.com/login/oauth/authorize';
  }

  public function getTokenURI() {
    return 'https://github.com/login/oauth/access_token';
  }

  protected function getTokenExpiryKey() {
    // github access tokens do not have time-based expiry
    return null;
  }

  public function getTestURIs() {
    return array(
      'http://api.github.com',
    );
  }

  public function getUserInfoURI() {
    return 'https://api.github.com/user';
  }

  public function getMinimumScope() {
    return null;
  }

  public function setUserData($data) {
    $data = json_decode($data, true);
    $this->validateUserData($data);
    $this->userData = $data;
    return $this;
  }

  public function retrieveUserID() {
    return $this->userData['id'];
  }

  public function retrieveUserEmail() {
    return idx($this->userData, 'email');
  }

  public function retrieveUserAccountName() {
    return $this->userData['login'];
  }

  public function retrieveUserProfileImage() {
    $uri = idx($this->userData, 'avatar_url');
    if ($uri) {
      return HTTPSFuture::loadContent($uri);
    }
    return null;
  }

  public function retrieveUserAccountURI() {
    $username = $this->retrieveUserAccountName();
    if ($username) {
      return 'https://github.com/'.$username;
    }
    return null;
  }

  public function retrieveUserRealName() {
    return idx($this->userData, 'name');
  }

  public function shouldDiagnoseAppLogin() {
    return true;
  }

}
Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`<?php`

			`/*`
Github is actually GitHub Test Plan: none Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1557 2012-02-03 02:25:31 +01:00			`* Copyright 2012 Facebook, Inc.`
Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Add "final" to more classes Summary: No big surprises here, delted the unused "DarkConsole" class. Test Plan: Ran 'testEverythingImplemented' to verify I wasn't finalizing anything we extend. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1876 2012-03-13 19:18:11 +01:00			`final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {`
Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00
Modularize oauth. 2011-02-28 04:47:22 +01:00			`private $userData;`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`public function getProviderKey() {`
			`return self::PROVIDER_GITHUB;`
			`}`

			`public function getProviderName() {`
Github is actually GitHub Test Plan: none Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1557 2012-02-03 02:25:31 +01:00			`return 'GitHub';`
Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`}`

			`public function isProviderEnabled() {`
			`return PhabricatorEnv::getEnvConfig('github.auth-enabled');`
			`}`

Modularize oauth. 2011-02-28 04:47:22 +01:00			`public function isProviderLinkPermanent() {`
			`return PhabricatorEnv::getEnvConfig('github.auth-permanent');`
			`}`

			`public function isProviderRegistrationEnabled() {`
			`return PhabricatorEnv::getEnvConfig('github.registration-enabled');`
			`}`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`public function getClientID() {`
			`return PhabricatorEnv::getEnvConfig('github.application-id');`
			`}`

OAuth -- generalize / refactor providers and diagnostics page Summary: split out from D1595 Test Plan: oauth/facebook/diagnose still looks good! Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1632 2012-02-17 18:55:16 +01:00			`public function renderGetClientIDHelp() {`
			`return null;`
			`}`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`public function getClientSecret() {`
			`return PhabricatorEnv::getEnvConfig('github.application-secret');`
			`}`

OAuth -- generalize / refactor providers and diagnostics page Summary: split out from D1595 Test Plan: oauth/facebook/diagnose still looks good! Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1632 2012-02-17 18:55:16 +01:00			`public function renderGetClientSecretHelp() {`
			`return null;`
			`}`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`public function getAuthURI() {`
			`return 'https://github.com/login/oauth/authorize';`
			`}`

			`public function getTokenURI() {`
			`return 'https://github.com/login/oauth/access_token';`
			`}`

OAuth -- add support for Disqus Summary: also fix some bugs where we weren't properly capturing the expiry value or scope of access tokens. This code isn't the cleanest as some providers don't confirm what scope you've been granted. In that case, assume the access token is of the minimum scope Phabricator requires. This seems more useful to me as only Phabricator at the moment really easily / consistently lets the user increase / decrease the granted scope so its basically always the correct assumption at the time we make it. Test Plan: linked and unlinked Phabricator, Github, Disqus and Facebook accounts from Phabricator instaneces Reviewers: epriestley Reviewed By: epriestley CC: zeeg, aran, Koolvin Maniphest Tasks: T1110 Differential Revision: https://secure.phabricator.com/D2431 2012-05-08 21:08:05 +02:00			`protected function getTokenExpiryKey() {`
			`// github access tokens do not have time-based expiry`
			`return null;`
			`}`

OAuth -- generalize / refactor providers and diagnostics page Summary: split out from D1595 Test Plan: oauth/facebook/diagnose still looks good! Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1632 2012-02-17 18:55:16 +01:00			`public function getTestURIs() {`
			`return array(`
Upgrade to GitHub v3 API Summary: GitHub dropped support for the v2 API today, which breaks login and registration. Use the v3 API instead. Test Plan: Registered and logged in with GitHub. Verified process pulled email/photo/name/username correctly. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2726 2012-06-12 21:01:10 +02:00			`'http://api.github.com',`
OAuth -- generalize / refactor providers and diagnostics page Summary: split out from D1595 Test Plan: oauth/facebook/diagnose still looks good! Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1632 2012-02-17 18:55:16 +01:00			`);`
			`}`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`public function getUserInfoURI() {`
Upgrade to GitHub v3 API Summary: GitHub dropped support for the v2 API today, which breaks login and registration. Use the v3 API instead. Test Plan: Registered and logged in with GitHub. Verified process pulled email/photo/name/username correctly. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2726 2012-06-12 21:01:10 +02:00			`return 'https://api.github.com/user';`
Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`}`

Fix Facebook OAuth flow to ask for email. Summary: Test Plan: Reviewers: CC: 2011-02-23 19:27:33 +01:00			`public function getMinimumScope() {`
			`return null;`
			`}`

Modularize oauth. 2011-02-28 04:47:22 +01:00			`public function setUserData($data) {`
Upgrade to GitHub v3 API Summary: GitHub dropped support for the v2 API today, which breaks login and registration. Use the v3 API instead. Test Plan: Registered and logged in with GitHub. Verified process pulled email/photo/name/username correctly. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2726 2012-06-12 21:01:10 +02:00			`$data = json_decode($data, true);`
Make Oauth-registration flows a bit more resilient to failures from the providers Summary: basically by validating we have good user data when we set the user data. Test Plan: simulated a failure from a phabricator on phabricator oauth scenario. viewed ui that correctly told me there was an error with the provider and to try again. Reviewers: epriestley Reviewed By: epriestley CC: aran, Koolvin Maniphest Tasks: T1077 Differential Revision: https://secure.phabricator.com/D2337 2012-05-01 11:51:40 +02:00			`$this->validateUserData($data);`
			`$this->userData = $data;`
Modularize oauth. 2011-02-28 04:47:22 +01:00			`return $this;`
			`}`

			`public function retrieveUserID() {`
			`return $this->userData['id'];`
			`}`

			`public function retrieveUserEmail() {`
Fix GitHub OAuth Registration for users without a name Summary: Github allows you to have an account without a real name. The OAuth controller actually handles this fine, mostly, except that it calls a bogus method. Also there is some null vs empty string confusion. Test Plan: Deleted my name on Github and then registered for an account on Phabricator. Reviewed By: tuomaspelkonen Reviewers: jungejason, tuomaspelkonen, aran CC: anjali, aran, tuomaspelkonen Differential Revision: 247 2011-05-07 02:01:00 +02:00			`return idx($this->userData, 'email');`
Modularize oauth. 2011-02-28 04:47:22 +01:00			`}`

			`public function retrieveUserAccountName() {`
			`return $this->userData['login'];`
			`}`

			`public function retrieveUserProfileImage() {`
Upgrade to GitHub v3 API Summary: GitHub dropped support for the v2 API today, which breaks login and registration. Use the v3 API instead. Test Plan: Registered and logged in with GitHub. Verified process pulled email/photo/name/username correctly. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran Differential Revision: https://secure.phabricator.com/D2726 2012-06-12 21:01:10 +02:00			`$uri = idx($this->userData, 'avatar_url');`
			`if ($uri) {`
Get rid of file_get_contents($uri) Summary: It requires `allow_url_fopen` which we don't check in setup and our installation is about to disable it. Test Plan: Login with OAuth. /oauth/facebook/diagnose/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D2787 2012-06-19 00:11:47 +02:00			`return HTTPSFuture::loadContent($uri);`
Modularize oauth. 2011-02-28 04:47:22 +01:00			`}`
			`return null;`
			`}`

			`public function retrieveUserAccountURI() {`
			`$username = $this->retrieveUserAccountName();`
			`if ($username) {`
			`return 'https://github.com/'.$username;`
			`}`
			`return null;`
			`}`

			`public function retrieveUserRealName() {`
Fix GitHub OAuth Registration for users without a name Summary: Github allows you to have an account without a real name. The OAuth controller actually handles this fine, mostly, except that it calls a bogus method. Also there is some null vs empty string confusion. Test Plan: Deleted my name on Github and then registered for an account on Phabricator. Reviewed By: tuomaspelkonen Reviewers: jungejason, tuomaspelkonen, aran CC: anjali, aran, tuomaspelkonen Differential Revision: 247 2011-05-07 02:01:00 +02:00			`return idx($this->userData, 'name');`
Modularize oauth. 2011-02-28 04:47:22 +01:00			`}`

Try to diagnose App Login only for OAuth providers which support it Summary: We currently try to do "app login" for all OAuth providers, but not all of them support it in a meaningful way. Particularly, it always fails for Google. Test Plan: Ran google diagnostics on a working config, no longer got a diagnostic failure. Reviewers: btrahan, vrana, csilvers Reviewed By: csilvers CC: aran Differential Revision: https://secure.phabricator.com/D2377 2012-05-05 01:16:29 +02:00			`public function shouldDiagnoseAppLogin() {`
			`return true;`
			`}`

Github OAuth Summary: Test Plan: Reviewers: CC: 2011-02-21 07:47:56 +01:00			`}`