phorge-phorge/src/applications/oauthserver/PhabricatorOAuthServerScope.php

<?php

final class PhabricatorOAuthServerScope {

  const SCOPE_OFFLINE_ACCESS = 'offline_access';
  const SCOPE_WHOAMI         = 'whoami';
  const SCOPE_NOT_ACCESSIBLE = 'not_accessible';

  /*
   * Note this does not contain SCOPE_NOT_ACCESSIBLE which is magic
   * used to simplify code for data that is not currently accessible
   * via OAuth.
   */
  static public function getScopesDict() {
    return array(
      self::SCOPE_OFFLINE_ACCESS => 1,
      self::SCOPE_WHOAMI         => 1,
    );
  }

  static public function getCheckboxControl($current_scopes) {
    $scopes = self::getScopesDict();
    $scope_keys = array_keys($scopes);
    sort($scope_keys);

    $checkboxes = new AphrontFormCheckboxControl();
    foreach ($scope_keys as $scope) {
      $checkboxes->addCheckbox(
        $name = $scope,
        $value = 1,
        $label = self::getCheckboxLabel($scope),
        $checked = isset($current_scopes[$scope])
      );
    }
    $checkboxes->setLabel('Scope');

    return $checkboxes;
  }

  static private function getCheckboxLabel($scope) {
    $label = null;
    switch ($scope) {
      case self::SCOPE_OFFLINE_ACCESS:
        $label = 'Make access tokens granted to this client never expire.';
        break;
      case self::SCOPE_WHOAMI:
        $label = 'Read access to Conduit method user.whoami.';
        break;
    }

    return $label;
  }

  static public function getScopesFromRequest(AphrontRequest $request) {
    $scopes = self::getScopesDict();
    $requested_scopes = array();
    foreach ($scopes as $scope => $bit) {
      if ($request->getBool($scope)) {
        $requested_scopes[$scope] = 1;
      }
    }
    return $requested_scopes;
  }

  /**
   * A scopes list is considered valid if each scope is a known scope
   * and each scope is seen only once.  Otherwise, the list is invalid.
   */
  static public function validateScopesList($scope_list) {
    $scopes       = explode(' ', $scope_list);
    $known_scopes = self::getScopesDict();
    $seen_scopes  = array();
    foreach ($scopes as $scope) {
      if (!isset($known_scopes[$scope])) {
        return false;
      }
      if (isset($seen_scopes[$scope])) {
        return false;
      }
      $seen_scopes[$scope] = 1;
    }

    return true;
  }

  /**
   * A scopes dictionary is considered valid if each key is a known scope.
   * Otherwise, the dictionary is invalid.
   */
  static public function validateScopesDict($scope_dict) {
    $known_scopes   = self::getScopesDict();
    $unknown_scopes = array_diff_key($scope_dict,
                                     $known_scopes);
    return empty($unknown_scopes);
  }

  /**
   * Transforms a space-delimited scopes list into a scopes dict. The list
   * should be validated by @{method:validateScopesList} before
   * transformation.
   */
   static public function scopesListToDict($scope_list) {
    $scopes = explode(' ', $scope_list);
    return array_fill_keys($scopes, 1);
  }

}
OAuth Server enhancements -- more complete access token response and groundwork for scope Summary: this patch makes the access token response "complete" relative to spec by returning when it expires AND that the token_type is in fact 'Bearer'. This patch also lays the groundwork for scope by fixing the underlying data model and adding the first scope checks for "offline_access" relative to expires and the "whoami" method. Further, conduit is augmented to open up individual methods for access via OAuth generally to enable "whoami" access. There's also a tidy little scope class to keep track of all the various scopes we plan to have as well as strings for display (T849 - work undone) Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE. We then don't even bother with the OAuth stuff within conduit if we're not supposed to be accessing the method via Conduit. Felt relatively clean to me in terms of additional code complexity, etc. Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize clients for specific scopes which kinds of needs T850). There's also a bunch of work that needs to be done to return the appropriate, well-formatted error codes. All in due time...! Test Plan: verified that an access_token with no scope doesn't let me see anything anymore. :( verified that access_tokens made awhile ago expire. :( Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T888, T848 Differential Revision: https://secure.phabricator.com/D1657 2012-02-21 23:28:05 +01:00			`<?php`

			`final class PhabricatorOAuthServerScope {`

			`const SCOPE_OFFLINE_ACCESS = 'offline_access';`
			`const SCOPE_WHOAMI = 'whoami';`
			`const SCOPE_NOT_ACCESSIBLE = 'not_accessible';`

			`/*`
			`* Note this does not contain SCOPE_NOT_ACCESSIBLE which is magic`
			`* used to simplify code for data that is not currently accessible`
			`* via OAuth.`
			`*/`
			`static public function getScopesDict() {`
			`return array(`
			`self::SCOPE_OFFLINE_ACCESS => 1,`
			`self::SCOPE_WHOAMI => 1,`
			`);`
			`}`

OAuth Server -- add controllers to RUD client authorizations and CRUD clients Summary: beyond the title, this diff tweaks the test console to have a bit more functionality. also makes a small change to CSS for AphrontFormControlMarkup, which IMO fixes a display issue on https://secure.phabricator.com/settings/page/profile/ where the Profile URI is all up in the air and whatnot I think this is missing pagination. I am getting tired of the size though and will add later. See T905. Test Plan: viewed, updated and deleted client authorizations. viewed, created, updated and deleted clients Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T849, T850, T848 Differential Revision: https://secure.phabricator.com/D1683 2012-02-22 19:21:39 +01:00			`static public function getCheckboxControl($current_scopes) {`
			`$scopes = self::getScopesDict();`
			`$scope_keys = array_keys($scopes);`
			`sort($scope_keys);`

			`$checkboxes = new AphrontFormCheckboxControl();`
			`foreach ($scope_keys as $scope) {`
			`$checkboxes->addCheckbox(`
			`$name = $scope,`
			`$value = 1,`
			`$label = self::getCheckboxLabel($scope),`
			`$checked = isset($current_scopes[$scope])`
			`);`
			`}`
			`$checkboxes->setLabel('Scope');`

			`return $checkboxes;`
			`}`

			`static private function getCheckboxLabel($scope) {`
			`$label = null;`
			`switch ($scope) {`
			`case self::SCOPE_OFFLINE_ACCESS:`
			`$label = 'Make access tokens granted to this client never expire.';`
			`break;`
			`case self::SCOPE_WHOAMI:`
			`$label = 'Read access to Conduit method user.whoami.';`
			`break;`
			`}`

			`return $label;`
			`}`

			`static public function getScopesFromRequest(AphrontRequest $request) {`
			`$scopes = self::getScopesDict();`
			`$requested_scopes = array();`
			`foreach ($scopes as $scope => $bit) {`
			`if ($request->getBool($scope)) {`
			`$requested_scopes[$scope] = 1;`
			`}`
			`}`
			`return $requested_scopes;`
			`}`

OAuthServer polish and random sauce Summary: This diff makes the OAuthServer more compliant with the spec by - making it return well-formatted error codes with error types from the spec. - making it respect the "state" variable, which is a transparent variable the client passes and the server passes back - making it be super, duper compliant with respect to redirect uris -- if specified in authorization step, check if its valid relative to the client registered URI and if so save it -- if specified in authorization step, check if its been specified in the access step and error if it doesn't match or doesn't exist -- note we don't make any use of it in the access step which seems strange but hey, that's what the spec says! This diff makes the OAuthServer suck less by - making the "cancel" button do something in the user authorization flow - making the client list view and client edit view be a bit more usable around client secrets - fixing a few bugs I managed to introduce along the way Test Plan: - create a test phabricator client, updated my conf, and then linked and unlinked phabricator to itself - wrote some tests for PhabricatorOAuthServer -- they pass! -- these validate the various validate URI checks - tried a few important authorization calls -- http://phabricator.dev/oauthserver/auth/?client_id=X&state=test&redirect_uri=http://www.evil.com --- verified error'd from mismatching redirect uri's --- verified state parameter in response --- verified did not redirect to client redirect uri -- http://phabricator.dev/oauthserver/auth/?client_id=X w/ existing authorization --- got redirected to proper client url with error that response_type not specified -- http://phabricator.dev/oauthserver/auth/?client_id=X&response_type=code w/ existing authorization --- got redirected to proper client url with pertinent code! - tried a few important access calls -- verified appropriate errors if missing any required parameters -- verified good access code with appropriate other variables resulted in an access token - verified that if redirect_uri set correctly in authorization required for access and errors if differs at all / only succeeds if exactly the same Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley, ajtrichards Maniphest Tasks: T889, T906, T897 Differential Revision: https://secure.phabricator.com/D1727 2012-03-01 23:46:18 +01:00			`/**`
			`* A scopes list is considered valid if each scope is a known scope`
			`* and each scope is seen only once. Otherwise, the list is invalid.`
			`*/`
			`static public function validateScopesList($scope_list) {`
			`$scopes = explode(' ', $scope_list);`
			`$known_scopes = self::getScopesDict();`
			`$seen_scopes = array();`
			`foreach ($scopes as $scope) {`
			`if (!isset($known_scopes[$scope])) {`
			`return false;`
			`}`
			`if (isset($seen_scopes[$scope])) {`
			`return false;`
			`}`
			`$seen_scopes[$scope] = 1;`
			`}`

			`return true;`
			`}`

			`/**`
			`* A scopes dictionary is considered valid if each key is a known scope.`
			`* Otherwise, the dictionary is invalid.`
			`*/`
			`static public function validateScopesDict($scope_dict) {`
			`$known_scopes = self::getScopesDict();`
			`$unknown_scopes = array_diff_key($scope_dict,`
			`$known_scopes);`
			`return empty($unknown_scopes);`
			`}`

Fix OAuth Client Authorization bugs Summary: ajtrichards reported an error creating a brand new authorization. fixed that and generally made this flow work well Test Plan: - created a fresh test client -- noted "new=<PHID>" with appropriate highlighting - visited http://phabricator.dev/oauthserver/auth/?client_id=PHID-OASC-jwgdrqdpzomtxyg3q3yf&response_type=code&scope=offline_access -- clicked "cancel", verified result -- clicked "approve", verfied result - visited http://phabricator.dev/oauthserver/auth/?client_id=PHID-OASC-jwgdrqdpzomtxyg3q3yf&response_type=code&scope=whoami -- noted got the dialog -- noted that it had the union of desired and existing so user could update it properly! (NB - its up to the client to react to whatever specific scope(s) the user decides to grant) -- noted it actually updated when I hit "approve" Reviewers: epriestley, ajtrichards Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T933 Differential Revision: https://secure.phabricator.com/D1775 2012-03-05 22:27:20 +01:00			`/**`
			`* Transforms a space-delimited scopes list into a scopes dict. The list`
			`* should be validated by @{method:validateScopesList} before`
			`* transformation.`
			`*/`
			`static public function scopesListToDict($scope_list) {`
			`$scopes = explode(' ', $scope_list);`
			`return array_fill_keys($scopes, 1);`
OAuthServer polish and random sauce Summary: This diff makes the OAuthServer more compliant with the spec by - making it return well-formatted error codes with error types from the spec. - making it respect the "state" variable, which is a transparent variable the client passes and the server passes back - making it be super, duper compliant with respect to redirect uris -- if specified in authorization step, check if its valid relative to the client registered URI and if so save it -- if specified in authorization step, check if its been specified in the access step and error if it doesn't match or doesn't exist -- note we don't make any use of it in the access step which seems strange but hey, that's what the spec says! This diff makes the OAuthServer suck less by - making the "cancel" button do something in the user authorization flow - making the client list view and client edit view be a bit more usable around client secrets - fixing a few bugs I managed to introduce along the way Test Plan: - create a test phabricator client, updated my conf, and then linked and unlinked phabricator to itself - wrote some tests for PhabricatorOAuthServer -- they pass! -- these validate the various validate URI checks - tried a few important authorization calls -- http://phabricator.dev/oauthserver/auth/?client_id=X&state=test&redirect_uri=http://www.evil.com --- verified error'd from mismatching redirect uri's --- verified state parameter in response --- verified did not redirect to client redirect uri -- http://phabricator.dev/oauthserver/auth/?client_id=X w/ existing authorization --- got redirected to proper client url with error that response_type not specified -- http://phabricator.dev/oauthserver/auth/?client_id=X&response_type=code w/ existing authorization --- got redirected to proper client url with pertinent code! - tried a few important access calls -- verified appropriate errors if missing any required parameters -- verified good access code with appropriate other variables resulted in an access token - verified that if redirect_uri set correctly in authorization required for access and errors if differs at all / only succeeds if exactly the same Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley, ajtrichards Maniphest Tasks: T889, T906, T897 Differential Revision: https://secure.phabricator.com/D1727 2012-03-01 23:46:18 +01:00			`}`

OAuth Server enhancements -- more complete access token response and groundwork for scope Summary: this patch makes the access token response "complete" relative to spec by returning when it expires AND that the token_type is in fact 'Bearer'. This patch also lays the groundwork for scope by fixing the underlying data model and adding the first scope checks for "offline_access" relative to expires and the "whoami" method. Further, conduit is augmented to open up individual methods for access via OAuth generally to enable "whoami" access. There's also a tidy little scope class to keep track of all the various scopes we plan to have as well as strings for display (T849 - work undone) Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE. We then don't even bother with the OAuth stuff within conduit if we're not supposed to be accessing the method via Conduit. Felt relatively clean to me in terms of additional code complexity, etc. Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize clients for specific scopes which kinds of needs T850). There's also a bunch of work that needs to be done to return the appropriate, well-formatted error codes. All in due time...! Test Plan: verified that an access_token with no scope doesn't let me see anything anymore. :( verified that access_tokens made awhile ago expire. :( Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T888, T848 Differential Revision: https://secure.phabricator.com/D1657 2012-02-21 23:28:05 +01:00			`}`