Basic Facebook OAuth implementation.

src/__phutil_library_map__.php

@@ -39,6 +39,7 @@ phutil_register_library_map(array(
     'AphrontQueryConnectionException' => 'storage/exception/connection',
     'AphrontQueryConnectionLostException' => 'storage/exception/connectionlost',
     'AphrontQueryCountException' => 'storage/exception/count',
+    'AphrontQueryDuplicateKeyException' => 'storage/exception/duplicatekey',
     'AphrontQueryException' => 'storage/exception/base',
     'AphrontQueryObjectMissingException' => 'storage/exception/objectmissing',
     'AphrontQueryParameterException' => 'storage/exception/parameter',
@@ -107,7 +108,7 @@ phutil_register_library_map(array(
     'Javelin' => 'infratructure/javelin/api',
     'LiskDAO' => 'storage/lisk/dao',
     'Phabricator404Controller' => 'applications/base/controller/404',
-    'PhabricatorAuthController' => 'applications/auth/controlller/base',
+    'PhabricatorAuthController' => 'applications/auth/controller/base',
     'PhabricatorConduitAPIController' => 'applications/conduit/controller/api',
     'PhabricatorConduitConnectionLog' => 'applications/conduit/storage/connectionlog',
     'PhabricatorConduitConsoleController' => 'applications/conduit/controller/console',
@@ -127,6 +128,7 @@ phutil_register_library_map(array(
     'PhabricatorDirectoryItemEditController' => 'applications/directory/controller/itemedit',
     'PhabricatorDirectoryItemListController' => 'applications/directory/controller/itemlist',
     'PhabricatorDirectoryMainController' => 'applications/directory/controller/main',
+    'PhabricatorFacebookConnectController' => 'applications/auth/controller/facebookconnect',
     'PhabricatorFile' => 'applications/files/storage/file',
     'PhabricatorFileController' => 'applications/files/controller/base',
     'PhabricatorFileDAO' => 'applications/files/storage/base',
@@ -136,8 +138,8 @@ phutil_register_library_map(array(
     'PhabricatorFileUploadController' => 'applications/files/controller/upload',
     'PhabricatorFileViewController' => 'applications/files/controller/view',
     'PhabricatorLiskDAO' => 'applications/base/storage/lisk',
-    'PhabricatorLoginController' => 'applications/auth/controlller/login',
+    'PhabricatorLoginController' => 'applications/auth/controller/login',
-    'PhabricatorLogoutController' => 'applications/auth/controlller/logout',
+    'PhabricatorLogoutController' => 'applications/auth/controller/logout',
     'PhabricatorMailImplementationAdapter' => 'applications/metamta/adapter/base',
     'PhabricatorMailImplementationPHPMailerLiteAdapter' => 'applications/metamta/adapter/phpmailerlite',
     'PhabricatorMetaMTAController' => 'applications/metamta/controller/base',
@@ -219,6 +221,7 @@ phutil_register_library_map(array(
     'AphrontQueryConnectionException' => 'AphrontQueryException',
     'AphrontQueryConnectionLostException' => 'AphrontQueryRecoverableException',
     'AphrontQueryCountException' => 'AphrontQueryException',
+    'AphrontQueryDuplicateKeyException' => 'AphrontQueryException',
     'AphrontQueryObjectMissingException' => 'AphrontQueryException',
     'AphrontQueryParameterException' => 'AphrontQueryException',
     'AphrontQueryRecoverableException' => 'AphrontQueryException',
@@ -282,6 +285,7 @@ phutil_register_library_map(array(
     'PhabricatorDirectoryItemEditController' => 'PhabricatorDirectoryController',
     'PhabricatorDirectoryItemListController' => 'PhabricatorDirectoryController',
     'PhabricatorDirectoryMainController' => 'PhabricatorDirectoryController',
+    'PhabricatorFacebookConnectController' => 'PhabricatorAuthController',
     'PhabricatorFile' => 'PhabricatorFileDAO',
     'PhabricatorFileController' => 'PhabricatorController',
     'PhabricatorFileDAO' => 'PhabricatorLiskDAO',

src/aphront/default/configuration/AphrontDefaultApplicationConfiguration.php

@@ -115,8 +115,9 @@ class AphrontDefaultApplicationConfiguration
           => 'PhabricatorMetaMTAMailingListEditController',
       ),
 
-      '/login/' => 'PhabricatorLoginController',
+      '/login/$' => 'PhabricatorLoginController',
-      '/logout/' => 'PhabricatorLogoutController',
+      '/logout/$' => 'PhabricatorLogoutController',
+      '/facebook-connect/$' => 'PhabricatorFacebookConnectController',
     );
   }
 

src/applications/auth/controller/facebookconnect/PhabricatorFacebookConnectController.php

@@ -0,0 +1,207 @@
+<?php
+
+/*
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+class PhabricatorFacebookConnectController extends PhabricatorAuthController {
+
+  public function shouldRequireLogin() {
+    return false;
+  }
+
+  public function processRequest() {
+    $request = $this->getRequest();
+
+    if ($request->getStr('error')) {
+      die("OMG ERROR");
+    }
+
+    $token = $request->getStr('token');
+    if (!$token) {
+      $code = $request->getStr('code');
+      $auth_uri = 'https://graph.facebook.com/oauth/access_token'.
+                  '?client_id=184510521580034'.
+                  '&redirect_uri=http://local.aphront.com/facebook-connect/'.
+                  '&client_secret=OMGSECRETS'.
+                  '&code='.$code;
+
+      $response = @file_get_contents($auth_uri);
+      if ($response === false) {
+        throw new Exception('failed to open oauth thing');
+      }
+
+      $data = array();
+      parse_str($response, $data);
+
+      $token = $data['access_token'];
+    }
+
+    $user_json = @file_get_contents('https://graph.facebook.com/me?access_token='.$token);
+    $user_data = json_decode($user_json, true);
+
+    $user_id = $user_data['id'];
+
+    $known_user = id(new PhabricatorUser())
+      ->loadOneWhere('facebookUID = %d', $user_id);
+    if ($known_user) {
+      $session_key = $known_user->establishSession('web');
+      $request->setCookie('phusr', $known_user->getUsername());
+      $request->setCookie('phsid', $session_key);
+      return id(new AphrontRedirectResponse())
+        ->setURI('/');
+    }
+
+    $current_user = $this->getRequest()->getUser();
+    if ($current_user->getPHID()) {
+      if ($current_user->getFacebookUID() &&
+          $current_user->getFacebookUID() != $user_id) {
+        throw new Exception(
+          "Your account is already associated with a Facebook user ID other ".
+          "than the one you just logged in with...?");
+      }
+
+      if ($request->isFormPost()) {
+        $current_user->setFacebookUID($user_id);
+        $current_user->save();
+
+        // TODO: ship them back to the 'account' page or whatever?
+        return id(new AphrontRedirectResponse())
+          ->setURI('/');
+      }
+
+      $ph_account = $current_user->getUsername();
+      $fb_account = phutil_escape_html($user_data['name']);
+
+      $form = new AphrontFormView();
+      $form
+        ->addHiddenInput('token', $token)
+        ->setUser($request->getUser())
+        ->setAction('/facebook-connect/')
+        ->appendChild(
+          '<p class="aphront-form-view-instructions">Do you want to link your '.
+          "existing Phabricator account (<strong>{$ph_account}</strong>) ".
+          "with your Facebook account (<strong>{$fb_account}</strong>) so ".
+          "you can login with Facebook Connect?")
+        ->appendChild(
+          id(new AphrontFormSubmitControl())
+            ->setValue('Link Accounts')
+            ->addCancelButton('/login/'));
+
+      $panel = new AphrontPanelView();
+      $panel->setHeader('Link Facebook Account');
+      $panel->setWidth(AphrontPanelView::WIDTH_FORM);
+      $panel->appendChild($form);
+
+      return $this->buildStandardPageResponse(
+        $panel,
+        array(
+          'title' => 'Link Facebook Account',
+        ));
+    }
+
+    $errors = array();
+    $e_username = true;
+
+    $user = new PhabricatorUser();
+
+    $matches = null;
+    if (preg_match('@/([a-zA-Z0-9]+)$@', $user_data['link'], $matches)) {
+      $user->setUsername($matches[1]);
+    }
+
+    if ($request->isFormPost()) {
+
+      $username = $request->getStr('username');
+      if (!strlen($username)) {
+        $e_username = 'Required';
+        $errors[] = 'Username is required.';
+      } else if (!preg_match('/^[a-zA-Z0-9]+$/', $username, $matches)) {
+        $e_username = 'Invalid';
+        $errors[] = 'Username may only contain letters and numbers.';
+      }
+
+      $user->setUsername($username);
+      $user->setFacebookUID($user_id);
+      $user->setEmail($user_data['email']);
+
+      if (!$errors) {
+        $image = @file_get_contents('https://graph.facebook.com/me/picture?access_token='.$token);
+        $file = PhabricatorFile::newFromFileData(
+          $image,
+          array(
+            'name' => 'fbprofile.jpg'
+          ));
+
+        $user->setProfileImagePHID($file->getPHID());
+        $user->setRealName($user_data['name']);
+
+        try {
+          $user->save();
+
+          $session_key = $user->establishSession('web');
+          $request->setCookie('phusr', $user->getUsername());
+          $request->setCookie('phsid', $session_key);
+          return id(new AphrontRedirectResponse())->setURI('/');
+        } catch (AphrontQueryDuplicateKeyException $exception) {
+          $key = $exception->getDuplicateKey();
+          if ($key == 'userName') {
+            $e_username = 'Duplicate';
+            $errors[] = 'That username is not unique.';
+          } else {
+            throw $exception;
+          }
+        }
+      }
+    }
+
+    $error_view = null;
+    if ($errors) {
+      $error_view = new AphrontErrorView();
+      $error_view->setTitle('Facebook Connect Failed');
+      $error_view->setErrors($errors);
+    }
+
+    $form = new AphrontFormView();
+    $form
+      ->addHiddenInput('token', $token)
+      ->setUser($request->getUser())
+      ->setAction('/facebook-connect/')
+      ->appendChild(
+        id(new AphrontFormTextControl())
+          ->setLabel('Username')
+          ->setName('username')
+          ->setValue($user->getUsername())
+          ->setError($e_username))
+      ->appendChild(
+        id(new AphrontFormSubmitControl())
+          ->setValue('Create Account'));
+
+    $panel = new AphrontPanelView();
+    $panel->setHeader('Create New Account');
+    $panel->setWidth(AphrontPanelView::WIDTH_FORM);
+    $panel->appendChild($form);
+
+    return $this->buildStandardPageResponse(
+      array(
+        $error_view,
+        $panel,
+      ),
+      array(
+        'title' => 'Create New Account',
+      ));
+  }
+
+}

src/applications/auth/controller/facebookconnect/__init__.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * This file is automatically generated. Lint this module to rebuild it.
+ * @generated
+ */
+
+
+
+phutil_require_module('phabricator', 'aphront/response/redirect');
+phutil_require_module('phabricator', 'applications/auth/controller/base');
+phutil_require_module('phabricator', 'applications/files/storage/file');
+phutil_require_module('phabricator', 'applications/people/storage/user');
+phutil_require_module('phabricator', 'view/form/base');
+phutil_require_module('phabricator', 'view/form/control/submit');
+phutil_require_module('phabricator', 'view/form/error');
+phutil_require_module('phabricator', 'view/layout/panel');
+
+phutil_require_module('phutil', 'markup');
+phutil_require_module('phutil', 'utils');
+
+
+phutil_require_source('PhabricatorFacebookConnectController.php');

src/applications/auth/controller/login/PhabricatorLoginController.php

@@ -26,13 +26,13 @@ class PhabricatorLoginController extends PhabricatorAuthController {
     $request = $this->getRequest();
 
     $error = false;
-    $login_name = $request->getCookie('phusr');
+    $username = $request->getCookie('phusr');
     if ($request->isFormPost()) {
-      $login_name = $request->getStr('login');
+      $username = $request->getStr('username');
 
       $user = id(new PhabricatorUser())->loadOneWhere(
         'username = %s',
-        $login_name);
+        $username);
 
       $user->setPassword('asdf');
       $user->save();
@@ -40,30 +40,8 @@ class PhabricatorLoginController extends PhabricatorAuthController {
       $okay = false;
       if ($user) {
         if ($user->comparePassword($request->getStr('password'))) {
-          $conn_w = $user->establishConnection('w');
 
-          $urandom = fopen('/dev/urandom', 'r');
+          $session_key = $user->establishSession('web');
-          if (!$urandom) {
-            throw new Exception("Failed to open /dev/urandom!");
-          }
-          $entropy = fread($urandom, 20);
-          if (strlen($entropy) != 20) {
-            throw new Exception("Failed to read /dev/urandom!");
-          }
-
-          $session_key = sha1($entropy);
-          queryfx(
-            $conn_w,
-            'INSERT INTO phabricator_session '.
-              '(userPHID, type, sessionKey, sessionStart)'.
-            ' VALUES '.
-              '(%s, %s, %s, UNIX_TIMESTAMP()) '.
-            'ON DUPLICATE KEY UPDATE '.
-              'sessionKey = VALUES(sessionKey), '.
-              'sessionStart = VALUES(sessionStart)',
-            $user->getPHID(),
-            'web',
-            $session_key);
 
           $request->setCookie('phusr', $user->getUsername());
           $request->setCookie('phsid', $session_key);
@@ -93,9 +71,9 @@ class PhabricatorLoginController extends PhabricatorAuthController {
       ->setAction('/login/')
       ->appendChild(
         id(new AphrontFormTextControl())
-          ->setLabel('Login')
+          ->setLabel('Username')
-          ->setName('login')
+          ->setName('username')
-          ->setValue($login_name))
+          ->setValue($username))
       ->appendChild(
         id(new AphrontFormTextControl())
           ->setLabel('Password')
@@ -110,6 +88,28 @@ class PhabricatorLoginController extends PhabricatorAuthController {
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     $panel->appendChild($form);
 
+
+    // TODO: Hardcoded junk
+    $connect_uri = "https://www.facebook.com/dialog/oauth";
+
+    $user = $request->getUser();
+
+    $facebook_connect = new AphrontFormView();
+    $facebook_connect
+      ->setAction($connect_uri)
+      ->addHiddenInput('client_id', 184510521580034)
+      ->addHiddenInput('redirect_uri', 'http://local.aphront.com/facebook-connect/')
+      ->addHiddenInput('scope', 'email')
+      ->addHiddenInput('state', $user->getCSRFToken())
+      ->setUser($request->getUser())
+      ->setMethod('GET')
+      ->appendChild(
+        id(new AphrontFormSubmitControl())
+          ->setValue("Login with Facebook Connect \xC2\xBB"));
+
+    $panel->appendChild('<br /><h1>Login with Facebook</h1>');
+    $panel->appendChild($facebook_connect);
+
     return $this->buildStandardPageResponse(
       array(
         $error_view,

src/applications/auth/controller/login/__init__.php

@@ -7,9 +7,8 @@
 
 
 phutil_require_module('phabricator', 'aphront/response/redirect');
-phutil_require_module('phabricator', 'applications/auth/controlller/base');
+phutil_require_module('phabricator', 'applications/auth/controller/base');
 phutil_require_module('phabricator', 'applications/people/storage/user');
-phutil_require_module('phabricator', 'storage/queryfx');
 phutil_require_module('phabricator', 'view/form/base');
 phutil_require_module('phabricator', 'view/form/control/submit');
 phutil_require_module('phabricator', 'view/form/error');

src/applications/auth/controller/logout/__init__.php

@@ -7,7 +7,7 @@
 
 
 phutil_require_module('phabricator', 'aphront/response/redirect');
-phutil_require_module('phabricator', 'applications/auth/controlller/base');
+phutil_require_module('phabricator', 'applications/auth/controller/base');
 
 phutil_require_module('phutil', 'utils');
 

src/applications/people/storage/user/PhabricatorUser.php

@@ -26,6 +26,8 @@ class PhabricatorUser extends PhabricatorUserDAO {
   protected $email;
   protected $passwordSalt;
   protected $passwordHash;
+  protected $facebookUID;
+  protected $profileImagePHID;
 
   private $sessionKey;
 
@@ -87,4 +89,33 @@ class PhabricatorUser extends PhabricatorUserDAO {
     return substr(md5($vec), 0, 16);
   }
 
+  public function establishSession($session_type) {
+    $conn_w = $this->establishConnection('w');
+
+    $urandom = fopen('/dev/urandom', 'r');
+    if (!$urandom) {
+      throw new Exception("Failed to open /dev/urandom!");
+    }
+    $entropy = fread($urandom, 20);
+    if (strlen($entropy) != 20) {
+      throw new Exception("Failed to read /dev/urandom!");
+    }
+
+    $session_key = sha1($entropy);
+    queryfx(
+      $conn_w,
+      'INSERT INTO phabricator_session '.
+        '(userPHID, type, sessionKey, sessionStart)'.
+      ' VALUES '.
+        '(%s, %s, %s, UNIX_TIMESTAMP()) '.
+      'ON DUPLICATE KEY UPDATE '.
+        'sessionKey = VALUES(sessionKey), '.
+        'sessionStart = VALUES(sessionStart)',
+      $this->getPHID(),
+      $session_type,
+      $session_key);
+
+    return $session_key;
+  }
+
 }

src/applications/people/storage/user/__init__.php

@@ -8,6 +8,7 @@
 
 phutil_require_module('phabricator', 'applications/people/storage/base');
 phutil_require_module('phabricator', 'applications/phid/storage/phid');
+phutil_require_module('phabricator', 'storage/queryfx');
 
 
 phutil_require_source('PhabricatorUser.php');

src/storage/connection/mysql/AphrontMySQLDatabaseConnection.php

@@ -184,13 +184,18 @@ class AphrontMySQLDatabaseConnection extends AphrontDatabaseConnection {
       case 2013: // Connection Dropped
       case 2006: // Gone Away
         throw new AphrontQueryConnectionLostException("#{$errno}: {$error}");
-        break;
       case 1213: // Deadlock
       case 1205: // Lock wait timeout exceeded
         throw new AphrontQueryRecoverableException("#{$errno}: {$error}");
-        break;
+      case 1062: // Duplicate Key
+        $matches = null;
+        $key = null;
+        if (preg_match('/for key \'(.*)\'$/', $error, $matches)) {
+          $key = $matches[1];
+        }
+        throw new AphrontQueryDuplicateKeyException($key, "{$errno}: {$error}");
       default:
-        // TODO: 1062 is syntax error, and quite terrible in production.
+        // TODO: 1064 is syntax error, and quite terrible in production.
         throw new AphrontQueryException("#{$errno}: {$error}");
     }
   }

src/storage/connection/mysql/__init__.php

@@ -10,6 +10,7 @@ phutil_require_module('phabricator', 'storage/connection/base');
 phutil_require_module('phabricator', 'storage/exception/base');
 phutil_require_module('phabricator', 'storage/exception/connection');
 phutil_require_module('phabricator', 'storage/exception/connectionlost');
+phutil_require_module('phabricator', 'storage/exception/duplicatekey');
 phutil_require_module('phabricator', 'storage/exception/recoverable');
 
 phutil_require_module('phutil', 'utils');

src/storage/exception/duplicatekey/AphrontQueryDuplicateKeyException.php

@@ -0,0 +1,34 @@
+<?php
+
+/*
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @group storage
+ */
+class AphrontQueryDuplicateKeyException extends AphrontQueryException {
+
+  private $duplicateKey;
+
+  public function getDuplicateKey() {
+    return $this->duplicateKey;
+  }
+
+  public function __construct($duplicate_key, $message) {
+    $this->duplicateKey = $duplicate_key;
+    parent::__construct($message);
+  }
+}

src/storage/exception/duplicatekey/__init__.php

@@ -0,0 +1,12 @@
+<?php
+/**
+ * This file is automatically generated. Lint this module to rebuild it.
+ * @generated
+ */
+
+
+
+phutil_require_module('phabricator', 'storage/exception/base');
+
+
+phutil_require_source('AphrontQueryDuplicateKeyException.php');