1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00

Basic Facebook OAuth implementation.

This commit is contained in:
epriestley 2011-01-30 21:28:45 -08:00
parent 29f7219a49
commit 25aae76c8a
16 changed files with 357 additions and 40 deletions

View file

@ -39,6 +39,7 @@ phutil_register_library_map(array(
'AphrontQueryConnectionException' => 'storage/exception/connection',
'AphrontQueryConnectionLostException' => 'storage/exception/connectionlost',
'AphrontQueryCountException' => 'storage/exception/count',
'AphrontQueryDuplicateKeyException' => 'storage/exception/duplicatekey',
'AphrontQueryException' => 'storage/exception/base',
'AphrontQueryObjectMissingException' => 'storage/exception/objectmissing',
'AphrontQueryParameterException' => 'storage/exception/parameter',
@ -107,7 +108,7 @@ phutil_register_library_map(array(
'Javelin' => 'infratructure/javelin/api',
'LiskDAO' => 'storage/lisk/dao',
'Phabricator404Controller' => 'applications/base/controller/404',
'PhabricatorAuthController' => 'applications/auth/controlller/base',
'PhabricatorAuthController' => 'applications/auth/controller/base',
'PhabricatorConduitAPIController' => 'applications/conduit/controller/api',
'PhabricatorConduitConnectionLog' => 'applications/conduit/storage/connectionlog',
'PhabricatorConduitConsoleController' => 'applications/conduit/controller/console',
@ -127,6 +128,7 @@ phutil_register_library_map(array(
'PhabricatorDirectoryItemEditController' => 'applications/directory/controller/itemedit',
'PhabricatorDirectoryItemListController' => 'applications/directory/controller/itemlist',
'PhabricatorDirectoryMainController' => 'applications/directory/controller/main',
'PhabricatorFacebookConnectController' => 'applications/auth/controller/facebookconnect',
'PhabricatorFile' => 'applications/files/storage/file',
'PhabricatorFileController' => 'applications/files/controller/base',
'PhabricatorFileDAO' => 'applications/files/storage/base',
@ -136,8 +138,8 @@ phutil_register_library_map(array(
'PhabricatorFileUploadController' => 'applications/files/controller/upload',
'PhabricatorFileViewController' => 'applications/files/controller/view',
'PhabricatorLiskDAO' => 'applications/base/storage/lisk',
'PhabricatorLoginController' => 'applications/auth/controlller/login',
'PhabricatorLogoutController' => 'applications/auth/controlller/logout',
'PhabricatorLoginController' => 'applications/auth/controller/login',
'PhabricatorLogoutController' => 'applications/auth/controller/logout',
'PhabricatorMailImplementationAdapter' => 'applications/metamta/adapter/base',
'PhabricatorMailImplementationPHPMailerLiteAdapter' => 'applications/metamta/adapter/phpmailerlite',
'PhabricatorMetaMTAController' => 'applications/metamta/controller/base',
@ -219,6 +221,7 @@ phutil_register_library_map(array(
'AphrontQueryConnectionException' => 'AphrontQueryException',
'AphrontQueryConnectionLostException' => 'AphrontQueryRecoverableException',
'AphrontQueryCountException' => 'AphrontQueryException',
'AphrontQueryDuplicateKeyException' => 'AphrontQueryException',
'AphrontQueryObjectMissingException' => 'AphrontQueryException',
'AphrontQueryParameterException' => 'AphrontQueryException',
'AphrontQueryRecoverableException' => 'AphrontQueryException',
@ -282,6 +285,7 @@ phutil_register_library_map(array(
'PhabricatorDirectoryItemEditController' => 'PhabricatorDirectoryController',
'PhabricatorDirectoryItemListController' => 'PhabricatorDirectoryController',
'PhabricatorDirectoryMainController' => 'PhabricatorDirectoryController',
'PhabricatorFacebookConnectController' => 'PhabricatorAuthController',
'PhabricatorFile' => 'PhabricatorFileDAO',
'PhabricatorFileController' => 'PhabricatorController',
'PhabricatorFileDAO' => 'PhabricatorLiskDAO',

View file

@ -115,8 +115,9 @@ class AphrontDefaultApplicationConfiguration
=> 'PhabricatorMetaMTAMailingListEditController',
),
'/login/' => 'PhabricatorLoginController',
'/logout/' => 'PhabricatorLogoutController',
'/login/$' => 'PhabricatorLoginController',
'/logout/$' => 'PhabricatorLogoutController',
'/facebook-connect/$' => 'PhabricatorFacebookConnectController',
);
}

View file

@ -0,0 +1,207 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class PhabricatorFacebookConnectController extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
if ($request->getStr('error')) {
die("OMG ERROR");
}
$token = $request->getStr('token');
if (!$token) {
$code = $request->getStr('code');
$auth_uri = 'https://graph.facebook.com/oauth/access_token'.
'?client_id=184510521580034'.
'&redirect_uri=http://local.aphront.com/facebook-connect/'.
'&client_secret=OMGSECRETS'.
'&code='.$code;
$response = @file_get_contents($auth_uri);
if ($response === false) {
throw new Exception('failed to open oauth thing');
}
$data = array();
parse_str($response, $data);
$token = $data['access_token'];
}
$user_json = @file_get_contents('https://graph.facebook.com/me?access_token='.$token);
$user_data = json_decode($user_json, true);
$user_id = $user_data['id'];
$known_user = id(new PhabricatorUser())
->loadOneWhere('facebookUID = %d', $user_id);
if ($known_user) {
$session_key = $known_user->establishSession('web');
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
return id(new AphrontRedirectResponse())
->setURI('/');
}
$current_user = $this->getRequest()->getUser();
if ($current_user->getPHID()) {
if ($current_user->getFacebookUID() &&
$current_user->getFacebookUID() != $user_id) {
throw new Exception(
"Your account is already associated with a Facebook user ID other ".
"than the one you just logged in with...?");
}
if ($request->isFormPost()) {
$current_user->setFacebookUID($user_id);
$current_user->save();
// TODO: ship them back to the 'account' page or whatever?
return id(new AphrontRedirectResponse())
->setURI('/');
}
$ph_account = $current_user->getUsername();
$fb_account = phutil_escape_html($user_data['name']);
$form = new AphrontFormView();
$form
->addHiddenInput('token', $token)
->setUser($request->getUser())
->setAction('/facebook-connect/')
->appendChild(
'<p class="aphront-form-view-instructions">Do you want to link your '.
"existing Phabricator account (<strong>{$ph_account}</strong>) ".
"with your Facebook account (<strong>{$fb_account}</strong>) so ".
"you can login with Facebook Connect?")
->appendChild(
id(new AphrontFormSubmitControl())
->setValue('Link Accounts')
->addCancelButton('/login/'));
$panel = new AphrontPanelView();
$panel->setHeader('Link Facebook Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(
$panel,
array(
'title' => 'Link Facebook Account',
));
}
$errors = array();
$e_username = true;
$user = new PhabricatorUser();
$matches = null;
if (preg_match('@/([a-zA-Z0-9]+)$@', $user_data['link'], $matches)) {
$user->setUsername($matches[1]);
}
if ($request->isFormPost()) {
$username = $request->getStr('username');
if (!strlen($username)) {
$e_username = 'Required';
$errors[] = 'Username is required.';
} else if (!preg_match('/^[a-zA-Z0-9]+$/', $username, $matches)) {
$e_username = 'Invalid';
$errors[] = 'Username may only contain letters and numbers.';
}
$user->setUsername($username);
$user->setFacebookUID($user_id);
$user->setEmail($user_data['email']);
if (!$errors) {
$image = @file_get_contents('https://graph.facebook.com/me/picture?access_token='.$token);
$file = PhabricatorFile::newFromFileData(
$image,
array(
'name' => 'fbprofile.jpg'
));
$user->setProfileImagePHID($file->getPHID());
$user->setRealName($user_data['name']);
try {
$user->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$key = $exception->getDuplicateKey();
if ($key == 'userName') {
$e_username = 'Duplicate';
$errors[] = 'That username is not unique.';
} else {
throw $exception;
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Facebook Connect Failed');
$error_view->setErrors($errors);
}
$form = new AphrontFormView();
$form
->addHiddenInput('token', $token)
->setUser($request->getUser())
->setAction('/facebook-connect/')
->appendChild(
id(new AphrontFormTextControl())
->setLabel('Username')
->setName('username')
->setValue($user->getUsername())
->setError($e_username))
->appendChild(
id(new AphrontFormSubmitControl())
->setValue('Create Account'));
$panel = new AphrontPanelView();
$panel->setHeader('Create New Account');
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(
array(
$error_view,
$panel,
),
array(
'title' => 'Create New Account',
));
}
}

View file

@ -0,0 +1,22 @@
<?php
/**
* This file is automatically generated. Lint this module to rebuild it.
* @generated
*/
phutil_require_module('phabricator', 'aphront/response/redirect');
phutil_require_module('phabricator', 'applications/auth/controller/base');
phutil_require_module('phabricator', 'applications/files/storage/file');
phutil_require_module('phabricator', 'applications/people/storage/user');
phutil_require_module('phabricator', 'view/form/base');
phutil_require_module('phabricator', 'view/form/control/submit');
phutil_require_module('phabricator', 'view/form/error');
phutil_require_module('phabricator', 'view/layout/panel');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'utils');
phutil_require_source('PhabricatorFacebookConnectController.php');

View file

@ -26,13 +26,13 @@ class PhabricatorLoginController extends PhabricatorAuthController {
$request = $this->getRequest();
$error = false;
$login_name = $request->getCookie('phusr');
$username = $request->getCookie('phusr');
if ($request->isFormPost()) {
$login_name = $request->getStr('login');
$username = $request->getStr('username');
$user = id(new PhabricatorUser())->loadOneWhere(
'username = %s',
$login_name);
$username);
$user->setPassword('asdf');
$user->save();
@ -40,30 +40,8 @@ class PhabricatorLoginController extends PhabricatorAuthController {
$okay = false;
if ($user) {
if ($user->comparePassword($request->getStr('password'))) {
$conn_w = $user->establishConnection('w');
$urandom = fopen('/dev/urandom', 'r');
if (!$urandom) {
throw new Exception("Failed to open /dev/urandom!");
}
$entropy = fread($urandom, 20);
if (strlen($entropy) != 20) {
throw new Exception("Failed to read /dev/urandom!");
}
$session_key = sha1($entropy);
queryfx(
$conn_w,
'INSERT INTO phabricator_session '.
'(userPHID, type, sessionKey, sessionStart)'.
' VALUES '.
'(%s, %s, %s, UNIX_TIMESTAMP()) '.
'ON DUPLICATE KEY UPDATE '.
'sessionKey = VALUES(sessionKey), '.
'sessionStart = VALUES(sessionStart)',
$user->getPHID(),
'web',
$session_key);
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
@ -93,9 +71,9 @@ class PhabricatorLoginController extends PhabricatorAuthController {
->setAction('/login/')
->appendChild(
id(new AphrontFormTextControl())
->setLabel('Login')
->setName('login')
->setValue($login_name))
->setLabel('Username')
->setName('username')
->setValue($username))
->appendChild(
id(new AphrontFormTextControl())
->setLabel('Password')
@ -110,6 +88,28 @@ class PhabricatorLoginController extends PhabricatorAuthController {
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
// TODO: Hardcoded junk
$connect_uri = "https://www.facebook.com/dialog/oauth";
$user = $request->getUser();
$facebook_connect = new AphrontFormView();
$facebook_connect
->setAction($connect_uri)
->addHiddenInput('client_id', 184510521580034)
->addHiddenInput('redirect_uri', 'http://local.aphront.com/facebook-connect/')
->addHiddenInput('scope', 'email')
->addHiddenInput('state', $user->getCSRFToken())
->setUser($request->getUser())
->setMethod('GET')
->appendChild(
id(new AphrontFormSubmitControl())
->setValue("Login with Facebook Connect \xC2\xBB"));
$panel->appendChild('<br /><h1>Login with Facebook</h1>');
$panel->appendChild($facebook_connect);
return $this->buildStandardPageResponse(
array(
$error_view,

View file

@ -7,9 +7,8 @@
phutil_require_module('phabricator', 'aphront/response/redirect');
phutil_require_module('phabricator', 'applications/auth/controlller/base');
phutil_require_module('phabricator', 'applications/auth/controller/base');
phutil_require_module('phabricator', 'applications/people/storage/user');
phutil_require_module('phabricator', 'storage/queryfx');
phutil_require_module('phabricator', 'view/form/base');
phutil_require_module('phabricator', 'view/form/control/submit');
phutil_require_module('phabricator', 'view/form/error');

View file

@ -7,7 +7,7 @@
phutil_require_module('phabricator', 'aphront/response/redirect');
phutil_require_module('phabricator', 'applications/auth/controlller/base');
phutil_require_module('phabricator', 'applications/auth/controller/base');
phutil_require_module('phutil', 'utils');

View file

@ -26,6 +26,8 @@ class PhabricatorUser extends PhabricatorUserDAO {
protected $email;
protected $passwordSalt;
protected $passwordHash;
protected $facebookUID;
protected $profileImagePHID;
private $sessionKey;
@ -87,4 +89,33 @@ class PhabricatorUser extends PhabricatorUserDAO {
return substr(md5($vec), 0, 16);
}
public function establishSession($session_type) {
$conn_w = $this->establishConnection('w');
$urandom = fopen('/dev/urandom', 'r');
if (!$urandom) {
throw new Exception("Failed to open /dev/urandom!");
}
$entropy = fread($urandom, 20);
if (strlen($entropy) != 20) {
throw new Exception("Failed to read /dev/urandom!");
}
$session_key = sha1($entropy);
queryfx(
$conn_w,
'INSERT INTO phabricator_session '.
'(userPHID, type, sessionKey, sessionStart)'.
' VALUES '.
'(%s, %s, %s, UNIX_TIMESTAMP()) '.
'ON DUPLICATE KEY UPDATE '.
'sessionKey = VALUES(sessionKey), '.
'sessionStart = VALUES(sessionStart)',
$this->getPHID(),
$session_type,
$session_key);
return $session_key;
}
}

View file

@ -8,6 +8,7 @@
phutil_require_module('phabricator', 'applications/people/storage/base');
phutil_require_module('phabricator', 'applications/phid/storage/phid');
phutil_require_module('phabricator', 'storage/queryfx');
phutil_require_source('PhabricatorUser.php');

View file

@ -184,13 +184,18 @@ class AphrontMySQLDatabaseConnection extends AphrontDatabaseConnection {
case 2013: // Connection Dropped
case 2006: // Gone Away
throw new AphrontQueryConnectionLostException("#{$errno}: {$error}");
break;
case 1213: // Deadlock
case 1205: // Lock wait timeout exceeded
throw new AphrontQueryRecoverableException("#{$errno}: {$error}");
break;
case 1062: // Duplicate Key
$matches = null;
$key = null;
if (preg_match('/for key \'(.*)\'$/', $error, $matches)) {
$key = $matches[1];
}
throw new AphrontQueryDuplicateKeyException($key, "{$errno}: {$error}");
default:
// TODO: 1062 is syntax error, and quite terrible in production.
// TODO: 1064 is syntax error, and quite terrible in production.
throw new AphrontQueryException("#{$errno}: {$error}");
}
}

View file

@ -10,6 +10,7 @@ phutil_require_module('phabricator', 'storage/connection/base');
phutil_require_module('phabricator', 'storage/exception/base');
phutil_require_module('phabricator', 'storage/exception/connection');
phutil_require_module('phabricator', 'storage/exception/connectionlost');
phutil_require_module('phabricator', 'storage/exception/duplicatekey');
phutil_require_module('phabricator', 'storage/exception/recoverable');
phutil_require_module('phutil', 'utils');

View file

@ -0,0 +1,34 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @group storage
*/
class AphrontQueryDuplicateKeyException extends AphrontQueryException {
private $duplicateKey;
public function getDuplicateKey() {
return $this->duplicateKey;
}
public function __construct($duplicate_key, $message) {
$this->duplicateKey = $duplicate_key;
parent::__construct($message);
}
}

View file

@ -0,0 +1,12 @@
<?php
/**
* This file is automatically generated. Lint this module to rebuild it.
* @generated
*/
phutil_require_module('phabricator', 'storage/exception/base');
phutil_require_source('AphrontQueryDuplicateKeyException.php');