1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 09:12:41 +01:00

Modernize some OAuth Server code

Summary:
Ref T7303. This inches toward properly-behaved cluster logout.

  - Use IDs instead of PHIDs in URIs.
  - Slightly more modern code.
  - Fix some crumb stuff.

Test Plan: Created, edited, viewed, deleted, showed secret for, authorized, test-auth'd an application.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15592
This commit is contained in:
epriestley 2016-04-03 07:25:33 -07:00
parent f54a2007ea
commit 694a8543d8
11 changed files with 59 additions and 79 deletions

View file

@ -2705,6 +2705,7 @@ phutil_register_library_map(array(
'PhabricatorOAuthClientEditController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php', 'PhabricatorOAuthClientEditController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientEditController.php',
'PhabricatorOAuthClientListController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php', 'PhabricatorOAuthClientListController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php',
'PhabricatorOAuthClientSecretController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php', 'PhabricatorOAuthClientSecretController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientSecretController.php',
'PhabricatorOAuthClientTestController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientTestController.php',
'PhabricatorOAuthClientViewController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php', 'PhabricatorOAuthClientViewController' => 'applications/oauthserver/controller/client/PhabricatorOAuthClientViewController.php',
'PhabricatorOAuthResponse' => 'applications/oauthserver/PhabricatorOAuthResponse.php', 'PhabricatorOAuthResponse' => 'applications/oauthserver/PhabricatorOAuthResponse.php',
'PhabricatorOAuthServer' => 'applications/oauthserver/PhabricatorOAuthServer.php', 'PhabricatorOAuthServer' => 'applications/oauthserver/PhabricatorOAuthServer.php',
@ -2723,7 +2724,6 @@ phutil_register_library_map(array(
'PhabricatorOAuthServerDAO' => 'applications/oauthserver/storage/PhabricatorOAuthServerDAO.php', 'PhabricatorOAuthServerDAO' => 'applications/oauthserver/storage/PhabricatorOAuthServerDAO.php',
'PhabricatorOAuthServerScope' => 'applications/oauthserver/PhabricatorOAuthServerScope.php', 'PhabricatorOAuthServerScope' => 'applications/oauthserver/PhabricatorOAuthServerScope.php',
'PhabricatorOAuthServerTestCase' => 'applications/oauthserver/__tests__/PhabricatorOAuthServerTestCase.php', 'PhabricatorOAuthServerTestCase' => 'applications/oauthserver/__tests__/PhabricatorOAuthServerTestCase.php',
'PhabricatorOAuthServerTestController' => 'applications/oauthserver/controller/PhabricatorOAuthServerTestController.php',
'PhabricatorOAuthServerTokenController' => 'applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php', 'PhabricatorOAuthServerTokenController' => 'applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php',
'PhabricatorObjectHandle' => 'applications/phid/PhabricatorObjectHandle.php', 'PhabricatorObjectHandle' => 'applications/phid/PhabricatorObjectHandle.php',
'PhabricatorObjectHasAsanaSubtaskEdgeType' => 'applications/doorkeeper/edge/PhabricatorObjectHasAsanaSubtaskEdgeType.php', 'PhabricatorObjectHasAsanaSubtaskEdgeType' => 'applications/doorkeeper/edge/PhabricatorObjectHasAsanaSubtaskEdgeType.php',
@ -7192,6 +7192,7 @@ phutil_register_library_map(array(
'PhabricatorOAuthClientEditController' => 'PhabricatorOAuthClientController', 'PhabricatorOAuthClientEditController' => 'PhabricatorOAuthClientController',
'PhabricatorOAuthClientListController' => 'PhabricatorOAuthClientController', 'PhabricatorOAuthClientListController' => 'PhabricatorOAuthClientController',
'PhabricatorOAuthClientSecretController' => 'PhabricatorOAuthClientController', 'PhabricatorOAuthClientSecretController' => 'PhabricatorOAuthClientController',
'PhabricatorOAuthClientTestController' => 'PhabricatorOAuthClientController',
'PhabricatorOAuthClientViewController' => 'PhabricatorOAuthClientController', 'PhabricatorOAuthClientViewController' => 'PhabricatorOAuthClientController',
'PhabricatorOAuthResponse' => 'AphrontResponse', 'PhabricatorOAuthResponse' => 'AphrontResponse',
'PhabricatorOAuthServer' => 'Phobject', 'PhabricatorOAuthServer' => 'Phobject',
@ -7214,7 +7215,6 @@ phutil_register_library_map(array(
'PhabricatorOAuthServerDAO' => 'PhabricatorLiskDAO', 'PhabricatorOAuthServerDAO' => 'PhabricatorLiskDAO',
'PhabricatorOAuthServerScope' => 'Phobject', 'PhabricatorOAuthServerScope' => 'Phobject',
'PhabricatorOAuthServerTestCase' => 'PhabricatorTestCase', 'PhabricatorOAuthServerTestCase' => 'PhabricatorTestCase',
'PhabricatorOAuthServerTestController' => 'PhabricatorOAuthServerController',
'PhabricatorOAuthServerTokenController' => 'PhabricatorOAuthServerController', 'PhabricatorOAuthServerTokenController' => 'PhabricatorOAuthServerController',
'PhabricatorObjectHandle' => array( 'PhabricatorObjectHandle' => array(
'Phobject', 'Phobject',

View file

@ -50,14 +50,14 @@ final class PhabricatorOAuthServerApplication extends PhabricatorApplication {
'(?:query/(?P<queryKey>[^/]+)/)?' '(?:query/(?P<queryKey>[^/]+)/)?'
=> 'PhabricatorOAuthClientListController', => 'PhabricatorOAuthClientListController',
'auth/' => 'PhabricatorOAuthServerAuthController', 'auth/' => 'PhabricatorOAuthServerAuthController',
'test/(?P<id>\d+)/' => 'PhabricatorOAuthServerTestController',
'token/' => 'PhabricatorOAuthServerTokenController', 'token/' => 'PhabricatorOAuthServerTokenController',
'client/' => array( 'client/' => array(
'create/' => 'PhabricatorOAuthClientEditController', 'create/' => 'PhabricatorOAuthClientEditController',
'delete/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientDeleteController', 'delete/(?P<id>\d+)/' => 'PhabricatorOAuthClientDeleteController',
'edit/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientEditController', 'edit/(?P<id>\d+)/' => 'PhabricatorOAuthClientEditController',
'view/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientViewController', 'view/(?P<id>\d+)/' => 'PhabricatorOAuthClientViewController',
'secret/(?P<phid>[^/]+)/' => 'PhabricatorOAuthClientSecretController', 'secret/(?P<id>\d+)/' => 'PhabricatorOAuthClientSecretController',
'test/(?P<id>\d+)/' => 'PhabricatorOAuthClientTestController',
), ),
), ),
); );

View file

@ -3,6 +3,12 @@
final class PhabricatorOAuthServerAuthController final class PhabricatorOAuthServerAuthController
extends PhabricatorOAuthServerController { extends PhabricatorOAuthServerController {
protected function buildApplicationCrumbs() {
// We're specifically not putting an "OAuth Server" application crumb
// on the auth pages because it doesn't make sense to send users there.
return new PHUICrumbsView();
}
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();

View file

@ -5,11 +5,4 @@ abstract class PhabricatorOAuthServerController
const CONTEXT_AUTHORIZE = 'oauthserver.authorize'; const CONTEXT_AUTHORIZE = 'oauthserver.authorize';
protected function buildApplicationCrumbs() {
// We're specifically not putting an "OAuth Server" application crumb
// on these pages because it doesn't make sense to send users there on
// the auth workflows.
return new PHUICrumbsView();
}
} }

View file

@ -3,13 +3,12 @@
final class PhabricatorOAuthClientDeleteController final class PhabricatorOAuthClientDeleteController
extends PhabricatorOAuthClientController { extends PhabricatorOAuthClientController {
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
$client = id(new PhabricatorOAuthServerClientQuery()) $client = id(new PhabricatorOAuthServerClientQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($this->getClientPHID())) ->withIDs(array($request->getURIData('id')))
->requireCapabilities( ->requireCapabilities(
array( array(
PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_VIEW,
@ -20,14 +19,15 @@ final class PhabricatorOAuthClientDeleteController
return new Aphront404Response(); return new Aphront404Response();
} }
// TODO: This should be "disable", not "delete"!
if ($request->isFormPost()) { if ($request->isFormPost()) {
$client->delete(); $client->delete();
$app_uri = $this->getApplicationURI(); $app_uri = $this->getApplicationURI();
return id(new AphrontRedirectResponse())->setURI($app_uri); return id(new AphrontRedirectResponse())->setURI($app_uri);
} }
$dialog = id(new AphrontDialogView()) return $this->newDialog()
->setUser($viewer)
->setTitle(pht('Delete OAuth Application?')) ->setTitle(pht('Delete OAuth Application?'))
->appendParagraph( ->appendParagraph(
pht( pht(
@ -35,8 +35,6 @@ final class PhabricatorOAuthClientDeleteController
phutil_tag('strong', array(), $client->getName()))) phutil_tag('strong', array(), $client->getName())))
->addCancelButton($client->getViewURI()) ->addCancelButton($client->getViewURI())
->addSubmitButton(pht('Delete Application')); ->addSubmitButton(pht('Delete Application'));
return id(new AphrontDialogResponse())->setDialog($dialog);
} }
} }

View file

@ -3,15 +3,14 @@
final class PhabricatorOAuthClientEditController final class PhabricatorOAuthClientEditController
extends PhabricatorOAuthClientController { extends PhabricatorOAuthClientController {
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser(); $id = $request->getURIData('id');
$phid = $this->getClientPHID(); if ($id) {
if ($phid) {
$client = id(new PhabricatorOAuthServerClientQuery()) $client = id(new PhabricatorOAuthServerClientQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($phid)) ->withIDs(array($id))
->requireCapabilities( ->requireCapabilities(
array( array(
PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_VIEW,
@ -124,14 +123,10 @@ final class PhabricatorOAuthClientEditController
->setFormErrors($errors) ->setFormErrors($errors)
->setForm($form); ->setForm($form);
return $this->buildApplicationPage( return $this->newPage()
array( ->setCrumbs($crumbs)
$crumbs, ->setTitle($title)
$box, ->appendChild($box);
),
array(
'title' => $title,
));
} }
} }

View file

@ -8,7 +8,7 @@ final class PhabricatorOAuthClientSecretController
$client = id(new PhabricatorOAuthServerClientQuery()) $client = id(new PhabricatorOAuthServerClientQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($this->getClientPHID())) ->withIDs(array($request->getURIData('id')))
->requireCapabilities( ->requireCapabilities(
array( array(
PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_VIEW,
@ -27,6 +27,7 @@ final class PhabricatorOAuthClientSecretController
if ($request->isFormPost()) { if ($request->isFormPost()) {
$secret = $client->getSecret(); $secret = $client->getSecret();
$body = id(new PHUIFormLayoutView()) $body = id(new PHUIFormLayoutView())
->appendChild( ->appendChild(
id(new AphrontFormTextAreaControl()) id(new AphrontFormTextAreaControl())
@ -35,14 +36,11 @@ final class PhabricatorOAuthClientSecretController
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT) ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
->setValue($secret)); ->setValue($secret));
$dialog = id(new AphrontDialogView()) return $this->newDialog()
->setUser($viewer)
->setWidth(AphrontDialogView::WIDTH_FORM) ->setWidth(AphrontDialogView::WIDTH_FORM)
->setTitle(pht('Application Secret')) ->setTitle(pht('Application Secret'))
->appendChild($body) ->appendChild($body)
->addCancelButton($view_uri, pht('Done')); ->addCancelButton($view_uri, pht('Done'));
return id(new AphrontDialogResponse())->setDialog($dialog);
} }
@ -59,8 +57,8 @@ final class PhabricatorOAuthClientSecretController
'your monitor to create a human shield, keeping it safe from prying '. 'your monitor to create a human shield, keeping it safe from prying '.
'eyes. Protect company secrets!'); 'eyes. Protect company secrets!');
} }
return $this->newDialog() return $this->newDialog()
->setUser($viewer)
->setTitle(pht('Really show application secret?')) ->setTitle(pht('Really show application secret?'))
->appendChild($body) ->appendChild($body)
->addSubmitButton(pht('Show Application Secret')) ->addSubmitButton(pht('Show Application Secret'))

View file

@ -1,7 +1,7 @@
<?php <?php
final class PhabricatorOAuthServerTestController final class PhabricatorOAuthClientTestController
extends PhabricatorOAuthServerController { extends PhabricatorOAuthClientController {
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();

View file

@ -3,13 +3,12 @@
final class PhabricatorOAuthClientViewController final class PhabricatorOAuthClientViewController
extends PhabricatorOAuthClientController { extends PhabricatorOAuthClientController {
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
$client = id(new PhabricatorOAuthServerClientQuery()) $client = id(new PhabricatorOAuthServerClientQuery())
->setViewer($viewer) ->setViewer($viewer)
->withPHIDs(array($this->getClientPHID())) ->withIDs(array($request->getURIData('id')))
->executeOne(); ->executeOne();
if (!$client) { if (!$client) {
return new Aphront404Response(); return new Aphront404Response();
@ -27,18 +26,16 @@ final class PhabricatorOAuthClientViewController
->setHeader($header) ->setHeader($header)
->addPropertyList($properties); ->addPropertyList($properties);
return $this->buildApplicationPage( $title = pht('OAuth Application: %s', $client->getName());
array(
$crumbs, return $this->newPage()
$box, ->setCrumbs($crumbs)
), ->setTitle($title)
array( ->appendChild($box);
'title' => pht('OAuth Application: %s', $client->getName()),
));
} }
private function buildHeaderView(PhabricatorOAuthServerClient $client) { private function buildHeaderView(PhabricatorOAuthServerClient $client) {
$viewer = $this->getRequest()->getUser(); $viewer = $this->getViewer();
$header = id(new PHUIHeaderView()) $header = id(new PHUIHeaderView())
->setUser($viewer) ->setUser($viewer)
@ -49,7 +46,7 @@ final class PhabricatorOAuthClientViewController
} }
private function buildActionView(PhabricatorOAuthServerClient $client) { private function buildActionView(PhabricatorOAuthServerClient $client) {
$viewer = $this->getRequest()->getUser(); $viewer = $this->getViewer();
$can_edit = PhabricatorPolicyFilter::hasCapability( $can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer, $viewer,
@ -63,7 +60,6 @@ final class PhabricatorOAuthClientViewController
->executeOne(); ->executeOne();
$is_authorized = (bool)$authorization; $is_authorized = (bool)$authorization;
$id = $client->getID(); $id = $client->getID();
$phid = $client->getPHID();
$view = id(new PhabricatorActionListView()) $view = id(new PhabricatorActionListView())
->setUser($viewer); ->setUser($viewer);
@ -80,7 +76,7 @@ final class PhabricatorOAuthClientViewController
id(new PhabricatorActionView()) id(new PhabricatorActionView())
->setName(pht('Show Application Secret')) ->setName(pht('Show Application Secret'))
->setIcon('fa-eye') ->setIcon('fa-eye')
->setHref($this->getApplicationURI("client/secret/{$phid}/")) ->setHref($this->getApplicationURI("client/secret/{$id}/"))
->setDisabled(!$can_edit) ->setDisabled(!$can_edit)
->setWorkflow(true)); ->setWorkflow(true));
@ -98,7 +94,7 @@ final class PhabricatorOAuthClientViewController
->setIcon('fa-wrench') ->setIcon('fa-wrench')
->setWorkflow(true) ->setWorkflow(true)
->setDisabled($is_authorized) ->setDisabled($is_authorized)
->setHref($this->getApplicationURI('test/'.$id.'/'))); ->setHref($this->getApplicationURI("client/test/{$id}/")));
return $view; return $view;
} }
@ -110,7 +106,7 @@ final class PhabricatorOAuthClientViewController
->setUser($viewer); ->setUser($viewer);
$view->addProperty( $view->addProperty(
pht('Client ID'), pht('Client PHID'),
$client->getPHID()); $client->getPHID());
$view->addProperty( $view->addProperty(

View file

@ -79,12 +79,6 @@ final class PhabricatorOAuthServerClientSearchEngine
return parent::buildSavedQueryFromBuiltin($query_key); return parent::buildSavedQueryFromBuiltin($query_key);
} }
protected function getRequiredHandlePHIDsForResultList(
array $clients,
PhabricatorSavedQuery $query) {
return mpull($clients, 'getCreatorPHID');
}
protected function renderResultList( protected function renderResultList(
array $clients, array $clients,
PhabricatorSavedQuery $query, PhabricatorSavedQuery $query,
@ -96,14 +90,11 @@ final class PhabricatorOAuthServerClientSearchEngine
$list = id(new PHUIObjectItemListView()) $list = id(new PHUIObjectItemListView())
->setUser($viewer); ->setUser($viewer);
foreach ($clients as $client) { foreach ($clients as $client) {
$creator = $handles[$client->getCreatorPHID()];
$item = id(new PHUIObjectItemView()) $item = id(new PHUIObjectItemView())
->setObjectName(pht('Application %d', $client->getID())) ->setObjectName(pht('Application %d', $client->getID()))
->setHeader($client->getName()) ->setHeader($client->getName())
->setHref($client->getViewURI()) ->setHref($client->getViewURI())
->setObject($client) ->setObject($client);
->addByline(pht('Creator: %s', $creator->renderLink()));
$list->addItem($item); $list->addItem($item);
} }

View file

@ -15,15 +15,18 @@ final class PhabricatorOAuthServerClient
protected $editPolicy; protected $editPolicy;
public function getEditURI() { public function getEditURI() {
return '/oauthserver/client/edit/'.$this->getPHID().'/'; $id = $this->getID();
return "/oauthserver/client/edit/{$id}/";
} }
public function getViewURI() { public function getViewURI() {
return '/oauthserver/client/view/'.$this->getPHID().'/'; $id = $this->getID();
return "/oauthserver/client/view/{$id}/";
} }
public function getDeleteURI() { public function getDeleteURI() {
return '/oauthserver/client/delete/'.$this->getPHID().'/'; $id = $this->getID();
return "/oauthserver/client/delete/{$id}/";
} }
public static function initializeNewClient(PhabricatorUser $actor) { public static function initializeNewClient(PhabricatorUser $actor) {