Tighten scope requests with Google OAuth

Summary: We currently make a ludicrously gigantic permission request to do Google auth (read/write access to the entire address book), since I couldn't figure out how to do a more narrowly tailored request when I implemented it. @csilvers pointed me at some much more sensible APIs; we can now just ask for user ID, name, and email address. Test Plan: Created a new account via Google Oauth. Linked/unlinked an existing account. Verified diagnostics page still works correctly. Logged in with a pre-existing Google account created with the old API (to verify user IDs are the same through both methods). Reviewers: btrahan, vrana, csilvers, Makinde Reviewed By: csilvers CC: aran Differential Revision: https://secure.phabricator.com/D2378
2024-09-20 09:18:48 +02:00 · 2012-05-03 13:25:06 -07:00 · 2012-05-03 13:25:06 -07:00 · 6a04328430
commit 6a04328430
parent 5604a662df
2 changed files with 14 additions and 28 deletions
--- a/src/applications/auth/oauth/provider/google/PhabricatorOAuthProviderGoogle.php
+++ b/src/applications/auth/oauth/provider/google/PhabricatorOAuthProviderGoogle.php
@ -71,44 +71,31 @@ final class PhabricatorOAuthProviderGoogle extends PhabricatorOAuthProvider {
  }

  public function getUserInfoURI() {
-    return 'https://www.google.com/m8/feeds/contacts/default/full';
+    return 'https://www.googleapis.com/oauth2/v1/userinfo';
  }

  public function getMinimumScope() {
-    // This is the Google contacts API, which is apparently the best way to get
-    // the user ID / login / email since Google doesn't apparently have a
-    // more generic "user.info" sort of call (or, if it does, I couldn't find
-    // it). This is sort of terrifying since it lets Phabricator read your whole
-    // address book and possibly your physical address and such, so it would
-    // be really nice to find a way to restrict this scope to something less
-    // crazily permissive. But users will click anything and the dialog isn't
-    // very scary, so whatever.
-    return 'https://www.google.com/m8/feeds';
+    $scopes = array(
+      'https://www.googleapis.com/auth/userinfo.email',
+      'https://www.googleapis.com/auth/userinfo.profile',
+    );
+
+    return implode(' ', $scopes);
  }

  public function setUserData($data) {
-    // SimpleXMLElement will throw if $data is unusably malformed, which to
-    // us is just a provider issue
-    try {
-      $xml = new SimpleXMLElement($data);
-    } catch (Exception $e) {
-      throw new PhabricatorOAuthProviderException();
-    }
+    $data = json_decode($data, true);
+    $this->validateUserData($data);

-    $id = (string)$xml->id;
-    $this->userData = array(
-      'id'      => $id,
-      'email'   => (string)$xml->author[0]->email,
-      'real'    => (string)$xml->author[0]->name,
+    // Guess account name from email address, this is just a hint anyway.
+    $data['account'] = head(explode('@', $data['email']));

-      // Guess account name from email address, this is just a hint anyway.
-      'account' => head(explode('@', $id)),
-    );
+    $this->userData = $data;
    return $this;
  }

  public function retrieveUserID() {
-    return $this->userData['id'];
+    return $this->userData['email'];
  }

  public function retrieveUserEmail() {
@ -130,7 +117,7 @@ final class PhabricatorOAuthProviderGoogle extends PhabricatorOAuthProvider {
  }

  public function retrieveUserRealName() {
-    return $this->userData['real'];
+    return $this->userData['name'];
  }

  public function getExtraAuthParameters() {
--- a/src/applications/auth/oauth/provider/google/init.php
+++ b/src/applications/auth/oauth/provider/google/init.php
@ -7,7 +7,6 @@


 phutil_require_module('phabricator', 'applications/auth/oauth/provider/base');
-phutil_require_module('phabricator', 'applications/auth/oauth/provider/exception');
 phutil_require_module('phabricator', 'infrastructure/env');

 phutil_require_module('phutil', 'utils');