1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-12 07:41:04 +01:00

Adding 'Secure Browsing' config setting to Facebook OAuth.

Summary: The Graph API exposes a new field, security_settings, which allows applications to see whether a user has enabled Secure Browsing. This diff adds a configuration setting to Phabricator which forces users to have Secure Browsing enabled when logging in via Facebook.

Test Plan: With the configuration setting off, verify that secure browsing does not affect the ability to log in. With the configuration setting on and secure browsing off, verify that the login attempts is rejected. Then verify that the login attempt succeeds when secure browsing is enabled.

Reviewers: epriestley

Reviewed By: epriestley

CC: arice, aran, Korvin

Maniphest Tasks: T1487

Differential Revision: https://secure.phabricator.com/D2964
This commit is contained in:
Neal Poole 2012-07-17 18:18:16 -07:00
parent 0d162e15f6
commit 7081923bd7
4 changed files with 36 additions and 3 deletions

View file

@ -582,6 +582,9 @@ return array(
// The Facebook "Application Secret" to use for Facebook API access. // The Facebook "Application Secret" to use for Facebook API access.
'facebook.application-secret' => null, 'facebook.application-secret' => null,
// Should Phabricator reject requests made by users with
// Secure Browsing disabled?
'facebook.require-https-auth' => false,
// -- GitHub OAuth ---------------------------------------------------------- // // -- GitHub OAuth ---------------------------------------------------------- //

View file

@ -70,7 +70,7 @@ final class PhabricatorOAuthLoginController
} }
$provider->setUserData($user_data); $provider->setUserData($user_data);
} catch (PhabricatorOAuthProviderException $e) { } catch (PhabricatorOAuthProviderException $e) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView()); return $this->buildErrorResponse(new PhabricatorOAuthFailureView(), $e);
} }
$provider->setAccessToken($this->accessToken); $provider->setAccessToken($this->accessToken);
@ -243,12 +243,18 @@ final class PhabricatorOAuthLoginController
return $this->delegateToController($controller); return $this->delegateToController($controller);
} }
private function buildErrorResponse(PhabricatorOAuthFailureView $view) { private function buildErrorResponse(PhabricatorOAuthFailureView $view,
Exception $e = null) {
$provider = $this->provider; $provider = $this->provider;
$provider_name = $provider->getProviderName(); $provider_name = $provider->getProviderName();
$view->setOAuthProvider($provider); $view->setOAuthProvider($provider);
if ($e) {
$view->setException($e);
}
return $this->buildStandardPageResponse( return $this->buildStandardPageResponse(
$view, $view,
array( array(

View file

@ -78,7 +78,9 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
} }
public function getUserInfoURI() { public function getUserInfoURI() {
return 'https://graph.facebook.com/me'; $fields = array('id', 'name', 'email', 'link', 'security_settings');
return 'https://graph.facebook.com/me?fields='.
implode(',', $fields);
} }
public function getMinimumScope() { public function getMinimumScope() {
@ -88,6 +90,17 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
public function setUserData($data) { public function setUserData($data) {
$data = json_decode($data, true); $data = json_decode($data, true);
$this->validateUserData($data); $this->validateUserData($data);
if (PhabricatorEnv::getEnvConfig('facebook.require-https-auth')) {
if (!$data['security_settings']['secure_browsing']['enabled']) {
throw new PhabricatorOAuthProviderException(
'You must enable Secure Browsing on your Facebook account in'.
' order to log in to Phabricator. For more information, check'.
' out http://www.facebook.com/help/?faq=215897678434749'
);
}
}
$this->userData = $data; $this->userData = $data;
return $this; return $this;
} }

View file

@ -20,6 +20,7 @@ final class PhabricatorOAuthFailureView extends AphrontView {
private $request; private $request;
private $provider; private $provider;
private $exception;
public function setRequest(AphrontRequest $request) { public function setRequest(AphrontRequest $request) {
$this->request = $request; $this->request = $request;
@ -31,6 +32,11 @@ final class PhabricatorOAuthFailureView extends AphrontView {
return $this; return $this;
} }
public function setException(Exception $e) {
$this->exception = $e;
return $this;
}
public function render() { public function render() {
$request = $this->request; $request = $this->request;
$provider = $this->provider; $provider = $this->provider;
@ -53,6 +59,11 @@ final class PhabricatorOAuthFailureView extends AphrontView {
hsprintf( hsprintf(
'<p><strong>Error Reason:</strong> %s</p>', '<p><strong>Error Reason:</strong> %s</p>',
$request->getStr('error_reason'))); $request->getStr('error_reason')));
} else if ($this->exception) {
$view->appendChild(
hsprintf(
'<p><strong>Error Details:</strong> %s</p>',
$this->exception->getMessage()));
} else { } else {
// TODO: We can probably refine this. // TODO: We can probably refine this.
$view->appendChild( $view->appendChild(