Try to diagnose App Login only for OAuth providers which support it

Summary: We currently try to do "app login" for all OAuth providers, but not all of them support it in a meaningful way. Particularly, it always fails for Google. Test Plan: Ran google diagnostics on a working config, no longer got a diagnostic failure. Reviewers: btrahan, vrana, csilvers Reviewed By: csilvers CC: aran Differential Revision: https://secure.phabricator.com/D2377
2024-12-20 04:20:55 +01:00 · 2012-05-04 16:16:29 -07:00 · 2012-05-04 16:16:29 -07:00 · a122336b3e
commit a122336b3e
parent 049048765d
4 changed files with 51 additions and 33 deletions
--- a/src/applications/auth/controller/oauthdiagnostics/PhabricatorOAuthDiagnosticsController.php
+++ b/src/applications/auth/controller/oauthdiagnostics/PhabricatorOAuthDiagnosticsController.php
@ -131,44 +131,46 @@ final class PhabricatorOAuthDiagnosticsController
      }
    }
-    $test_uri = new PhutilURI($provider->getTokenURI());
+    if ($provider->shouldDiagnoseAppLogin()) {
-    $test_uri->setQueryParams(
+      $test_uri = new PhutilURI($provider->getTokenURI());
-      array(
+      $test_uri->setQueryParams(
-        'client_id'       => $client_id,
+        array(
-        'client_secret'   => $client_secret,
+          'client_id'       => $client_id,
-        'grant_type'      => 'client_credentials',
+          'client_secret'   => $client_secret,
-      ));
+          'grant_type'      => 'client_credentials',
        ));
-    $token_value  = @file_get_contents($test_uri, false, $timeout);
+      $token_value  = @file_get_contents($test_uri, false, $timeout);
-    $token_strict = @file_get_contents($test_uri, false, $timeout_strict);
+      $token_strict = @file_get_contents($test_uri, false, $timeout_strict);
-    if ($token_value === false) {
+      if ($token_value === false) {
      $results['App Login'] = array(
        $res_no,
        null,
        "Unable to perform an application login with your Application ID and ".
        "Application Secret. You may have mistyped or misconfigured them; ".
        "{$name} may have revoked your authorization; or {$name} may be ".
        "having technical problems.");
    } else {
      if ($token_strict) {
        $results['App Login'] = array(
-          $res_ok,
+          $res_no,
-          '(A Valid Token)',
+          null,
-          "Raw application login to {$name} works.");
+          "Unable to perform an application login with your Application ID ".
          "and Application Secret. You may have mistyped or misconfigured ".
          "them; {$name} may have revoked your authorization; or {$name} may ".
          "be having technical problems.");
      } else {
-        $data = json_decode($token_value, true);
+        if ($token_strict) {
        if (!is_array($data)) {
          $results['App Login'] = array(
-            $res_no,
+            $res_ok,
-            $token_value,
+            '(A Valid Token)',
-            "Application Login failed but the provider did not respond ".
+            "Raw application login to {$name} works.");
            "with valid JSON error information. {$name} may be experiencing ".
            "technical problems.");
        } else {
-          $results['App Login'] = array(
+          $data = json_decode($token_value, true);
-            $res_no,
+          if (!is_array($data)) {
-            null,
+            $results['App Login'] = array(
-            "Application Login failed with error: ".$token_value);
+              $res_no,
              $token_value,
              "Application Login failed but the provider did not respond ".
              "with valid JSON error information. {$name} may be experiencing ".
              "technical problems.");
          } else {
            $results['App Login'] = array(
              $res_no,
              null,
              "Application Login failed with error: ".$token_value);
          }
        }
      }
    }
--- a/src/applications/auth/oauth/provider/base/PhabricatorOAuthProvider.php
+++ b/src/applications/auth/oauth/provider/base/PhabricatorOAuthProvider.php
@ -45,6 +45,14 @@ abstract class PhabricatorOAuthProvider {
    return array();
  }
  /**
   * If the provider supports application login, the diagnostics page can try
   * to test it. Most providers do not support this (Facebook does).
   */
  public function shouldDiagnoseAppLogin() {
    return false;
  }
  abstract public function getTokenURI();
  /**
--- a/src/applications/auth/oauth/provider/facebook/PhabricatorOAuthProviderFacebook.php
+++ b/src/applications/auth/oauth/provider/facebook/PhabricatorOAuthProviderFacebook.php
@ -118,4 +118,8 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
    return $this->userData['name'];
  }
  public function shouldDiagnoseAppLogin() {
    return true;
  }
 }
--- a/src/applications/auth/oauth/provider/github/PhabricatorOAuthProviderGitHub.php
+++ b/src/applications/auth/oauth/provider/github/PhabricatorOAuthProviderGitHub.php
@ -118,4 +118,8 @@ final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {
    return idx($this->userData, 'name');
  }
  public function shouldDiagnoseAppLogin() {
    return true;
  }
 }