Try to diagnose App Login only for OAuth providers which support it

Summary: We currently try to do "app login" for all OAuth providers, but not all of them support it in a meaningful way. Particularly, it always fails for Google. Test Plan: Ran google diagnostics on a working config, no longer got a diagnostic failure. Reviewers: btrahan, vrana, csilvers Reviewed By: csilvers CC: aran Differential Revision: https://secure.phabricator.com/D2377
2024-12-20 04:20:55 +01:00 · 2012-05-04 16:16:29 -07:00 · 2012-05-04 16:16:29 -07:00 · a122336b3e
commit a122336b3e
parent 049048765d
4 changed files with 51 additions and 33 deletions
--- a/src/applications/auth/controller/oauthdiagnostics/PhabricatorOAuthDiagnosticsController.php
+++ b/src/applications/auth/controller/oauthdiagnostics/PhabricatorOAuthDiagnosticsController.php
@ -131,44 +131,46 @@ final class PhabricatorOAuthDiagnosticsController
      }
    }

-    $test_uri = new PhutilURI($provider->getTokenURI());
-    $test_uri->setQueryParams(
-      array(
-        'client_id'       => $client_id,
-        'client_secret'   => $client_secret,
-        'grant_type'      => 'client_credentials',
-      ));
+    if ($provider->shouldDiagnoseAppLogin()) {
+      $test_uri = new PhutilURI($provider->getTokenURI());
+      $test_uri->setQueryParams(
+        array(
+          'client_id'       => $client_id,
+          'client_secret'   => $client_secret,
+          'grant_type'      => 'client_credentials',
+        ));

-    $token_value  = @file_get_contents($test_uri, false, $timeout);
-    $token_strict = @file_get_contents($test_uri, false, $timeout_strict);
-    if ($token_value === false) {
-      $results['App Login'] = array(
-        $res_no,
-        null,
-        "Unable to perform an application login with your Application ID and ".
-        "Application Secret. You may have mistyped or misconfigured them; ".
-        "{$name} may have revoked your authorization; or {$name} may be ".
-        "having technical problems.");
-    } else {
-      if ($token_strict) {
+      $token_value  = @file_get_contents($test_uri, false, $timeout);
+      $token_strict = @file_get_contents($test_uri, false, $timeout_strict);
+      if ($token_value === false) {
        $results['App Login'] = array(
-          $res_ok,
-          '(A Valid Token)',
-          "Raw application login to {$name} works.");
+          $res_no,
+          null,
+          "Unable to perform an application login with your Application ID ".
+          "and Application Secret. You may have mistyped or misconfigured ".
+          "them; {$name} may have revoked your authorization; or {$name} may ".
+          "be having technical problems.");
      } else {
-        $data = json_decode($token_value, true);
-        if (!is_array($data)) {
+        if ($token_strict) {
          $results['App Login'] = array(
-            $res_no,
-            $token_value,
-            "Application Login failed but the provider did not respond ".
-            "with valid JSON error information. {$name} may be experiencing ".
-            "technical problems.");
+            $res_ok,
+            '(A Valid Token)',
+            "Raw application login to {$name} works.");
        } else {
-          $results['App Login'] = array(
-            $res_no,
-            null,
-            "Application Login failed with error: ".$token_value);
+          $data = json_decode($token_value, true);
+          if (!is_array($data)) {
+            $results['App Login'] = array(
+              $res_no,
+              $token_value,
+              "Application Login failed but the provider did not respond ".
+              "with valid JSON error information. {$name} may be experiencing ".
+              "technical problems.");
+          } else {
+            $results['App Login'] = array(
+              $res_no,
+              null,
+              "Application Login failed with error: ".$token_value);
+          }
        }
      }
    }
--- a/src/applications/auth/oauth/provider/base/PhabricatorOAuthProvider.php
+++ b/src/applications/auth/oauth/provider/base/PhabricatorOAuthProvider.php
@ -45,6 +45,14 @@ abstract class PhabricatorOAuthProvider {
    return array();
  }

+  /**
+   * If the provider supports application login, the diagnostics page can try
+   * to test it. Most providers do not support this (Facebook does).
+   */
+  public function shouldDiagnoseAppLogin() {
+    return false;
+  }
+
  abstract public function getTokenURI();

  /**
--- a/src/applications/auth/oauth/provider/facebook/PhabricatorOAuthProviderFacebook.php
+++ b/src/applications/auth/oauth/provider/facebook/PhabricatorOAuthProviderFacebook.php
@ -118,4 +118,8 @@ final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
    return $this->userData['name'];
  }

+  public function shouldDiagnoseAppLogin() {
+    return true;
+  }
+
 }
--- a/src/applications/auth/oauth/provider/github/PhabricatorOAuthProviderGitHub.php
+++ b/src/applications/auth/oauth/provider/github/PhabricatorOAuthProviderGitHub.php
@ -118,4 +118,8 @@ final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {
    return idx($this->userData, 'name');
  }

+  public function shouldDiagnoseAppLogin() {
+    return true;
+  }
+
 }