From be66a52050fdca4002191ed7def2b60f3c451fd1 Mon Sep 17 00:00:00 2001
From: Bob Trahan <bob.trahan@gmail.com>
Date: Sun, 19 Feb 2012 14:23:30 -0800
Subject: [PATCH] Make conduit read access_token and login the pertinent $user

Summary: This makes the oauth server a bunch more useful.

Test Plan:
- used /oauth/phabricator/diagnose/ and it actually passed!
- played around with conduit via hacking URL to include access_token on a logged
out browser
- linked my account to itself by going to /settings/page/phabricator/, clicking
"link" account, then cutting and pasting the pertinent ?code=X into
/oauth/phabricator/login/.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T852

Differential Revision: https://secure.phabricator.com/D1644
---
 .../PhabricatorOAuthProviderPhabricator.php   |  7 ++++++-
 .../api/PhabricatorConduitAPIController.php   | 21 +++++++++++++++++++
 .../conduit/controller/api/__init__.php       |  1 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php b/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php
index 94a162e54f..1d011a64b3 100644
--- a/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php
+++ b/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php
@@ -81,7 +81,7 @@ extends PhabricatorOAuthProvider {
   }
 
   public function getUserInfoURI() {
-    return $this->getURI('/api/user.whoami/');
+    return $this->getURI('/api/user.whoami');
   }
 
   public function getMinimumScope() {
@@ -89,7 +89,12 @@ extends PhabricatorOAuthProvider {
   }
 
   public function setUserData($data) {
+    // need to strip the javascript shield from conduit
+    $data = substr($data, 8);
     $data = json_decode($data, true);
+    if (!is_array($data)) {
+      throw new Exception('Invalid user data.');
+    }
     $this->userData = $data['result'];
     return $this;
   }
diff --git a/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php b/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
index e5be6eaf0a..0a9bec59c0 100644
--- a/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
@@ -247,6 +247,27 @@ class PhabricatorConduitAPIController
       return null;
     }
 
+    // handle oauth
+    $access_token = $request->getStr('access_token');
+    if ($access_token) {
+      $token = id(new PhabricatorOAuthServerAccessToken())
+        ->loadOneWhere('token = %s',
+                       $access_token);
+      if ($token) {
+        // TODO - T888 -- add expiration date and refresh tokens to oauth
+        $user_phid = $token->getUserPHID();
+        if ($user_phid) {
+          $user = id(new PhabricatorUser())
+            ->loadOneWhere('phid = %s',
+                           $user_phid);
+          if ($user) {
+            $api_request->setUser($user);
+            return null;
+          }
+        }
+      }
+    }
+
     // Handle sessionless auth. TOOD: This is super messy.
     if (isset($metadata['authUser'])) {
       $user = id(new PhabricatorUser())->loadOneWhere(
diff --git a/src/applications/conduit/controller/api/__init__.php b/src/applications/conduit/controller/api/__init__.php
index 912ea00381..ccb5a219ec 100644
--- a/src/applications/conduit/controller/api/__init__.php
+++ b/src/applications/conduit/controller/api/__init__.php
@@ -13,6 +13,7 @@ phutil_require_module('phabricator', 'applications/conduit/method/base');
 phutil_require_module('phabricator', 'applications/conduit/protocol/request');
 phutil_require_module('phabricator', 'applications/conduit/protocol/response');
 phutil_require_module('phabricator', 'applications/conduit/storage/methodcalllog');
+phutil_require_module('phabricator', 'applications/oauthserver/storage/accesstoken');
 phutil_require_module('phabricator', 'applications/people/storage/user');
 phutil_require_module('phabricator', 'storage/queryfx');
 phutil_require_module('phabricator', 'view/control/table');