Make conduit read access_token and login the pertinent $user

Summary: This makes the oauth server a bunch more useful. Test Plan: - used /oauth/phabricator/diagnose/ and it actually passed! - played around with conduit via hacking URL to include access_token on a logged out browser - linked my account to itself by going to /settings/page/phabricator/, clicking "link" account, then cutting and pasting the pertinent ?code=X into /oauth/phabricator/login/. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T852 Differential Revision: https://secure.phabricator.com/D1644
2024-09-20 01:08:50 +02:00 · 2012-02-19 14:23:30 -08:00 · 2012-02-19 14:23:30 -08:00 · be66a52050
commit be66a52050
parent 92f3ffd811
3 changed files with 28 additions and 1 deletions
--- a/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php
+++ b/src/applications/auth/oauth/provider/phabricator/PhabricatorOAuthProviderPhabricator.php
@ -81,7 +81,7 @@ extends PhabricatorOAuthProvider {
  }

  public function getUserInfoURI() {
-    return $this->getURI('/api/user.whoami/');
+    return $this->getURI('/api/user.whoami');
  }

  public function getMinimumScope() {
@ -89,7 +89,12 @@ extends PhabricatorOAuthProvider {
  }

  public function setUserData($data) {
+    // need to strip the javascript shield from conduit
+    $data = substr($data, 8);
    $data = json_decode($data, true);
+    if (!is_array($data)) {
+      throw new Exception('Invalid user data.');
+    }
    $this->userData = $data['result'];
    return $this;
  }
--- a/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
@ -247,6 +247,27 @@ class PhabricatorConduitAPIController
      return null;
    }

+    // handle oauth
+    $access_token = $request->getStr('access_token');
+    if ($access_token) {
+      $token = id(new PhabricatorOAuthServerAccessToken())
+        ->loadOneWhere('token = %s',
+                       $access_token);
+      if ($token) {
+        // TODO - T888 -- add expiration date and refresh tokens to oauth
+        $user_phid = $token->getUserPHID();
+        if ($user_phid) {
+          $user = id(new PhabricatorUser())
+            ->loadOneWhere('phid = %s',
+                           $user_phid);
+          if ($user) {
+            $api_request->setUser($user);
+            return null;
+          }
+        }
+      }
+    }
+
    // Handle sessionless auth. TOOD: This is super messy.
    if (isset($metadata['authUser'])) {
      $user = id(new PhabricatorUser())->loadOneWhere(
--- a/src/applications/conduit/controller/api/init.php
+++ b/src/applications/conduit/controller/api/init.php
@ -13,6 +13,7 @@ phutil_require_module('phabricator', 'applications/conduit/method/base');
 phutil_require_module('phabricator', 'applications/conduit/protocol/request');
 phutil_require_module('phabricator', 'applications/conduit/protocol/response');
 phutil_require_module('phabricator', 'applications/conduit/storage/methodcalllog');
+phutil_require_module('phabricator', 'applications/oauthserver/storage/accesstoken');
 phutil_require_module('phabricator', 'applications/people/storage/user');
 phutil_require_module('phabricator', 'storage/queryfx');
 phutil_require_module('phabricator', 'view/control/table');