getRequest(); $current_user = $request->getUser(); $server = new PhabricatorOAuthServer($current_user); $client_phid = $request->getStr('client_id'); $scope = $request->getStr('scope'); $redirect_uri = $request->getStr('redirect_uri'); $response = new PhabricatorOAuthResponse(); $errors = array(); if (!$client_phid) { return $response->setMalformed( 'Required parameter client_id not specified.' ); } $client = id(new PhabricatorOAuthServerClient()) ->loadOneWhere('phid = %s', $client_phid); if (!$client) { return $response->setNotFound( 'Client with id '.$client_phid.' not found. ' ); } if ($server->userHasAuthorizedClient($client)) { $return_auth_code = true; $unguarded_write = AphrontWriteGuard::beginScopedUnguardedWrites(); } else if ($request->isFormPost()) { $server->authorizeClient($client); $return_auth_code = true; $unguarded_write = null; } else { $return_auth_code = false; $unguarded_write = null; } if ($return_auth_code) { // step 1 -- generate authorization code $auth_code = $server->generateAuthorizationCode($client); // step 2 -- error or return it if (!$auth_code) { $errors[] = 'Failed to generate an authorization code. '. 'Try again.'; } else { $client_uri = new PhutilURI($client->getRedirectURI()); if (!$redirect_uri) { $uri = $client_uri; } else { $redirect_uri = new PhutilURI($redirect_uri); if ($redirect_uri->getDomain() != $client_uri->getDomain()) { $uri = $client_uri; } else { $uri = $redirect_uri; } } $uri->setQueryParam('code', $auth_code->getCode()); return $response->setRedirect($uri); } } unset($unguarded_write); $error_view = null; if ($errors) { $error_view = new AphrontErrorView(); $error_view->setTitle('Authorization Code Errors'); $error_view->setErrors($errors); } $name = phutil_escape_html($client->getName()); $title = 'Authorize ' . $name . '?'; $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->setHeader($title); // TODO -- T848 (add scope to Phabricator OAuth) // generally inform user what this means as this fleshes out $description = "Do want to authorize {$name} to access your ". "Phabricator account data?"; $form = id(new AphrontFormView()) ->setUser($current_user) ->appendChild( id(new AphrontFormStaticControl()) ->setValue($description)) ->appendChild( id(new AphrontFormSubmitControl()) ->setValue('Authorize') ->addCancelButton('/')); // TODO -- T889 (make "cancel" do something more sensible) $panel->appendChild($form); return $this->buildStandardPageResponse( array($error_view, $panel), array('title' => $title)); } }