user; } public function __construct(PhabricatorUser $user) { if (!$user) { throw new Exception('Must specify a Phabricator $user to constructor!'); } $this->user = $user; } /** * @task auth */ public function userHasAuthorizedClient( PhabricatorOAuthServerClient $client) { $authorization = id(new PhabricatorOAuthClientAuthorization())-> loadOneWhere('userPHID = %s AND clientPHID = %s', $this->getUser()->getPHID(), $client->getPHID()); if (empty($authorization)) { return false; } return true; } /** * @task auth */ public function authorizeClient(PhabricatorOAuthServerClient $client) { $authorization = new PhabricatorOAuthClientAuthorization(); $authorization->setUserPHID($this->getUser()->getPHID()); $authorization->setClientPHID($client->getPHID()); $authorization->save(); } /** * @task auth */ public function generateAuthorizationCode( PhabricatorOAuthServerClient $client) { $code = Filesystem::readRandomCharacters(32); $authorization_code = new PhabricatorOAuthServerAuthorizationCode(); $authorization_code->setCode($code); $authorization_code->setClientPHID($client->getPHID()); $authorization_code->setClientSecret($client->getSecret()); $authorization_code->setUserPHID($this->getUser()->getPHID()); $authorization_code->save(); return $authorization_code; } /** * @task token */ public function generateAccessToken(PhabricatorOAuthServerClient $client) { $token = Filesystem::readRandomCharacters(32); $access_token = new PhabricatorOAuthServerAccessToken(); $access_token->setToken($token); $access_token->setUserPHID($this->getUser()->getPHID()); $access_token->setClientPHID($client->getPHID()); $access_token->setDateExpires(0); $access_token->save(); return $access_token; } /** * @task token */ public function validateAuthorizationCode( PhabricatorOAuthServerAuthorizationCode $test_code, PhabricatorOAuthServerAuthorizationCode $valid_code) { // check that all the meta data matches if ($test_code->getClientPHID() != $valid_code->getClientPHID()) { return false; } if ($test_code->getClientSecret() != $valid_code->getClientSecret()) { return false; } // check that the authorization code hasn't timed out $created_time = $test_code->getDateCreated(); $must_be_used_by = $created_time + self::AUTHORIZATION_CODE_TIMEOUT; return (time() < $must_be_used_by); } }