mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-05 20:31:03 +01:00
60133b6fa5
Summary: Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess. Also introduce implicit "ALWAYS" and "NEVER" scopes. Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information. Test Plan: - Used a token to call `user.whoami`. - Used a token to call `conduit.query`. - Used a token to try to call `user.query`, got rebuffed. Reviewers: chad Reviewed By: chad Maniphest Tasks: T7303 Differential Revision: https://secure.phabricator.com/D15593
184 lines
5.2 KiB
PHP
184 lines
5.2 KiB
PHP
<?php
|
|
|
|
final class PhabricatorConduitConsoleController
|
|
extends PhabricatorConduitController {
|
|
|
|
public function shouldAllowPublic() {
|
|
return true;
|
|
}
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $this->getViewer();
|
|
$method_name = $request->getURIData('method');
|
|
|
|
$method = id(new PhabricatorConduitMethodQuery())
|
|
->setViewer($viewer)
|
|
->withMethods(array($method_name))
|
|
->executeOne();
|
|
if (!$method) {
|
|
return new Aphront404Response();
|
|
}
|
|
|
|
$method->setViewer($viewer);
|
|
|
|
$call_uri = '/api/'.$method->getAPIMethodName();
|
|
|
|
$status = $method->getMethodStatus();
|
|
$reason = $method->getMethodStatusDescription();
|
|
$errors = array();
|
|
|
|
switch ($status) {
|
|
case ConduitAPIMethod::METHOD_STATUS_DEPRECATED:
|
|
$reason = nonempty($reason, pht('This method is deprecated.'));
|
|
$errors[] = pht('Deprecated Method: %s', $reason);
|
|
break;
|
|
case ConduitAPIMethod::METHOD_STATUS_UNSTABLE:
|
|
$reason = nonempty(
|
|
$reason,
|
|
pht(
|
|
'This method is new and unstable. Its interface is subject '.
|
|
'to change.'));
|
|
$errors[] = pht('Unstable Method: %s', $reason);
|
|
break;
|
|
}
|
|
|
|
$form = id(new AphrontFormView())
|
|
->setAction($call_uri)
|
|
->setUser($request->getUser())
|
|
->appendRemarkupInstructions(
|
|
pht(
|
|
'Enter parameters using **JSON**. For instance, to enter a '.
|
|
'list, type: `%s`',
|
|
'["apple", "banana", "cherry"]'));
|
|
|
|
$params = $method->getParamTypes();
|
|
foreach ($params as $param => $desc) {
|
|
$form->appendChild(
|
|
id(new AphrontFormTextControl())
|
|
->setLabel($param)
|
|
->setName("params[{$param}]")
|
|
->setCaption($desc));
|
|
}
|
|
|
|
$must_login = !$viewer->isLoggedIn() &&
|
|
$method->shouldRequireAuthentication();
|
|
if ($must_login) {
|
|
$errors[] = pht(
|
|
'Login Required: This method requires authentication. You must '.
|
|
'log in before you can make calls to it.');
|
|
} else {
|
|
$form
|
|
->appendChild(
|
|
id(new AphrontFormSelectControl())
|
|
->setLabel(pht('Output Format'))
|
|
->setName('output')
|
|
->setOptions(
|
|
array(
|
|
'human' => pht('Human Readable'),
|
|
'json' => pht('JSON'),
|
|
)))
|
|
->appendChild(
|
|
id(new AphrontFormSubmitControl())
|
|
->addCancelButton($this->getApplicationURI())
|
|
->setValue(pht('Call Method')));
|
|
}
|
|
|
|
$header = id(new PHUIHeaderView())
|
|
->setUser($viewer)
|
|
->setHeader($method->getAPIMethodName());
|
|
|
|
$form_box = id(new PHUIObjectBoxView())
|
|
->setHeaderText(pht('Call Method'))
|
|
->setForm($form);
|
|
|
|
$content = array();
|
|
|
|
$properties = $this->buildMethodProperties($method);
|
|
|
|
$info_box = id(new PHUIObjectBoxView())
|
|
->setHeaderText(pht('API Method: %s', $method->getAPIMethodName()))
|
|
->setFormErrors($errors)
|
|
->appendChild($properties);
|
|
|
|
$content[] = $info_box;
|
|
$content[] = $method->getMethodDocumentation();
|
|
$content[] = $form_box;
|
|
$content[] = $this->renderExampleBox($method, null);
|
|
|
|
$crumbs = $this->buildApplicationCrumbs();
|
|
$crumbs->addTextCrumb($method->getAPIMethodName());
|
|
|
|
return $this->buildApplicationPage(
|
|
array(
|
|
$crumbs,
|
|
$content,
|
|
),
|
|
array(
|
|
'title' => $method->getAPIMethodName(),
|
|
));
|
|
}
|
|
|
|
private function buildMethodProperties(ConduitAPIMethod $method) {
|
|
$viewer = $this->getViewer();
|
|
|
|
$view = id(new PHUIPropertyListView());
|
|
|
|
$view->addProperty(
|
|
pht('Returns'),
|
|
$method->getReturnType());
|
|
|
|
$error_types = $method->getErrorTypes();
|
|
$error_types['ERR-CONDUIT-CORE'] = pht('See error message for details.');
|
|
$error_description = array();
|
|
foreach ($error_types as $error => $meaning) {
|
|
$error_description[] = hsprintf(
|
|
'<li><strong>%s:</strong> %s</li>',
|
|
$error,
|
|
$meaning);
|
|
}
|
|
$error_description = phutil_tag('ul', array(), $error_description);
|
|
|
|
$view->addProperty(
|
|
pht('Errors'),
|
|
$error_description);
|
|
|
|
|
|
$scope = $method->getRequiredScope();
|
|
switch ($scope) {
|
|
case ConduitAPIMethod::SCOPE_ALWAYS:
|
|
$oauth_icon = 'fa-globe green';
|
|
$oauth_description = pht(
|
|
'OAuth clients may always call this method.');
|
|
break;
|
|
case ConduitAPIMethod::SCOPE_NEVER:
|
|
$oauth_icon = 'fa-ban red';
|
|
$oauth_description = pht(
|
|
'OAuth clients may never call this method.');
|
|
break;
|
|
default:
|
|
$oauth_icon = 'fa-unlock-alt blue';
|
|
$oauth_description = pht(
|
|
'OAuth clients may call this method after requesting access to '.
|
|
'the "%s" scope.',
|
|
$scope);
|
|
break;
|
|
}
|
|
|
|
$view->addProperty(
|
|
pht('OAuth Scope'),
|
|
array(
|
|
id(new PHUIIconView())->setIcon($oauth_icon),
|
|
' ',
|
|
$oauth_description,
|
|
));
|
|
|
|
$view->addSectionHeader(
|
|
pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
|
|
$view->addTextContent(
|
|
new PHUIRemarkupView($viewer, $method->getMethodDescription()));
|
|
|
|
return $view;
|
|
}
|
|
|
|
|
|
}
|