1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-11 09:22:40 +01:00
phorge-phorge/src/applications
Bob Trahan af295e0b26 OAuth Server enhancements -- more complete access token response and groundwork
for scope

Summary:
this patch makes the access token response "complete" relative to spec by
returning when it expires AND that the token_type is in fact 'Bearer'.

This patch also lays the groundwork for scope by fixing the underlying data
model and adding the first scope checks for "offline_access" relative to expires
and the "whoami" method.   Further, conduit is augmented to open up individual
methods for access via OAuth generally to enable "whoami" access.   There's also
a tidy little scope class to keep track of all the various scopes we plan to
have as well as strings for display (T849 - work undone)

Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE.  We
then don't even bother with the OAuth stuff within conduit if we're not supposed
to be accessing the method via Conduit.   Felt relatively clean to me in terms
of additional code complexity, etc.

Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize
clients for specific scopes which kinds of needs T850).  There's also a bunch of
work that needs to be done to return the appropriate, well-formatted error
codes.  All in due time...!

Test Plan:
verified that an access_token with no scope doesn't let me see
anything anymore.  :(  verified that access_tokens made awhile ago expire.  :(

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T888, T848

Differential Revision: https://secure.phabricator.com/D1657
2012-02-21 16:33:06 -08:00
..
audit Add Basic Auditing Functionalities 2011-12-20 13:36:53 -08:00
auth Make conduit read access_token and login the pertinent $user 2012-02-20 10:21:23 -08:00
base Send 403 for admin pages without being admin 2012-01-15 17:30:23 -08:00
calendar Build a basic calendar view 2011-08-08 10:34:06 -07:00
chatlog Add a basic chatlog 2012-02-17 10:21:38 -08:00
conduit OAuth Server enhancements -- more complete access token response and groundwork 2012-02-21 16:33:06 -08:00
countdown Use generic URIs 2012-01-16 14:53:05 -08:00
daemon Add buttons to delete or free tasks from the queue 2012-01-24 09:14:06 -08:00
differential Various statistics about revisions at /differential/stats/revisions/ 2012-02-21 12:13:18 -08:00
diffusion Add a contextual "scope" dropdown for searches 2012-02-14 17:00:12 -08:00
directory Move feed off home page to just /feed/ 2012-02-21 15:10:11 -08:00
draft/storage Revision comment drafts. 2011-02-05 16:57:21 -08:00
drydock Use setConcreteOnly() in Phabricator and only list/launch concrete Daemons 2012-01-25 11:50:59 -08:00
feed Add a "feed" filter to the home page; align things; allow browsing older stories 2012-02-15 17:48:14 -08:00
files Use Filesystem::getMimeType() instead of file 2012-02-14 17:00:05 -08:00
help/controller Explicitly show that "escape" closes dialogs in Phabricator 2011-08-02 09:21:28 -07:00
herald Minor, fix a fatal on Herald Admin controller 2012-02-14 15:40:04 -08:00
maniphest Add email preferences to receive fewer less-important notifications 2012-02-17 22:57:07 -08:00
markup Fix undefined index header.generate-toc in Differential 2012-01-06 23:52:39 -08:00
metamta Add email preferences to receive fewer less-important notifications 2012-02-17 22:57:07 -08:00
oauthserver OAuth Server enhancements -- more complete access token response and groundwork 2012-02-21 16:33:06 -08:00
owners Support searching for Related Commits by package owner 2012-02-17 10:15:54 -08:00
paste Add line link to Paste 2012-02-08 10:54:57 -08:00
people Add email preferences to receive fewer less-important notifications 2012-02-17 22:57:07 -08:00
phid OAuth - Phabricator OAuth server and Phabricator client for new Phabricator OAuth Server 2012-02-19 14:00:13 -08:00
phriction Add a contextual "scope" dropdown for searches 2012-02-14 17:00:12 -08:00
project Added Additional Fuctionality to Jump Nav: Jump to users, projects, symbols, or 2012-02-20 10:23:51 -08:00
repository Add a maintenance script for reconciling repositories to disk state 2012-02-02 16:03:50 -08:00
search Add a contextual "scope" dropdown for searches 2012-02-14 17:00:12 -08:00
slowvote Kill PhabricatorFileURI 2012-01-10 15:21:39 -08:00
status/base Add /status/ 2011-04-08 11:13:51 -07:00
typeahead/controller Add a name token table so on-demand typeaheads can match last names 2011-10-23 14:25:26 -07:00
uiexample Examples using JX.View 2011-11-06 15:17:00 -08:00
xhpastview Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
xhprof Fix iframe issue for XHProf DarkConsole plugin 2012-01-28 11:17:19 -08:00