/** * @task token */ public function validateAccessToken(PhabricatorOAuthServerAccessToken $token, $required_scope) { $created_time = $token->getDateCreated(); $must_be_used_by = $created_time + self::ACCESS_TOKEN_TIMEOUT; $expired = time() > $must_be_used_by; $authorization = id(new PhabricatorOAuthClientAuthorization())->loadOneWhere('userPHID = %s AND clientPHID = %s', $token->getUserPHID(), $token->getClientPHID()); if (!$authorization) { return false; } $token_scope = $authorization->getScope(); if (!isset($token_scope[$required_scope])) { return false; } $valid = true; if ($expired) { $valid = false; // check if the scope includes "offline_access", which makes the // token valid despite being expired if (isset($token_scope[PhabricatorOAuthServerScope::SCOPE_OFFLINE_ACCESS])) { $valid = true; } } return $valid; }
/** * @task token */ public function authorizeToken(PhabricatorOAuthServerAccessToken $token) { $user_phid = $token->getUserPHID(); $client_phid = $token->getClientPHID(); $authorization = id(new PhabricatorOAuthClientAuthorizationQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withUserPHIDs(array($user_phid))->withClientPHIDs(array($client_phid))->executeOne(); if (!$authorization) { return null; } $application = $authorization->getClient(); if ($application->getIsDisabled()) { return null; } return $authorization; }