public function testURIParsing()
{
$uri = new PhutilURI('http://*****:*****@host:99/path/?query=value#fragment');
$this->assertEqual('http', $uri->getProtocol(), 'protocol');
$this->assertEqual('user', $uri->getUser(), 'user');
$this->assertEqual('pass', $uri->getPass(), 'pass');
$this->assertEqual('host', $uri->getDomain(), 'domain');
$this->assertEqual('99', $uri->getPort(), 'port');
$this->assertEqual('/path/', $uri->getPath(), 'path');
$this->assertEqual(array('query' => 'value'), $uri->getQueryParams(), 'query params');
$this->assertEqual('fragment', $uri->getFragment(), 'fragment');
$this->assertEqual('http://*****:*****@host:99/path/?query=value#fragment', (string) $uri, 'uri');
$uri = new PhutilURI('ssh://git@example.com/example/example.git');
$this->assertEqual('ssh', $uri->getProtocol(), 'protocol');
$this->assertEqual('git', $uri->getUser(), 'user');
$this->assertEqual('', $uri->getPass(), 'pass');
$this->assertEqual('example.com', $uri->getDomain(), 'domain');
$this->assertEqual('', $uri->getPort(), 'port');
$this->assertEqual('/example/example.git', $uri->getPath(), 'path');
$this->assertEqual(array(), $uri->getQueryParams(), 'query params');
$this->assertEqual('', $uri->getFragment(), 'fragment');
$this->assertEqual('ssh://git@example.com/example/example.git', (string) $uri, 'uri');
$uri = new PhutilURI('http://0@domain.com/');
$this->assertEqual('0', $uri->getUser());
$this->assertEqual('http://0@domain.com/', (string) $uri);
$uri = new PhutilURI('http://*****:*****@domain.com/');
$this->assertEqual('0', $uri->getUser());
$this->assertEqual('0', $uri->getPass());
$this->assertEqual('http://*****:*****@domain.com/', (string) $uri);
$uri = new PhutilURI('http://%20:%20@domain.com/');
$this->assertEqual(' ', $uri->getUser());
$this->assertEqual(' ', $uri->getPass());
$this->assertEqual('http://%20:%20@domain.com/', (string) $uri);
$uri = new PhutilURI('http://%40:%40@domain.com/');
$this->assertEqual('@', $uri->getUser());
$this->assertEqual('@', $uri->getPass());
$this->assertEqual('http://%40:%40@domain.com/', (string) $uri);
}
/**
* If there's a URI specified in an OAuth request, it must be validated in
* its own right. Further, it must have the same domain, the same path, the
* same port, and (at least) the same query parameters as the primary URI.
*/
public function validateSecondaryRedirectURI(PhutilURI $secondary_uri, PhutilURI $primary_uri)
{
// The secondary URI must be valid.
if (!$this->validateRedirectURI($secondary_uri)) {
return false;
}
// Both URIs must point at the same domain.
if ($secondary_uri->getDomain() != $primary_uri->getDomain()) {
return false;
}
// Both URIs must have the same path
if ($secondary_uri->getPath() != $primary_uri->getPath()) {
return false;
}
// Both URIs must have the same port
if ($secondary_uri->getPort() != $primary_uri->getPort()) {
return false;
}
// Any query parameters present in the first URI must be exactly present
// in the second URI.
$need_params = $primary_uri->getQueryParams();
$have_params = $secondary_uri->getQueryParams();
foreach ($need_params as $key => $value) {
if (!array_key_exists($key, $have_params)) {
return false;
}
if ((string) $have_params[$key] != (string) $value) {
return false;
}
}
// If the first URI is HTTPS, the second URI must also be HTTPS. This
// defuses an attack where a third party with control over the network
// tricks you into using HTTP to authenticate over a link which is supposed
// to be HTTPS only and sniffs all your token cookies.
if (strtolower($primary_uri->getProtocol()) == 'https') {
if (strtolower($secondary_uri->getProtocol()) != 'https') {
return false;
}
}
return true;
}
private function renderViewOptionsDropdown(DifferentialChangesetDetailView $detail, $ref, DifferentialChangeset $changeset)
{
$meta = array();
$qparams = array('ref' => $ref, 'whitespace' => $this->whitespace);
if ($this->standaloneURI) {
$uri = new PhutilURI($this->standaloneURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['standaloneURI'] = (string) $uri;
}
$repository = $this->repository;
if ($repository) {
try {
$meta['diffusionURI'] = (string) $repository->getDiffusionBrowseURIForPath($this->user, $changeset->getAbsoluteRepositoryPath($repository, $this->diff), idx($changeset->getMetadata(), 'line:first'), $this->getBranch());
} catch (DiffusionSetupException $e) {
// Ignore
}
}
$change = $changeset->getChangeType();
if ($this->leftRawFileURI) {
if ($change != DifferentialChangeType::TYPE_ADD) {
$uri = new PhutilURI($this->leftRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['leftURI'] = (string) $uri;
}
}
if ($this->rightRawFileURI) {
if ($change != DifferentialChangeType::TYPE_DELETE && $change != DifferentialChangeType::TYPE_MULTICOPY) {
$uri = new PhutilURI($this->rightRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['rightURI'] = (string) $uri;
}
}
$user = $this->user;
if ($user && $repository) {
$path = ltrim($changeset->getAbsoluteRepositoryPath($repository, $this->diff), '/');
$line = idx($changeset->getMetadata(), 'line:first', 1);
$callsign = $repository->getCallsign();
$editor_link = $user->loadEditorLink($path, $line, $callsign);
if ($editor_link) {
$meta['editor'] = $editor_link;
} else {
$meta['editorConfigure'] = '/settings/panel/display/';
}
}
$meta['containerID'] = $detail->getID();
$caret = phutil_tag('span', array('class' => 'caret'), '');
return javelin_tag('a', array('class' => 'button grey small dropdown', 'meta' => $meta, 'href' => idx($meta, 'detailURI', '#'), 'target' => '_blank', 'sigil' => 'differential-view-options'), array(pht('View Options'), $caret));
}
public function testUnusualURIs()
{
$uri = new PhutilURI('file:///path/to/file');
$this->assertEqual('file', $uri->getProtocol(), pht('protocol'));
$this->assertEqual('', $uri->getDomain(), pht('domain'));
$this->assertEqual('/path/to/file', $uri->getPath(), pht('path'));
$uri = new PhutilURI('idea://open?x=/');
$this->assertEqual('idea', $uri->getProtocol(), pht('protocol'));
$this->assertEqual('open', $uri->getDomain(), pht('domain'));
$this->assertEqual('', $uri->getPath(), pht('path'));
$this->assertEqual(array('x' => '/'), $uri->getQueryParams());
}
/**
* If there's a URI specified in an OAuth request, it must be validated in
* its own right. Further, it must have the same domain and (at least) the
* same query parameters as the primary URI.
*/
public function validateSecondaryRedirectURI(PhutilURI $secondary_uri, PhutilURI $primary_uri)
{
$valid = $this->validateRedirectURI($secondary_uri);
if ($valid) {
$valid_domain = $secondary_uri->getDomain() == $primary_uri->getDomain();
$good_params = $primary_uri->getQueryParams();
$test_params = $secondary_uri->getQueryParams();
$missing_params = array_diff_key($good_params, $test_params);
$valid = $valid_domain && empty($missing_params);
}
return $valid;
}
/**
* Render a standard login/register button element.
*
* The `$attributes` parameter takes these keys:
*
* - `uri`: URI the button should take the user to when clicked.
* - `method`: Optional HTTP method the button should use, defaults to GET.
*
* @param AphrontRequest HTTP request.
* @param string Request mode string.
* @param map Additional parameters, see above.
* @return wild Login button.
*/
protected function renderStandardLoginButton(AphrontRequest $request, $mode, array $attributes = array())
{
PhutilTypeSpec::checkMap($attributes, array('method' => 'optional string', 'uri' => 'string', 'sigil' => 'optional string'));
$viewer = $request->getUser();
$adapter = $this->getAdapter();
if ($mode == 'link') {
$button_text = pht('Link External Account');
} else {
if ($mode == 'refresh') {
$button_text = pht('Refresh Account Link');
} else {
if ($mode == 'invite') {
$button_text = pht('Register Account');
} else {
if ($this->shouldAllowRegistration()) {
$button_text = pht('Login or Register');
} else {
$button_text = pht('Login');
}
}
}
}
$icon = id(new PHUIIconView())->setSpriteSheet(PHUIIconView::SPRITE_LOGIN)->setSpriteIcon($this->getLoginIcon());
$button = id(new PHUIButtonView())->setSize(PHUIButtonView::BIG)->setColor(PHUIButtonView::GREY)->setIcon($icon)->setText($button_text)->setSubtext($this->getProviderName());
$uri = $attributes['uri'];
$uri = new PhutilURI($uri);
$params = $uri->getQueryParams();
$uri->setQueryParams(array());
$content = array($button);
foreach ($params as $key => $value) {
$content[] = phutil_tag('input', array('type' => 'hidden', 'name' => $key, 'value' => $value));
}
return phabricator_form($viewer, array('method' => idx($attributes, 'method', 'GET'), 'action' => (string) $uri, 'sigil' => idx($attributes, 'sigil')), $content);
}
private function renderViewOptionsDropdown(DifferentialChangesetDetailView $detail, $ref, DifferentialChangeset $changeset)
{
$meta = array();
$qparams = array('ref' => $ref, 'whitespace' => $this->whitespace);
if ($this->standaloneURI) {
$uri = new PhutilURI($this->standaloneURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['standaloneURI'] = (string) $uri;
}
$repository = $this->repository;
if ($repository) {
$meta['diffusionURI'] = (string) $repository->getDiffusionBrowseURIForPath($changeset->getAbsoluteRepositoryPath($repository, $this->diff));
}
$change = $changeset->getChangeType();
if ($this->leftRawFileURI) {
if ($change != DifferentialChangeType::TYPE_ADD) {
$uri = new PhutilURI($this->leftRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['leftURI'] = (string) $uri;
}
}
if ($this->rightRawFileURI) {
if ($change != DifferentialChangeType::TYPE_DELETE && $change != DifferentialChangeType::TYPE_MULTICOPY) {
$uri = new PhutilURI($this->rightRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['rightURI'] = (string) $uri;
}
}
$user = $this->user;
if ($user && $repository) {
$path = ltrim($changeset->getAbsoluteRepositoryPath($repository, $this->diff), '/');
$line = 1;
// TODO: get first changed line
$callsign = $repository->getCallsign();
$editor_link = $user->loadEditorLink($path, $line, $callsign);
if ($editor_link) {
$meta['editor'] = $editor_link;
} else {
$meta['editorConfigure'] = '/settings/page/preferences/';
}
}
$meta['containerID'] = $detail->getID();
Javelin::initBehavior('differential-dropdown-menus', array());
return javelin_render_tag('a', array('class' => 'button small grey', 'meta' => $meta, 'href' => idx($meta, 'detailURI', '#'), 'target' => '_blank', 'sigil' => 'differential-view-options'), "View Options ▼");
}
private function renderViewOptionsDropdown(DifferentialChangesetDetailView $detail, $ref, DifferentialChangeset $changeset)
{
$viewer = $this->getViewer();
$meta = array();
$qparams = array('ref' => $ref, 'whitespace' => $this->whitespace);
if ($this->standaloneURI) {
$uri = new PhutilURI($this->standaloneURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['standaloneURI'] = (string) $uri;
}
$repository = $this->repository;
if ($repository) {
try {
$meta['diffusionURI'] = (string) $repository->getDiffusionBrowseURIForPath($viewer, $changeset->getAbsoluteRepositoryPath($repository, $this->diff), idx($changeset->getMetadata(), 'line:first'), $this->getBranch());
} catch (DiffusionSetupException $e) {
// Ignore
}
}
$change = $changeset->getChangeType();
if ($this->leftRawFileURI) {
if ($change != DifferentialChangeType::TYPE_ADD) {
$uri = new PhutilURI($this->leftRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['leftURI'] = (string) $uri;
}
}
if ($this->rightRawFileURI) {
if ($change != DifferentialChangeType::TYPE_DELETE && $change != DifferentialChangeType::TYPE_MULTICOPY) {
$uri = new PhutilURI($this->rightRawFileURI);
$uri->setQueryParams($uri->getQueryParams() + $qparams);
$meta['rightURI'] = (string) $uri;
}
}
if ($viewer && $repository) {
$path = ltrim($changeset->getAbsoluteRepositoryPath($repository, $this->diff), '/');
$line = idx($changeset->getMetadata(), 'line:first', 1);
$editor_link = $viewer->loadEditorLink($path, $line, $repository);
if ($editor_link) {
$meta['editor'] = $editor_link;
} else {
$meta['editorConfigure'] = '/settings/panel/display/';
}
}
$meta['containerID'] = $detail->getID();
return id(new PHUIButtonView())->setTag('a')->setText(pht('View Options'))->setIcon('fa-bars')->setColor(PHUIButtonView::GREY)->setHref(idx($meta, 'detailURI', '#'))->setMetadata($meta)->addSigil('differential-view-options');
}
public function testUnusualURIs()
{
$uri = new PhutilURI('file:///path/to/file');
$this->assertEqual('file', $uri->getProtocol(), pht('protocol'));
$this->assertEqual('', $uri->getDomain(), pht('domain'));
$this->assertEqual('/path/to/file', $uri->getPath(), pht('path'));
$uri = new PhutilURI('idea://open?x=/');
$this->assertEqual('idea', $uri->getProtocol(), pht('protocol'));
$this->assertEqual('open', $uri->getDomain(), pht('domain'));
$this->assertEqual('', $uri->getPath(), pht('path'));
$this->assertEqual(array('x' => '/'), $uri->getQueryParams());
// This is not a legitimate URI and should not parse as one.
$uri = new PhutilURI('fruit.list: apple banana cherry');
$this->assertEqual('', $uri->getDomain());
}
private function getCanonicalParameterList(HTTPSFuture $future)
{
$uri = new PhutilURI($future->getURI());
$params = $uri->getQueryParams();
ksort($params);
$canonical_parameters = array();
foreach ($params as $key => $value) {
$canonical_parameters[] = rawurlencode($key) . '=' . rawurlencode($value);
}
$canonical_parameters = implode('&', $canonical_parameters);
return $canonical_parameters;
}
