/**
* @task token
*/
public function validateAccessToken(PhabricatorOAuthServerAccessToken $token, $required_scope)
{
$created_time = $token->getDateCreated();
$must_be_used_by = $created_time + self::ACCESS_TOKEN_TIMEOUT;
$expired = time() > $must_be_used_by;
$authorization = id(new PhabricatorOAuthClientAuthorization())->loadOneWhere('userPHID = %s AND clientPHID = %s', $token->getUserPHID(), $token->getClientPHID());
if (!$authorization) {
return false;
}
$token_scope = $authorization->getScope();
if (!isset($token_scope[$required_scope])) {
return false;
}
$valid = true;
if ($expired) {
$valid = false;
// check if the scope includes "offline_access", which makes the
// token valid despite being expired
if (isset($token_scope[PhabricatorOAuthServerScope::SCOPE_OFFLINE_ACCESS])) {
$valid = true;
}
}
return $valid;
}
/**
* @task token
*/
public function authorizeToken(PhabricatorOAuthServerAccessToken $token)
{
$user_phid = $token->getUserPHID();
$client_phid = $token->getClientPHID();
$authorization = id(new PhabricatorOAuthClientAuthorizationQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withUserPHIDs(array($user_phid))->withClientPHIDs(array($client_phid))->executeOne();
if (!$authorization) {
return null;
}
$application = $authorization->getClient();
if ($application->getIsDisabled()) {
return null;
}
return $authorization;
}
