private function buildPropertyListView(PhabricatorOAuthServerClient $client) { $viewer = $this->getRequest()->getUser(); $view = id(new PHUIPropertyListView())->setUser($viewer); $view->addProperty(pht('Client ID'), $client->getPHID()); $view->addProperty(pht('Client Secret'), $client->getSecret()); $view->addProperty(pht('Redirect URI'), $client->getRedirectURI()); $view->addProperty(pht('Created'), phabricator_datetime($client->getDateCreated(), $viewer)); return $view; }
public function processRequest() { $request = $this->getRequest(); $current_user = $request->getUser(); $error = null; $bad_redirect = false; $phid = $this->getClientPHID(); // if we have a phid, then we're editing $this->setIsClientEdit($phid); if ($this->isClientEdit()) { $client = id(new PhabricatorOAuthServerClient())->loadOneWhere('phid = %s', $phid); $title = 'Edit OAuth Client'; // validate the client if (empty($client)) { return new Aphront404Response(); } if ($client->getCreatorPHID() != $current_user->getPHID()) { $message = 'Access denied to edit client with id ' . $phid . '. ' . 'Only the user who created the client has permission to ' . 'edit the client.'; return id(new Aphront403Response())->setForbiddenText($message); } $submit_button = 'Save OAuth Client'; $secret = null; // new client - much simpler } else { $client = new PhabricatorOAuthServerClient(); $title = 'Create OAuth Client'; $submit_button = 'Create OAuth Client'; $secret = Filesystem::readRandomCharacters(32); } if ($request->isFormPost()) { $redirect_uri = $request->getStr('redirect_uri'); $client->setName($request->getStr('name')); $client->setRedirectURI($redirect_uri); if ($secret) { $client->setSecret($secret); } $client->setCreatorPHID($current_user->getPHID()); $uri = new PhutilURI($redirect_uri); $server = new PhabricatorOAuthServer(); if (!$server->validateRedirectURI($uri)) { $error = new AphrontErrorView(); $error->setSeverity(AphrontErrorView::SEVERITY_ERROR); $error->setTitle('Redirect URI must be a fully qualified domain name ' . 'with no fragments. See ' . 'http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 ' . 'for more information on the correct format.'); $bad_redirect = true; } else { $client->save(); // refresh the phid in case its a create $phid = $client->getPHID(); if ($this->isClientEdit()) { return id(new AphrontRedirectResponse())->setURI('/oauthserver/client/?edited=' . $phid); } else { return id(new AphrontRedirectResponse())->setURI('/oauthserver/client/?new=' . $phid); } } } $panel = new AphrontPanelView(); if ($this->isClientEdit()) { $delete_button = phutil_render_tag('a', array('href' => $client->getDeleteURI(), 'class' => 'grey button'), 'Delete OAuth Client'); $panel->addButton($delete_button); } $panel->setHeader($title); $form = id(new AphrontFormView())->setUser($current_user)->appendChild(id(new AphrontFormTextControl())->setLabel('Name')->setName('name')->setValue($client->getName())); if ($this->isClientEdit()) { $form->appendChild(id(new AphrontFormTextControl())->setLabel('ID')->setValue($phid))->appendChild(id(new AphrontFormStaticControl())->setLabel('Secret')->setValue($client->getSecret())); } $form->appendChild(id(new AphrontFormTextControl())->setLabel('Redirect URI')->setName('redirect_uri')->setValue($client->getRedirectURI())->setError($bad_redirect)); if ($this->isClientEdit()) { $created = phabricator_datetime($client->getDateCreated(), $current_user); $updated = phabricator_datetime($client->getDateModified(), $current_user); $form->appendChild(id(new AphrontFormStaticControl())->setLabel('Created')->setValue($created))->appendChild(id(new AphrontFormStaticControl())->setLabel('Last Updated')->setValue($updated)); } $form->appendChild(id(new AphrontFormSubmitControl())->setValue($submit_button)); $panel->appendChild($form); return $this->buildStandardPageResponse(array($error, $panel), array('title' => $title)); }