public function processRequest() { $request = $this->getRequest(); $viewer = $request->getUser(); $phid = $this->getClientPHID(); if ($phid) { $client = id(new PhabricatorOAuthServerClientQuery())->setViewer($viewer)->withPHIDs(array($phid))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne(); if (!$client) { return new Aphront404Response(); } $title = pht('Edit OAuth Application: %s', $client->getName()); $submit_button = pht('Save Application'); $crumb_text = pht('Edit'); $cancel_uri = $client->getViewURI(); $is_new = false; } else { $this->requireApplicationCapability(PhabricatorOAuthServerCreateClientsCapability::CAPABILITY); $client = PhabricatorOAuthServerClient::initializeNewClient($viewer); $title = pht('Create OAuth Application'); $submit_button = pht('Create Application'); $crumb_text = pht('Create Application'); $cancel_uri = $this->getApplicationURI(); $is_new = true; } $errors = array(); $e_redirect = true; $e_name = true; if ($request->isFormPost()) { $redirect_uri = $request->getStr('redirect_uri'); $client->setName($request->getStr('name')); $client->setRedirectURI($redirect_uri); if (!strlen($client->getName())) { $errors[] = pht('You must choose a name for this OAuth application.'); $e_name = pht('Required'); } $server = new PhabricatorOAuthServer(); $uri = new PhutilURI($redirect_uri); if (!$server->validateRedirectURI($uri)) { $errors[] = pht('Redirect URI must be a fully qualified domain name ' . 'with no fragments. See %s for more information on the correct ' . 'format.', 'http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2'); $e_redirect = pht('Invalid'); } $client->setViewPolicy($request->getStr('viewPolicy')); $client->setEditPolicy($request->getStr('editPolicy')); if (!$errors) { $client->save(); $view_uri = $client->getViewURI(); return id(new AphrontRedirectResponse())->setURI($view_uri); } } $policies = id(new PhabricatorPolicyQuery())->setViewer($viewer)->setObject($client)->execute(); $form = id(new AphrontFormView())->setUser($viewer)->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Name'))->setName('name')->setValue($client->getName())->setError($e_name))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Redirect URI'))->setName('redirect_uri')->setValue($client->getRedirectURI())->setError($e_redirect))->appendChild(id(new AphrontFormPolicyControl())->setUser($viewer)->setCapability(PhabricatorPolicyCapability::CAN_VIEW)->setPolicyObject($client)->setPolicies($policies)->setName('viewPolicy'))->appendChild(id(new AphrontFormPolicyControl())->setUser($viewer)->setCapability(PhabricatorPolicyCapability::CAN_EDIT)->setPolicyObject($client)->setPolicies($policies)->setName('editPolicy'))->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($cancel_uri)->setValue($submit_button)); $crumbs = $this->buildApplicationCrumbs(); if (!$is_new) { $crumbs->addTextCrumb($client->getName(), $client->getViewURI()); } $crumbs->addTextCrumb($crumb_text); $box = id(new PHUIObjectBoxView())->setHeaderText($title)->setFormErrors($errors)->setForm($form); return $this->buildApplicationPage(array($crumbs, $box), array('title' => $title)); }
public function testValidateRedirectURI() { static $map = array('http://www.google.com' => true, 'http://www.google.com/' => true, 'http://www.google.com/auth' => true, 'www.google.com' => false, 'http://www.google.com/auth#invalid' => false); $server = new PhabricatorOAuthServer(); foreach ($map as $input => $expected) { $uri = new PhutilURI($input); $result = $server->validateRedirectURI($uri); $this->assertEqual($expected, $result, "Validation of redirect URI '{$input}'"); } }
public function processRequest() { $request = $this->getRequest(); $current_user = $request->getUser(); $error = null; $bad_redirect = false; $phid = $this->getClientPHID(); // if we have a phid, then we're editing $this->setIsClientEdit($phid); if ($this->isClientEdit()) { $client = id(new PhabricatorOAuthServerClient())->loadOneWhere('phid = %s', $phid); $title = 'Edit OAuth Client'; // validate the client if (empty($client)) { return new Aphront404Response(); } if ($client->getCreatorPHID() != $current_user->getPHID()) { $message = 'Access denied to edit client with id ' . $phid . '. ' . 'Only the user who created the client has permission to ' . 'edit the client.'; return id(new Aphront403Response())->setForbiddenText($message); } $submit_button = 'Save OAuth Client'; $secret = null; // new client - much simpler } else { $client = new PhabricatorOAuthServerClient(); $title = 'Create OAuth Client'; $submit_button = 'Create OAuth Client'; $secret = Filesystem::readRandomCharacters(32); } if ($request->isFormPost()) { $redirect_uri = $request->getStr('redirect_uri'); $client->setName($request->getStr('name')); $client->setRedirectURI($redirect_uri); if ($secret) { $client->setSecret($secret); } $client->setCreatorPHID($current_user->getPHID()); $uri = new PhutilURI($redirect_uri); $server = new PhabricatorOAuthServer(); if (!$server->validateRedirectURI($uri)) { $error = new AphrontErrorView(); $error->setSeverity(AphrontErrorView::SEVERITY_ERROR); $error->setTitle('Redirect URI must be a fully qualified domain name ' . 'with no fragments. See ' . 'http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 ' . 'for more information on the correct format.'); $bad_redirect = true; } else { $client->save(); // refresh the phid in case its a create $phid = $client->getPHID(); if ($this->isClientEdit()) { return id(new AphrontRedirectResponse())->setURI('/oauthserver/client/?edited=' . $phid); } else { return id(new AphrontRedirectResponse())->setURI('/oauthserver/client/?new=' . $phid); } } } $panel = new AphrontPanelView(); if ($this->isClientEdit()) { $delete_button = phutil_render_tag('a', array('href' => $client->getDeleteURI(), 'class' => 'grey button'), 'Delete OAuth Client'); $panel->addButton($delete_button); } $panel->setHeader($title); $form = id(new AphrontFormView())->setUser($current_user)->appendChild(id(new AphrontFormTextControl())->setLabel('Name')->setName('name')->setValue($client->getName())); if ($this->isClientEdit()) { $form->appendChild(id(new AphrontFormTextControl())->setLabel('ID')->setValue($phid))->appendChild(id(new AphrontFormStaticControl())->setLabel('Secret')->setValue($client->getSecret())); } $form->appendChild(id(new AphrontFormTextControl())->setLabel('Redirect URI')->setName('redirect_uri')->setValue($client->getRedirectURI())->setError($bad_redirect)); if ($this->isClientEdit()) { $created = phabricator_datetime($client->getDateCreated(), $current_user); $updated = phabricator_datetime($client->getDateModified(), $current_user); $form->appendChild(id(new AphrontFormStaticControl())->setLabel('Created')->setValue($created))->appendChild(id(new AphrontFormStaticControl())->setLabel('Last Updated')->setValue($updated)); } $form->appendChild(id(new AphrontFormSubmitControl())->setValue($submit_button)); $panel->appendChild($form); return $this->buildStandardPageResponse(array($error, $panel), array('title' => $title)); }