private function loadProfilePicture(PhabricatorExternalAccount $account)
{
$phid = $account->getProfileImagePHID();
if (!$phid) {
return null;
}
// NOTE: Use of omnipotent user is okay here because the registering user
// can not control the field value, and we can't use their user object to
// do meaningful policy checks anyway since they have not registered yet.
// Reaching this means the user holds the account secret key and the
// registration secret key, and thus has permission to view the image.
$file = id(new PhabricatorFileQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPHIDs(array($phid))->executeOne();
if (!$file) {
return null;
}
$xform = PhabricatorFileTransform::getTransformByKey(PhabricatorFileThumbnailTransform::TRANSFORM_PROFILE);
return $xform->executeTransform($file);
}
public function getOAuthAccessToken(PhabricatorExternalAccount $account, $force_refresh = false)
{
if ($account->getProviderKey() !== $this->getProviderKey()) {
throw new Exception(pht('Account does not match provider!'));
}
if (!$force_refresh) {
$access_expires = $account->getProperty('oauth.token.access.expires');
$access_token = $account->getProperty('oauth.token.access');
// Don't return a token with fewer than this many seconds remaining until
// it expires.
$shortest_token = 60;
if ($access_token) {
if ($access_expires === null || $access_expires > time() + $shortest_token) {
return $access_token;
}
}
}
$refresh_token = $account->getProperty('oauth.token.refresh');
if ($refresh_token) {
$adapter = $this->getAdapter();
if ($adapter->supportsTokenRefresh()) {
$adapter->refreshAccessToken($refresh_token);
$this->synchronizeOAuthAccount($account);
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$account->save();
unset($unguarded);
return $account->getProperty('oauth.token.access');
}
}
return null;
}
/**
* Attempts to find an external account and if none exists creates a new
* external account with a shiny new ID and PHID.
*
* NOTE: This function assumes the first item in various query parameters is
* the correct value to use in creating a new external account.
*/
public function loadOneOrCreate()
{
$account = $this->executeOne();
if (!$account) {
$account = new PhabricatorExternalAccount();
if ($this->accountIDs) {
$account->setAccountID(reset($this->accountIDs));
}
if ($this->accountTypes) {
$account->setAccountType(reset($this->accountTypes));
}
if ($this->accountDomains) {
$account->setAccountDomain(reset($this->accountDomains));
}
if ($this->accountSecrets) {
$account->setAccountSecret(reset($this->accountSecrets));
}
if ($this->userPHIDs) {
$account->setUserPHID(reset($this->userPHIDs));
}
$account->save();
}
return $account;
}
public function newJIRAFuture(PhabricatorExternalAccount $account, $path, $method, $params = array())
{
$adapter = clone $this->getAdapter();
$adapter->setToken($account->getProperty('oauth1.token'));
$adapter->setTokenSecret($account->getProperty('oauth1.token.secret'));
return $adapter->newJIRAFuture($path, $method, $params);
}
private function setAccountKeyAndContinue(PhabricatorExternalAccount $account, $next_uri)
{
if ($account->getUserPHID()) {
throw new Exception(pht('Account is already registered or linked.'));
}
// Regenerate the registration secret key, set it on the external account,
// set a cookie on the user's machine, and redirect them to registration.
// See PhabricatorAuthRegisterController for discussion of the registration
// key.
$registration_key = Filesystem::readRandomCharacters(32);
$account->setProperty('registrationKey', PhabricatorHash::digest($registration_key));
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$account->save();
unset($unguarded);
$this->getRequest()->setTemporaryCookie(PhabricatorCookies::COOKIE_REGISTRATION, $registration_key);
return id(new AphrontRedirectResponse())->setURI($next_uri);
}
protected function synchronizeOAuthAccount(PhabricatorExternalAccount $account)
{
$adapter = $this->getAdapter();
$oauth_token = $adapter->getToken();
$oauth_token_secret = $adapter->getTokenSecret();
$account->setProperty('oauth1.token', $oauth_token);
$account->setProperty('oauth1.token.secret', $oauth_token_secret);
}
private function loadProfilePicture(PhabricatorExternalAccount $account)
{
$phid = $account->getProfileImagePHID();
if (!$phid) {
return null;
}
// NOTE: Use of omnipotent user is okay here because the registering user
// can not control the field value, and we can't use their user object to
// do meaningful policy checks anyway since they have not registered yet.
// Reaching this means the user holds the account secret key and the
// registration secret key, and thus has permission to view the image.
$file = id(new PhabricatorFileQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPHIDs(array($phid))->executeOne();
if (!$file) {
return null;
}
try {
$xformer = new PhabricatorImageTransformer();
return $xformer->executeProfileTransform($file, $width = 50, $min_height = 50, $max_height = 50);
} catch (Exception $ex) {
phlog($ex);
return null;
}
}
