Allow OAuth applications to be disabled instead of destroyed

Summary: Ref T7303. This interaction is very oldschool; modernize it to enable/disable instead of "nuke from orbit". Test Plan: - Enabled applications. - Disabled applications. - Viewed applications in list view. - Generated new tokens. - Tried to use a token from a disabled application (got rebuffed). - Tried to use a token from an enabled application (worked fine). Reviewers: chad Reviewed By: chad Maniphest Tasks: T7303 Differential Revision: https://secure.phabricator.com/D15620
2016-04-05 09:40:22 -07:00
parent c29bbbab19
commit 8dfc7d4201
14 changed files with 189 additions and 102 deletions
--- a/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
+++ b/src/applications/oauthserver/controller/PhabricatorOAuthServerTokenController.php
@@ -67,7 +67,7 @@ final class PhabricatorOAuthServerTokenController
        $response->setError('invalid_grant');
        $response->setErrorDescription(
          pht(
-            'Authorization code %d not found.',
+            'Authorization code %s not found.',
            $code));
        return $response;
      }
@@ -102,11 +102,22 @@ final class PhabricatorOAuthServerTokenController
        $response->setError('invalid_client');
        $response->setErrorDescription(
          pht(
-            'Client with %s %d not found.',
+            'Client with %s %s not found.',
            'client_id',
            $client_phid));
        return $response;
      }
+
+      if ($client->getIsDisabled()) {
+        $response->setError('invalid_client');
+        $response->setErrorDescription(
+          pht(
+            'OAuth application "%s" has been disabled.',
+            $client->getName()));
+
+        return $response;
+      }
+
      $server->setClient($client);

      $user_phid = $auth_code->getUserPHID();
@@ -116,7 +127,7 @@ final class PhabricatorOAuthServerTokenController
        $response->setError('invalid_grant');
        $response->setErrorDescription(
          pht(
-            'User with PHID %d not found.',
+            'User with PHID %s not found.',
            $user_phid));
        return $response;
      }
@@ -132,7 +143,7 @@ final class PhabricatorOAuthServerTokenController
        $response->setError('invalid_grant');
        $response->setErrorDescription(
          pht(
-            'Invalid authorization code %d.',
+            'Invalid authorization code %s.',
            $code));
        return $response;
      }