Fix exception in OAuthServerAuthController

Toby Hughes · epriestley · commit 1188876ea92f · 2013-02-06T09:00:01.000-08:00
Summary: We've been building a Jenkins plugin that allows you to use your Phabricator login details in Jenkins using the inbuilt OAuthServer. I noticed that when making a request to /oauthserver/auth/?client_id=&response_type=code I get an error back from the server. I've traced this down to two bugs in PhabricatorOAuthServerAuthController, the first causes a null value error on $access_token_uri, and the second fails on userHasAuthorizedClient without a $scope array. Test Plan: Go to /oauthserver/auth/?client_id=<client_id>&response_type=code and get a valid authorization code back Reviewers: epriestley, btrahan Reviewed By: btrahan CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4808
diff --git a/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php b/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php
@@ -15,7 +15,7 @@ public function processRequest() {
     $current_user  = $request->getUser();
     $server        = new PhabricatorOAuthServer();
     $client_phid   = $request->getStr('client_id');
-    $scope         = $request->getStr('scope');
+    $scope         = $request->getStr('scope', array());
     $redirect_uri  = $request->getStr('redirect_uri');
     $state         = $request->getStr('state');
     $response_type = $request->getStr('response_type');
@@ -63,10 +63,8 @@ public function processRequest() {
           return $response;
         }
         $uri              = $redirect_uri;
-        $access_token_uri = $uri;
       } else {
         $uri              = new PhutilURI($client->getRedirectURI());
-        $access_token_uri = null;
       }
       // we've now validated this request enough overall such that we
       // can safely redirect to the client with the response
@@ -121,7 +119,7 @@ public function processRequest() {
       if ($return_auth_code) {
         // step 1 -- generate authorization code
         $auth_code =
-          $server->generateAuthorizationCode($access_token_uri);
+          $server->generateAuthorizationCode($uri);
 
         // step 2 return it
         $content = array(
