Page MenuHomePhabricator

D672.diff
No OneTemporary

D672.diff

diff --git a/bin/controllers/app.php b/bin/controllers/app.php
--- a/bin/controllers/app.php
+++ b/bin/controllers/app.php
@@ -1,5 +1,6 @@
<?php
+use client\CredentialModel;
use spitfire\exceptions\PublicException;
use spitfire\io\Upload;
use spitfire\storage\database\pagination\Paginator;
@@ -41,8 +42,6 @@
$app = db()->table('authapp')->newRecord();
$app->owner = $this->user;
$app->name = $_POST['name'];
- #TODO: Replace with the proper app secret generation
- $app->appSecret = preg_replace('/[^a-z\d]/i', '', base64_encode(random_bytes(35)));
if ($_POST['icon'] instanceof Upload) {
$app->icon = $_POST['icon']->validate()->store()->uri();
@@ -54,6 +53,16 @@
} while ($count !== 0);
$app->store();
+
+ /**
+ * Generate a credential for the application. We default to generating a credential
+ * that has no expiration (meaning the the user will never be requested to refresh
+ * the credential), since generally credentials do offer a good level of security.
+ */
+ $secret = db()->table(CredentialModel::class)->newRecord();
+ $secret->client = $app;
+ $secret->store();
+
$this->response->getHeaders()->redirect(url('app', 'index', Array('message' => 'success')));
return;
}
diff --git a/bin/models/authapp.php b/bin/models/authapp.php
--- a/bin/models/authapp.php
+++ b/bin/models/authapp.php
@@ -7,7 +7,7 @@
/**
*
-@property UserModel $owner The user that created the client and manages it
+ * @property UserModel $owner The user that created the client and manages it
* @todo Add ownership to the apps. So a certain user can administrate his own apps
*/
class AuthAppModel extends Model

File Metadata

Mime Type
text/plain
Expires
Apr 11 2021, 8:30 AM (9 w, 2 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
7061
Default Alt Text
D672.diff (1 KB)

Event Timeline