Differential D7962 Diff 18019 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
| Show First 20 Lines • Show All 273 Lines • ▼ Show 20 Lines | private function authenticateUser( | ||||
| $session_key = idx($metadata, 'sessionKey'); | $session_key = idx($metadata, 'sessionKey'); | ||||
| if (!$session_key) { | if (!$session_key) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-SESSION', | 'ERR-INVALID-SESSION', | ||||
| 'Session key is not present.' | 'Session key is not present.' | ||||
| ); | ); | ||||
| } | } | ||||
| $session = queryfx_one( | $user = id(new PhabricatorAuthSessionEngine()) | ||||
| id(new PhabricatorUser())->establishConnection('r'), | ->loadUserForSession('conduit', $session_key); | ||||
| 'SELECT * FROM %T WHERE sessionKey = %s', | |||||
| PhabricatorUser::SESSION_TABLE, | |||||
| PhabricatorHash::digest($session_key)); | |||||
| if (!$session) { | |||||
| return array( | |||||
| 'ERR-INVALID-SESSION', | |||||
| 'Session key is invalid.', | |||||
| ); | |||||
| } | |||||
| // TODO: Make sessions timeout. | |||||
| // TODO: When we pull a session, read connectionID from the session table. | |||||
| $user = id(new PhabricatorUser())->loadOneWhere( | |||||
| 'phid = %s', | |||||
| $session['userPHID']); | |||||
| if (!$user) { | if (!$user) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-SESSION', | 'ERR-INVALID-SESSION', | ||||
| 'Session is for nonexistent user.', | 'Session key is invalid.', | ||||
| ); | ); | ||||
| } | } | ||||
| return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
| $api_request, | $api_request, | ||||
| $user); | $user); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 175 Lines • Show Last 20 Lines | |||||