Differential D7962 Diff 18019 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
Show First 20 Lines • Show All 273 Lines • ▼ Show 20 Lines | private function authenticateUser( | ||||
$session_key = idx($metadata, 'sessionKey'); | $session_key = idx($metadata, 'sessionKey'); | ||||
if (!$session_key) { | if (!$session_key) { | ||||
return array( | return array( | ||||
'ERR-INVALID-SESSION', | 'ERR-INVALID-SESSION', | ||||
'Session key is not present.' | 'Session key is not present.' | ||||
); | ); | ||||
} | } | ||||
$session = queryfx_one( | $user = id(new PhabricatorAuthSessionEngine()) | ||||
id(new PhabricatorUser())->establishConnection('r'), | ->loadUserForSession('conduit', $session_key); | ||||
'SELECT * FROM %T WHERE sessionKey = %s', | |||||
PhabricatorUser::SESSION_TABLE, | |||||
PhabricatorHash::digest($session_key)); | |||||
if (!$session) { | |||||
return array( | |||||
'ERR-INVALID-SESSION', | |||||
'Session key is invalid.', | |||||
); | |||||
} | |||||
// TODO: Make sessions timeout. | |||||
// TODO: When we pull a session, read connectionID from the session table. | |||||
$user = id(new PhabricatorUser())->loadOneWhere( | |||||
'phid = %s', | |||||
$session['userPHID']); | |||||
if (!$user) { | if (!$user) { | ||||
return array( | return array( | ||||
'ERR-INVALID-SESSION', | 'ERR-INVALID-SESSION', | ||||
'Session is for nonexistent user.', | 'Session key is invalid.', | ||||
); | ); | ||||
} | } | ||||
return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
$api_request, | $api_request, | ||||
$user); | $user); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 175 Lines • Show Last 20 Lines |