Differential D8921 Diff 21170 src/applications/conduit/controller/PhabricatorConduitTokenController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitTokenController.php
<?php | <?php | ||||
/** | /** | ||||
* @group conduit | * @group conduit | ||||
*/ | */ | ||||
final class PhabricatorConduitTokenController | final class PhabricatorConduitTokenController | ||||
extends PhabricatorConduitController { | extends PhabricatorConduitController { | ||||
public function processRequest() { | public function processRequest() { | ||||
$user = $this->getRequest()->getUser(); | $user = $this->getRequest()->getUser(); | ||||
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | |||||
$user, | |||||
$this->getRequest(), | |||||
'/'); | |||||
// Ideally we'd like to verify this, but it's fine to leave it unguarded | // Ideally we'd like to verify this, but it's fine to leave it unguarded | ||||
// for now and verifying it would need some Ajax junk or for the user to | // for now and verifying it would need some Ajax junk or for the user to | ||||
// click a button or similar. | // click a button or similar. | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
$old_token = id(new PhabricatorConduitCertificateToken()) | $old_token = id(new PhabricatorConduitCertificateToken()) | ||||
->loadOneWhere( | ->loadOneWhere( | ||||
'userPHID = %s', | 'userPHID = %s', | ||||
▲ Show 20 Lines • Show All 52 Lines • Show Last 20 Lines |