Differential D8921 Diff 21170 src/applications/conduit/controller/PhabricatorConduitTokenController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitTokenController.php
| <?php | <?php | ||||
| /** | /** | ||||
| * @group conduit | * @group conduit | ||||
| */ | */ | ||||
| final class PhabricatorConduitTokenController | final class PhabricatorConduitTokenController | ||||
| extends PhabricatorConduitController { | extends PhabricatorConduitController { | ||||
| public function processRequest() { | public function processRequest() { | ||||
| $user = $this->getRequest()->getUser(); | $user = $this->getRequest()->getUser(); | ||||
| id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | |||||
| $user, | |||||
| $this->getRequest(), | |||||
| '/'); | |||||
| // Ideally we'd like to verify this, but it's fine to leave it unguarded | // Ideally we'd like to verify this, but it's fine to leave it unguarded | ||||
| // for now and verifying it would need some Ajax junk or for the user to | // for now and verifying it would need some Ajax junk or for the user to | ||||
| // click a button or similar. | // click a button or similar. | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| $old_token = id(new PhabricatorConduitCertificateToken()) | $old_token = id(new PhabricatorConduitCertificateToken()) | ||||
| ->loadOneWhere( | ->loadOneWhere( | ||||
| 'userPHID = %s', | 'userPHID = %s', | ||||
| ▲ Show 20 Lines • Show All 52 Lines • Show Last 20 Lines | |||||