Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/method/ConduitAPI_conduit_connect_Method.php
| <?php | <?php | ||||
| /** | /** | ||||
| * @group conduit | * @group conduit | ||||
| */ | */ | ||||
| final class ConduitAPI_conduit_connect_Method extends ConduitAPIMethod { | final class ConduitAPI_conduit_connect_Method extends ConduitAPIMethod { | ||||
| public function shouldRequireAuthentication() { | public function shouldRequireAuthentication() { | ||||
| return false; | return false; | ||||
| } | } | ||||
| public function shouldAllowUnguardedWrites() { | public function shouldAllowUnguardedWrites() { | ||||
| return true; | return true; | ||||
| } | } | ||||
| public function getMethodDescription() { | public function getMethodDescription() { | ||||
| return "Connect a session-based client."; | return 'Connect a session-based client.'; | ||||
| } | } | ||||
| public function defineParamTypes() { | public function defineParamTypes() { | ||||
| return array( | return array( | ||||
| 'client' => 'required string', | 'client' => 'required string', | ||||
| 'clientVersion' => 'required int', | 'clientVersion' => 'required int', | ||||
| 'clientDescription' => 'optional string', | 'clientDescription' => 'optional string', | ||||
| 'user' => 'optional string', | 'user' => 'optional string', | ||||
| 'authToken' => 'optional int', | 'authToken' => 'optional int', | ||||
| 'authSignature' => 'optional string', | 'authSignature' => 'optional string', | ||||
| 'host' => 'required string', | 'host' => 'required string', | ||||
| ); | ); | ||||
| } | } | ||||
| public function defineReturnType() { | public function defineReturnType() { | ||||
| return 'dict<string, any>'; | return 'dict<string, any>'; | ||||
| } | } | ||||
| public function defineErrorTypes() { | public function defineErrorTypes() { | ||||
| return array( | return array( | ||||
| "ERR-BAD-VERSION" => | 'ERR-BAD-VERSION' => | ||||
| "Client/server version mismatch. Upgrade your server or downgrade ". | 'Client/server version mismatch. Upgrade your server or downgrade '. | ||||
| "your client.", | 'your client.', | ||||
| "NEW-ARC-VERSION" => | 'NEW-ARC-VERSION' => | ||||
| "Client/server version mismatch. Upgrade your client.", | 'Client/server version mismatch. Upgrade your client.', | ||||
| "ERR-UNKNOWN-CLIENT" => | 'ERR-UNKNOWN-CLIENT' => | ||||
| "Client is unknown.", | 'Client is unknown.', | ||||
| "ERR-INVALID-USER" => | 'ERR-INVALID-USER' => | ||||
| "The username you are attempting to authenticate with is not valid.", | 'The username you are attempting to authenticate with is not valid.', | ||||
| "ERR-INVALID-CERTIFICATE" => | 'ERR-INVALID-CERTIFICATE' => | ||||
| "Your authentication certificate for this server is invalid.", | 'Your authentication certificate for this server is invalid.', | ||||
| "ERR-INVALID-TOKEN" => | 'ERR-INVALID-TOKEN' => | ||||
| "The challenge token you are authenticating with is outside of the ". | "The challenge token you are authenticating with is outside of the ". | ||||
| "allowed time range. Either your system clock is out of whack or ". | "allowed time range. Either your system clock is out of whack or ". | ||||
| "you're executing a replay attack.", | "you're executing a replay attack.", | ||||
| "ERR-NO-CERTIFICATE" => "This server requires authentication.", | 'ERR-NO-CERTIFICATE' => 'This server requires authentication.', | ||||
| ); | ); | ||||
| } | } | ||||
| protected function execute(ConduitAPIRequest $request) { | protected function execute(ConduitAPIRequest $request) { | ||||
| $this->validateHost($request->getValue('host')); | $this->validateHost($request->getValue('host')); | ||||
| $client = $request->getValue('client'); | $client = $request->getValue('client'); | ||||
| ▲ Show 20 Lines • Show All 59 Lines • ▼ Show 20 Lines | protected function execute(ConduitAPIRequest $request) { | ||||
| $session_key = null; | $session_key = null; | ||||
| if ($token && $signature) { | if ($token && $signature) { | ||||
| $threshold = 60 * 15; | $threshold = 60 * 15; | ||||
| $now = time(); | $now = time(); | ||||
| if (abs($token - $now) > $threshold) { | if (abs($token - $now) > $threshold) { | ||||
| throw id(new ConduitException('ERR-INVALID-TOKEN')) | throw id(new ConduitException('ERR-INVALID-TOKEN')) | ||||
| ->setErrorDescription( | ->setErrorDescription( | ||||
| pht( | pht( | ||||
| "The request you submitted is signed with a timestamp, but that ". | 'The request you submitted is signed with a timestamp, but that '. | ||||
| "timestamp is not within %s of the current time. The ". | 'timestamp is not within %s of the current time. The '. | ||||
| "signed timestamp is %s (%s), and the current server time is ". | 'signed timestamp is %s (%s), and the current server time is '. | ||||
| "%s (%s). This is a difference of %s seconds, but the ". | '%s (%s). This is a difference of %s seconds, but the '. | ||||
| "timestamp must differ from the server time by no more than ". | 'timestamp must differ from the server time by no more than '. | ||||
| "%s seconds. Your client or server clock may not be set ". | '%s seconds. Your client or server clock may not be set '. | ||||
| "correctly.", | 'correctly.', | ||||
| phabricator_format_relative_time($threshold), | phabricator_format_relative_time($threshold), | ||||
| $token, | $token, | ||||
| date('r', $token), | date('r', $token), | ||||
| $now, | $now, | ||||
| date('r', $now), | date('r', $now), | ||||
| ($token - $now), | ($token - $now), | ||||
| $threshold)); | $threshold)); | ||||
| } | } | ||||
| Show All 20 Lines | |||||