Differential D10989 Diff 26397 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
| Show First 20 Lines • Show All 295 Lines • ▼ Show 20 Lines | private function authenticateUser( | ||||
| $token_string = idx($metadata, 'token'); | $token_string = idx($metadata, 'token'); | ||||
| if (strlen($token_string)) { | if (strlen($token_string)) { | ||||
| if (strlen($token_string) != 32) { | if (strlen($token_string) != 32) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'API token "%s" has the wrong length. API tokens should be '. | 'API token "%s" has the wrong length. API tokens should be '. | ||||
| '32 characters long.'), | '32 characters long.', | ||||
| $token_string), | |||||
| ); | ); | ||||
| } | } | ||||
| $type = head(explode('-', $token_string)); | $type = head(explode('-', $token_string)); | ||||
| switch ($type) { | $valid_types = PhabricatorConduitToken::getAllTokenTypes(); | ||||
| case 'api': | $valid_types = array_fuse($valid_types); | ||||
| case 'tmp': | if (empty($valid_types[$type])) { | ||||
| break; | |||||
| default: | |||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'API token "%s" has the wrong format. API tokens should begin '. | 'API token "%s" has the wrong format. API tokens should be '. | ||||
| 'with "api-" or "tmp-" and be 32 characters long.', | '32 characters long and begin with one of these prefixes: %s.', | ||||
| $token_string), | $token_string, | ||||
| implode(', ', $valid_types)), | |||||
| ); | ); | ||||
| } | } | ||||
| $token = id(new PhabricatorConduitTokenQuery()) | $token = id(new PhabricatorConduitTokenQuery()) | ||||
| ->setViewer(PhabricatorUser::getOmnipotentUser()) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
| ->withTokens(array($token_string)) | ->withTokens(array($token_string)) | ||||
| ->withExpired(false) | ->withExpired(false) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| Show All 15 Lines | if (strlen($token_string)) { | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'API token "%s" is not valid.', | 'API token "%s" is not valid.', | ||||
| $token_string), | $token_string), | ||||
| ); | ); | ||||
| } | } | ||||
| } | } | ||||
| // If this is a "cli-" token, it expires shortly after it is generated | |||||
| // by default. Once it is actually used, we extend its lifetime and make | |||||
| // it permanent. This allows stray tokens to get cleaned up automatically | |||||
| // if they aren't being used. | |||||
| if ($token->getTokenType() == PhabricatorConduitToken::TYPE_COMMANDLINE) { | |||||
| if ($token->getExpires()) { | |||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | |||||
| $token->setExpires(null); | |||||
| $token->save(); | |||||
| unset($unguarded); | |||||
| } | |||||
| } | |||||
| $user = $token->getObject(); | $user = $token->getObject(); | ||||
| if (!($user instanceof PhabricatorUser)) { | if (!($user instanceof PhabricatorUser)) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'API token is not associated with a valid user.'), | 'API token is not associated with a valid user.'), | ||||
| ); | ); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 282 Lines • Show Last 20 Lines | |||||