Differential D11159 Diff 26800 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
Show First 20 Lines • Show All 268 Lines • ▼ Show 20 Lines | if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) { | ||||
return array( | return array( | ||||
'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
pht( | pht( | ||||
'The key which signed this request is not trusted. Only '. | 'The key which signed this request is not trusted. Only '. | ||||
'trusted keys can be used to sign API calls.'), | 'trusted keys can be used to sign API calls.'), | ||||
); | ); | ||||
} | } | ||||
throw new Exception( | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
pht('Not Implemented: Would authenticate Almanac device.')); | return array( | ||||
'ERR-INVALID-AUTH', | |||||
pht( | |||||
'This request originates from outside of the Phabricator '. | |||||
'cluster address range. Requests signed with trusted '. | |||||
'device keys must originate from within the cluster.'),); | |||||
} | |||||
$user = PhabricatorUser::getOmnipotentUser(); | |||||
} | } | ||||
return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
$api_request, | $api_request, | ||||
$user); | $user); | ||||
} else if ($auth_type === null) { | } else if ($auth_type === null) { | ||||
// No specified authentication type, continue with other authentication | // No specified authentication type, continue with other authentication | ||||
// methods below. | // methods below. | ||||
▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | if (strlen($token_string)) { | ||||
if ($token->getExpires()) { | if ($token->getExpires()) { | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
$token->setExpires(null); | $token->setExpires(null); | ||||
$token->save(); | $token->save(); | ||||
unset($unguarded); | unset($unguarded); | ||||
} | } | ||||
} | } | ||||
// If this is a "clr-" token, Phabricator must be configured in cluster | |||||
// mode and the remote address must be a cluster node. | |||||
if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | |||||
if (!PhabricatorEnv::isClusterRemoteAddress()) { | |||||
return array( | |||||
'ERR-INVALID-AUTH', | |||||
pht( | |||||
'This request originates from outside of the Phabricator '. | |||||
'cluster address range. Requests signed with cluster API '. | |||||
'tokens must originate from within the cluster.'),); | |||||
} | |||||
} | |||||
$user = $token->getObject(); | $user = $token->getObject(); | ||||
if (!($user instanceof PhabricatorUser)) { | if (!($user instanceof PhabricatorUser)) { | ||||
return array( | return array( | ||||
'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
pht( | pht( | ||||
'API token is not associated with a valid user.'), | 'API token is not associated with a valid user.'), | ||||
); | ); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 282 Lines • Show Last 20 Lines |