Differential D11159 Diff 26800 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
| Show First 20 Lines • Show All 268 Lines • ▼ Show 20 Lines | if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'The key which signed this request is not trusted. Only '. | 'The key which signed this request is not trusted. Only '. | ||||
| 'trusted keys can be used to sign API calls.'), | 'trusted keys can be used to sign API calls.'), | ||||
| ); | ); | ||||
| } | } | ||||
| throw new Exception( | if (!PhabricatorEnv::isClusterRemoteAddress()) { | ||||
| pht('Not Implemented: Would authenticate Almanac device.')); | return array( | ||||
| 'ERR-INVALID-AUTH', | |||||
| pht( | |||||
| 'This request originates from outside of the Phabricator '. | |||||
| 'cluster address range. Requests signed with trusted '. | |||||
| 'device keys must originate from within the cluster.'),); | |||||
| } | |||||
| $user = PhabricatorUser::getOmnipotentUser(); | |||||
| } | } | ||||
| return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
| $api_request, | $api_request, | ||||
| $user); | $user); | ||||
| } else if ($auth_type === null) { | } else if ($auth_type === null) { | ||||
| // No specified authentication type, continue with other authentication | // No specified authentication type, continue with other authentication | ||||
| // methods below. | // methods below. | ||||
| ▲ Show 20 Lines • Show All 69 Lines • ▼ Show 20 Lines | if (strlen($token_string)) { | ||||
| if ($token->getExpires()) { | if ($token->getExpires()) { | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| $token->setExpires(null); | $token->setExpires(null); | ||||
| $token->save(); | $token->save(); | ||||
| unset($unguarded); | unset($unguarded); | ||||
| } | } | ||||
| } | } | ||||
| // If this is a "clr-" token, Phabricator must be configured in cluster | |||||
| // mode and the remote address must be a cluster node. | |||||
| if ($token->getTokenType() == PhabricatorConduitToken::TYPE_CLUSTER) { | |||||
| if (!PhabricatorEnv::isClusterRemoteAddress()) { | |||||
| return array( | |||||
| 'ERR-INVALID-AUTH', | |||||
| pht( | |||||
| 'This request originates from outside of the Phabricator '. | |||||
| 'cluster address range. Requests signed with cluster API '. | |||||
| 'tokens must originate from within the cluster.'),); | |||||
| } | |||||
| } | |||||
| $user = $token->getObject(); | $user = $token->getObject(); | ||||
| if (!($user instanceof PhabricatorUser)) { | if (!($user instanceof PhabricatorUser)) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht( | pht( | ||||
| 'API token is not associated with a valid user.'), | 'API token is not associated with a valid user.'), | ||||
| ); | ); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 282 Lines • Show Last 20 Lines | |||||