Differential D14026 Diff 33933 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
| Show First 20 Lines • Show All 428 Lines • ▼ Show 20 Lines | if (isset($metadata['authUser'])) { | ||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht('Authentication is invalid.'), | pht('Authentication is invalid.'), | ||||
| ); | ); | ||||
| } | } | ||||
| $token = idx($metadata, 'authToken'); | $token = idx($metadata, 'authToken'); | ||||
| $signature = idx($metadata, 'authSignature'); | $signature = idx($metadata, 'authSignature'); | ||||
| $certificate = $user->getConduitCertificate(); | $certificate = $user->getConduitCertificate(); | ||||
| if (sha1($token.$certificate) !== $signature) { | $hash = sha1($token.$certificate); | ||||
| if (!phutil_hashes_are_identical($hash, $signature)) { | |||||
| return array( | return array( | ||||
| 'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
| pht('Authentication is invalid.'), | pht('Authentication is invalid.'), | ||||
| ); | ); | ||||
| } | } | ||||
| return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
| $api_request, | $api_request, | ||||
| $user); | $user); | ||||
| ▲ Show 20 Lines • Show All 215 Lines • Show Last 20 Lines | |||||