Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/method/ConduitConnectConduitAPIMethod.php
| Show First 20 Lines • Show All 136 Lines • ▼ Show 20 Lines | if ($token && $signature) { | ||||
| $token, | $token, | ||||
| date('r', $token), | date('r', $token), | ||||
| $now, | $now, | ||||
| date('r', $now), | date('r', $now), | ||||
| ($token - $now), | ($token - $now), | ||||
| $threshold)); | $threshold)); | ||||
| } | } | ||||
| $valid = sha1($token.$user->getConduitCertificate()); | $valid = sha1($token.$user->getConduitCertificate()); | ||||
| if ($valid != $signature) { | if (!phutil_hashes_are_identical($valid, $signature)) { | ||||
| throw new ConduitException('ERR-INVALID-CERTIFICATE'); | throw new ConduitException('ERR-INVALID-CERTIFICATE'); | ||||
| } | } | ||||
| $session_key = id(new PhabricatorAuthSessionEngine())->establishSession( | $session_key = id(new PhabricatorAuthSessionEngine())->establishSession( | ||||
| PhabricatorAuthSession::TYPE_CONDUIT, | PhabricatorAuthSession::TYPE_CONDUIT, | ||||
| $user->getPHID(), | $user->getPHID(), | ||||
| $partial = false); | $partial = false); | ||||
| } else { | } else { | ||||
| throw new ConduitException('ERR-NO-CERTIFICATE'); | throw new ConduitException('ERR-NO-CERTIFICATE'); | ||||
| Show All 10 Lines | |||||