Differential D14265 Diff 34518 src/applications/conduit/controller/PhabricatorConduitAPIController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/controller/PhabricatorConduitAPIController.php
<?php | <?php | ||||
final class PhabricatorConduitAPIController | final class PhabricatorConduitAPIController | ||||
extends PhabricatorConduitController { | extends PhabricatorConduitController { | ||||
public function shouldRequireLogin() { | public function shouldRequireLogin() { | ||||
return false; | return false; | ||||
} | } | ||||
private $method; | public function handleRequest(AphrontRequest $request) { | ||||
$method = $request->getURIData('method'); | |||||
public function willProcessRequest(array $data) { | |||||
$this->method = $data['method']; | |||||
return $this; | |||||
} | |||||
public function processRequest() { | |||||
$time_start = microtime(true); | $time_start = microtime(true); | ||||
$request = $this->getRequest(); | |||||
$method = $this->method; | |||||
$api_request = null; | $api_request = null; | ||||
$method_implementation = null; | $method_implementation = null; | ||||
$log = new PhabricatorConduitMethodCallLog(); | $log = new PhabricatorConduitMethodCallLog(); | ||||
$log->setMethod($method); | $log->setMethod($method); | ||||
$metadata = array(); | $metadata = array(); | ||||
Show All 20 Lines | try { | ||||
$api_request = $call->getAPIRequest(); | $api_request = $call->getAPIRequest(); | ||||
$allow_unguarded_writes = false; | $allow_unguarded_writes = false; | ||||
$auth_error = null; | $auth_error = null; | ||||
$conduit_username = '-'; | $conduit_username = '-'; | ||||
if ($call->shouldRequireAuthentication()) { | if ($call->shouldRequireAuthentication()) { | ||||
$metadata['scope'] = $call->getRequiredScope(); | $metadata['scope'] = $call->getRequiredScope(); | ||||
$auth_error = $this->authenticateUser($api_request, $metadata); | $auth_error = $this->authenticateUser($api_request, $metadata, $method); | ||||
// If we've explicitly authenticated the user here and either done | // If we've explicitly authenticated the user here and either done | ||||
// CSRF validation or are using a non-web authentication mechanism. | // CSRF validation or are using a non-web authentication mechanism. | ||||
$allow_unguarded_writes = true; | $allow_unguarded_writes = true; | ||||
if ($auth_error === null) { | if ($auth_error === null) { | ||||
$conduit_user = $api_request->getUser(); | $conduit_user = $api_request->getUser(); | ||||
if ($conduit_user && $conduit_user->getPHID()) { | if ($conduit_user && $conduit_user->getPHID()) { | ||||
$conduit_username = $conduit_user->getUsername(); | $conduit_username = $conduit_user->getUsername(); | ||||
▲ Show 20 Lines • Show All 97 Lines • ▼ Show 20 Lines | final class PhabricatorConduitAPIController | ||||
* | * | ||||
* @param ConduitAPIRequest Request being executed. | * @param ConduitAPIRequest Request being executed. | ||||
* @param dict Request metadata. | * @param dict Request metadata. | ||||
* @return null|pair Null to indicate successful authentication, or | * @return null|pair Null to indicate successful authentication, or | ||||
* an error code and error message pair. | * an error code and error message pair. | ||||
*/ | */ | ||||
private function authenticateUser( | private function authenticateUser( | ||||
ConduitAPIRequest $api_request, | ConduitAPIRequest $api_request, | ||||
array $metadata) { | array $metadata, | ||||
$method) { | |||||
$request = $this->getRequest(); | $request = $this->getRequest(); | ||||
if ($request->getUser()->getPHID()) { | if ($request->getUser()->getPHID()) { | ||||
$request->validateCSRF(); | $request->validateCSRF(); | ||||
return $this->validateAuthenticatedUser( | return $this->validateAuthenticatedUser( | ||||
$api_request, | $api_request, | ||||
$request->getUser()); | $request->getUser()); | ||||
Show All 21 Lines | if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) { | ||||
try { | try { | ||||
$protocol_data = $metadata; | $protocol_data = $metadata; | ||||
// TODO: We should stop writing this into the protocol data when | // TODO: We should stop writing this into the protocol data when | ||||
// processing a request. | // processing a request. | ||||
unset($protocol_data['scope']); | unset($protocol_data['scope']); | ||||
ConduitClient::verifySignature( | ConduitClient::verifySignature( | ||||
$this->method, | $method, | ||||
$api_request->getAllParameters(), | $api_request->getAllParameters(), | ||||
$protocol_data, | $protocol_data, | ||||
$ssl_public_key); | $ssl_public_key); | ||||
} catch (Exception $ex) { | } catch (Exception $ex) { | ||||
return array( | return array( | ||||
'ERR-INVALID-AUTH', | 'ERR-INVALID-AUTH', | ||||
pht( | pht( | ||||
'Signature verification failure. %s', | 'Signature verification failure. %s', | ||||
▲ Show 20 Lines • Show All 443 Lines • Show Last 20 Lines |