Page MenuHomePhabricator
Differential D14265 Diff 34518 src/applications/conduit/controller/PhabricatorConduitAPIController.php

Changeset View

Standalone View

View Options

src/applications/conduit/controller/PhabricatorConduitAPIController.php

<?php <?php
final class PhabricatorConduitAPIController final class PhabricatorConduitAPIController
extends PhabricatorConduitController { extends PhabricatorConduitController {
public function shouldRequireLogin() { public function shouldRequireLogin() {
return false; return false;
} }
private $method; public function handleRequest(AphrontRequest $request) {
$method = $request->getURIData('method');
public function willProcessRequest(array $data) {
$this->method = $data['method'];
return $this;
}
public function processRequest() {
$time_start = microtime(true); $time_start = microtime(true);
$request = $this->getRequest();
$method = $this->method;
$api_request = null; $api_request = null;
$method_implementation = null; $method_implementation = null;
$log = new PhabricatorConduitMethodCallLog(); $log = new PhabricatorConduitMethodCallLog();
$log->setMethod($method); $log->setMethod($method);
$metadata = array(); $metadata = array();
Show All 20 Lines try {
$api_request = $call->getAPIRequest(); $api_request = $call->getAPIRequest();
$allow_unguarded_writes = false; $allow_unguarded_writes = false;
$auth_error = null; $auth_error = null;
$conduit_username = '-'; $conduit_username = '-';
if ($call->shouldRequireAuthentication()) { if ($call->shouldRequireAuthentication()) {
$metadata['scope'] = $call->getRequiredScope(); $metadata['scope'] = $call->getRequiredScope();
$auth_error = $this->authenticateUser($api_request, $metadata); $auth_error = $this->authenticateUser($api_request, $metadata, $method);
// If we've explicitly authenticated the user here and either done // If we've explicitly authenticated the user here and either done
// CSRF validation or are using a non-web authentication mechanism. // CSRF validation or are using a non-web authentication mechanism.
$allow_unguarded_writes = true; $allow_unguarded_writes = true;
if ($auth_error === null) { if ($auth_error === null) {
$conduit_user = $api_request->getUser(); $conduit_user = $api_request->getUser();
if ($conduit_user && $conduit_user->getPHID()) { if ($conduit_user && $conduit_user->getPHID()) {
$conduit_username = $conduit_user->getUsername(); $conduit_username = $conduit_user->getUsername();
▲ Show 20 LinesShow All 97 Lines▼ Show 20 Linesfinal class PhabricatorConduitAPIController
* *
* @param ConduitAPIRequest Request being executed. * @param ConduitAPIRequest Request being executed.
* @param dict Request metadata. * @param dict Request metadata.
* @return null|pair Null to indicate successful authentication, or * @return null|pair Null to indicate successful authentication, or
* an error code and error message pair. * an error code and error message pair.
*/ */
private function authenticateUser( private function authenticateUser(
ConduitAPIRequest $api_request, ConduitAPIRequest $api_request,
array $metadata) { array $metadata,
$method) {
$request = $this->getRequest(); $request = $this->getRequest();
if ($request->getUser()->getPHID()) { if ($request->getUser()->getPHID()) {
$request->validateCSRF(); $request->validateCSRF();
return $this->validateAuthenticatedUser( return $this->validateAuthenticatedUser(
$api_request, $api_request,
$request->getUser()); $request->getUser());
Show All 21 Lines if ($auth_type === ConduitClient::AUTH_ASYMMETRIC) {
try { try {
$protocol_data = $metadata; $protocol_data = $metadata;
// TODO: We should stop writing this into the protocol data when // TODO: We should stop writing this into the protocol data when
// processing a request. // processing a request.
unset($protocol_data['scope']); unset($protocol_data['scope']);
ConduitClient::verifySignature( ConduitClient::verifySignature(
$this->method, $method,
$api_request->getAllParameters(), $api_request->getAllParameters(),
$protocol_data, $protocol_data,
$ssl_public_key); $ssl_public_key);
} catch (Exception $ex) { } catch (Exception $ex) {
return array( return array(
'ERR-INVALID-AUTH', 'ERR-INVALID-AUTH',
pht( pht(
'Signature verification failure. %s', 'Signature verification failure. %s',
▲ Show 20 LinesShow All 443 LinesShow Last 20 Lines
Phabricator · Built by Phacility