Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
Show All 33 Lines | final class PhabricatorAuthSessionEngine extends Phobject { | ||||
/** | /** | ||||
* Session kind isn't known. | * Session kind isn't known. | ||||
*/ | */ | ||||
const KIND_UNKNOWN = '?'; | const KIND_UNKNOWN = '?'; | ||||
/** | |||||
* Temporary tokens for one time logins. | |||||
*/ | |||||
const ONETIME_TEMPORARY_TOKEN_TYPE = 'login:onetime'; | |||||
/** | |||||
* Temporary tokens for password recovery after one time login. | |||||
*/ | |||||
const PASSWORD_TEMPORARY_TOKEN_TYPE = 'login:password'; | |||||
const ONETIME_RECOVER = 'recover'; | const ONETIME_RECOVER = 'recover'; | ||||
const ONETIME_RESET = 'reset'; | const ONETIME_RESET = 'reset'; | ||||
const ONETIME_WELCOME = 'welcome'; | const ONETIME_WELCOME = 'welcome'; | ||||
const ONETIME_USERNAME = 'rename'; | const ONETIME_USERNAME = 'rename'; | ||||
/** | /** | ||||
* Get the session kind (e.g., anonymous, user, external account) from a | * Get the session kind (e.g., anonymous, user, external account) from a | ||||
▲ Show 20 Lines • Show All 576 Lines • ▼ Show 20 Lines | /* -( One Time Login URIs )------------------------------------------------ */ | ||||
*/ | */ | ||||
public function getOneTimeLoginURI( | public function getOneTimeLoginURI( | ||||
PhabricatorUser $user, | PhabricatorUser $user, | ||||
PhabricatorUserEmail $email = null, | PhabricatorUserEmail $email = null, | ||||
$type = self::ONETIME_RESET) { | $type = self::ONETIME_RESET) { | ||||
$key = Filesystem::readRandomCharacters(32); | $key = Filesystem::readRandomCharacters(32); | ||||
$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | ||||
$onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | |||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
id(new PhabricatorAuthTemporaryToken()) | id(new PhabricatorAuthTemporaryToken()) | ||||
->setObjectPHID($user->getPHID()) | ->setObjectPHID($user->getPHID()) | ||||
->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE) | ->setTokenType($onetime_type) | ||||
->setTokenExpires(time() + phutil_units('1 day in seconds')) | ->setTokenExpires(time() + phutil_units('1 day in seconds')) | ||||
->setTokenCode($key_hash) | ->setTokenCode($key_hash) | ||||
->save(); | ->save(); | ||||
unset($unguarded); | unset($unguarded); | ||||
$uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | $uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | ||||
if ($email) { | if ($email) { | ||||
$uri = $uri.$email->getID().'/'; | $uri = $uri.$email->getID().'/'; | ||||
Show All 22 Lines | /* -( One Time Login URIs )------------------------------------------------ */ | ||||
* @task onetime | * @task onetime | ||||
*/ | */ | ||||
public function loadOneTimeLoginKey( | public function loadOneTimeLoginKey( | ||||
PhabricatorUser $user, | PhabricatorUser $user, | ||||
PhabricatorUserEmail $email = null, | PhabricatorUserEmail $email = null, | ||||
$key = null) { | $key = null) { | ||||
$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | ||||
$onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | |||||
return id(new PhabricatorAuthTemporaryTokenQuery()) | return id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
->setViewer($user) | ->setViewer($user) | ||||
->withObjectPHIDs(array($user->getPHID())) | ->withObjectPHIDs(array($user->getPHID())) | ||||
->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE)) | ->withTokenTypes(array($onetime_type)) | ||||
->withTokenCodes(array($key_hash)) | ->withTokenCodes(array($key_hash)) | ||||
->withExpired(false) | ->withExpired(false) | ||||
->executeOne(); | ->executeOne(); | ||||
} | } | ||||
/** | /** | ||||
* Hash a one-time login key for storage as a temporary token. | * Hash a one-time login key for storage as a temporary token. | ||||
Show All 26 Lines |