Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/storage/PhabricatorAuthPassword.php
- This file was added.
| <?php | |||||
| final class PhabricatorAuthPassword | |||||
| extends PhabricatorAuthDAO | |||||
| implements | |||||
| PhabricatorPolicyInterface, | |||||
| PhabricatorDestructibleInterface, | |||||
| PhabricatorApplicationTransactionInterface { | |||||
| protected $objectPHID; | |||||
| protected $passwordType; | |||||
| protected $passwordHash; | |||||
| protected $isRevoked; | |||||
| private $object = self::ATTACHABLE; | |||||
| const PASSWORD_TYPE_ACCOUNT = 'account'; | |||||
| const PASSWORD_TYPE_VCS = 'vcs'; | |||||
| const PASSWORD_TYPE_TEST = 'test'; | |||||
amckinley: What's a "test" password? | |||||
Not Done Inline ActionsIt's for unit tests (I wanted a "pure" password type for unit tests that didn't have any of the weird special cases for VCS / Account passwords). epriestley: It's for unit tests (I wanted a "pure" password type for unit tests that didn't have any of the… | |||||
| public static function initializeNewPassword( | |||||
| PhabricatorUser $object, | |||||
| $type) { | |||||
| return id(new self()) | |||||
| ->setObjectPHID($object->getPHID()) | |||||
| ->attachObject($object) | |||||
| ->setPasswordType($type) | |||||
| ->setIsRevoked(0); | |||||
| } | |||||
| protected function getConfiguration() { | |||||
| return array( | |||||
| self::CONFIG_AUX_PHID => true, | |||||
| self::CONFIG_COLUMN_SCHEMA => array( | |||||
| 'passwordType' => 'text64', | |||||
| 'passwordHash' => 'text128', | |||||
| 'isRevoked' => 'bool', | |||||
| ), | |||||
| self::CONFIG_KEY_SCHEMA => array( | |||||
| 'key_role' => array( | |||||
| 'columns' => array('objectPHID', 'passwordType'), | |||||
| ), | |||||
| ), | |||||
| ) + parent::getConfiguration(); | |||||
| } | |||||
| public function getPHIDType() { | |||||
| return PhabricatorAuthPasswordPHIDType::TYPECONST; | |||||
| } | |||||
| public function getObject() { | |||||
| return $this->assertAttached($this->object); | |||||
| } | |||||
| public function attachObject($object) { | |||||
| $this->object = $object; | |||||
| return $this; | |||||
| } | |||||
| public function setPassword( | |||||
| PhutilOpaqueEnvelope $password, | |||||
| PhabricatorUser $object) { | |||||
| $hasher = PhabricatorPasswordHasher::getBestHasher(); | |||||
| $digest = $this->digestPassword($password, $object); | |||||
| $hash = $hasher->getPasswordHashForStorage($digest); | |||||
| $raw_hash = $hash->openEnvelope(); | |||||
| return $this->setPasswordHash($raw_hash); | |||||
| } | |||||
| public function comparePassword( | |||||
| PhutilOpaqueEnvelope $password, | |||||
| PhabricatorUser $object) { | |||||
| $digest = $this->digestPassword($password, $object); | |||||
| $raw_hash = $this->getPasswordHash(); | |||||
| $hash = new PhutilOpaqueEnvelope($raw_hash); | |||||
| return PhabricatorPasswordHasher::comparePassword($digest, $hash); | |||||
| } | |||||
| private function digestPassword( | |||||
| PhutilOpaqueEnvelope $password, | |||||
| PhabricatorUser $object) { | |||||
| $object_phid = $object->getPHID(); | |||||
| if ($this->getObjectPHID() !== $object->getPHID()) { | |||||
| throw new Exception( | |||||
| pht( | |||||
| 'This password is associated with a an object PHID ("%s") for '. | |||||
| 'a different object than the provided one ("%s").', | |||||
Not Done Inline Actions"associated with an object" amckinley: "associated with an object" | |||||
| $this->getObjectPHID(), | |||||
| $object->getPHID())); | |||||
| } | |||||
| $raw_input = PhabricatorHash::digestPassword($password, $object_phid); | |||||
| return new PhutilOpaqueEnvelope($raw_input); | |||||
| } | |||||
| /* -( PhabricatorPolicyInterface )----------------------------------------- */ | |||||
| public function getCapabilities() { | |||||
| return array( | |||||
| PhabricatorPolicyCapability::CAN_VIEW, | |||||
| ); | |||||
| } | |||||
| public function getPolicy($capability) { | |||||
| return PhabricatorPolicies::getMostOpenPolicy(); | |||||
| } | |||||
| public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | |||||
| return false; | |||||
| } | |||||
| /* -( PhabricatorExtendedPolicyInterface )--------------------------------- */ | |||||
| public function getExtendedPolicy($capability, PhabricatorUser $viewer) { | |||||
| return array( | |||||
| array($this->getObject(), PhabricatorPolicyCapability::CAN_VIEW), | |||||
| ); | |||||
| } | |||||
| /* -( PhabricatorDestructibleInterface )----------------------------------- */ | |||||
| public function destroyObjectPermanently( | |||||
| PhabricatorDestructionEngine $engine) { | |||||
| $this->delete(); | |||||
| } | |||||
| /* -( PhabricatorApplicationTransactionInterface )------------------------- */ | |||||
| public function getApplicationTransactionEditor() { | |||||
| return new PhabricatorAuthPasswordEditor(); | |||||
| } | |||||
| public function getApplicationTransactionObject() { | |||||
| return $this; | |||||
| } | |||||
| public function getApplicationTransactionTemplate() { | |||||
| return new PhabricatorAuthPasswordTransaction(); | |||||
| } | |||||
| public function willRenderTimeline( | |||||
| PhabricatorApplicationTransactionView $timeline, | |||||
| AphrontRequest $request) { | |||||
| return $timeline; | |||||
| } | |||||
| } | |||||
What's a "test" password?