From 12484acfc8cb00565acb26402bce16f02070ae68 Mon Sep 17 00:00:00 2001
From: Chris Novakovic <chris@chrisn.me.uk>
Date: Mon, 13 Sep 2021 13:19:15 +0100
Subject: [PATCH] Handle ERR-INVALID-AUTH responses from Conduit in patch
 workflow

Summary:
Conduit responds to requests with either `ERR-INVALID-SESSION` or `ERR-INVALID-AUTH` if the request wasn't sufficiently authenticated. Arcanist's `patch` workflow can automatically attempt to recover from situations in which Conduit responds to unauthenticated requests with `ERR-INVALID-SESSION` (by resending an authenticated version of the request), but not `ERR-INVALID-AUTH` - recover from `ERR-INVALID-AUTH` in the same way.

Closes T15333

Test Plan: The company I work for has been running a local clone of Arcanist containing this change in production for over 18 months now with no problems.

Reviewers: #blessed_committers, O1 Blessed Committers, valerio.bozzolan, avivey

Reviewed By: #blessed_committers, O1 Blessed Committers, valerio.bozzolan, avivey

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15333

Differential Revision: https://we.phorge.it/D25178
---
 src/workflow/ArcanistPatchWorkflow.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/workflow/ArcanistPatchWorkflow.php b/src/workflow/ArcanistPatchWorkflow.php
index 8ab47719..8997afb8 100644
--- a/src/workflow/ArcanistPatchWorkflow.php
+++ b/src/workflow/ArcanistPatchWorkflow.php
@@ -391,7 +391,8 @@ EOTEXT
           break;
       }
     } catch (ConduitClientException $ex) {
-      if ($ex->getErrorCode() == 'ERR-INVALID-SESSION') {
+      if ($ex->getErrorCode() == 'ERR-INVALID-SESSION' ||
+           $ex->getErrorCode() == 'ERR-INVALID-AUTH') {
         // Phabricator is not configured to allow anonymous access to
         // Differential.
         $this->authenticateConduit();