phorge-phorge/src/applications/auth/storage/PhabricatorAuthSession.php

<?php

final class PhabricatorAuthSession extends PhabricatorAuthDAO
  implements PhabricatorPolicyInterface {

  const TYPE_WEB      = 'web';
  const TYPE_CONDUIT  = 'conduit';

  protected $userPHID;
  protected $type;
  protected $sessionKey;
  protected $sessionStart;
  protected $sessionExpires;
  protected $highSecurityUntil;
  protected $isPartial;
  protected $signedLegalpadDocuments;

  private $identityObject = self::ATTACHABLE;

  protected function getConfiguration() {
    return array(
      self::CONFIG_TIMESTAMPS => false,
      self::CONFIG_COLUMN_SCHEMA => array(
        'type' => 'text32',
        'sessionKey' => 'bytes40',
        'sessionStart' => 'epoch',
        'sessionExpires' => 'epoch',
        'highSecurityUntil' => 'epoch?',
        'isPartial' => 'bool',
        'signedLegalpadDocuments' => 'bool',
      ),
      self::CONFIG_KEY_SCHEMA => array(
        'sessionKey' => array(
          'columns' => array('sessionKey'),
          'unique' => true,
        ),
        'key_identity' => array(
          'columns' => array('userPHID', 'type'),
        ),
        'key_expires' => array(
          'columns' => array('sessionExpires'),
        ),
      ),
    ) + parent::getConfiguration();
  }

  public function getApplicationName() {
    // This table predates the "Auth" application, and really all applications.
    return 'user';
  }

  public function getTableName() {
    // This is a very old table with a nonstandard name.
    return PhabricatorUser::SESSION_TABLE;
  }

  public function attachIdentityObject($identity_object) {
    $this->identityObject = $identity_object;
    return $this;
  }

  public function getIdentityObject() {
    return $this->assertAttached($this->identityObject);
  }

  public static function getSessionTypeTTL($session_type) {
    switch ($session_type) {
      case self::TYPE_WEB:
        return phutil_units('30 days in seconds');
      case self::TYPE_CONDUIT:
        return phutil_units('24 hours in seconds');
      default:
        throw new Exception(pht('Unknown session type "%s".', $session_type));
    }
  }

/* -(  PhabricatorPolicyInterface  )----------------------------------------- */


  public function getCapabilities() {
    return array(
      PhabricatorPolicyCapability::CAN_VIEW,
    );
  }

  public function getPolicy($capability) {
    return PhabricatorPolicies::POLICY_NOONE;
  }

  public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
    if (!$viewer->getPHID()) {
      return false;
    }

    $object = $this->getIdentityObject();
    if ($object instanceof PhabricatorUser) {
      return ($object->getPHID() == $viewer->getPHID());
    } else if ($object instanceof PhabricatorExternalAccount) {
      return ($object->getUserPHID() == $viewer->getPHID());
    }

    return false;
  }

  public function describeAutomaticCapability($capability) {
    return pht('A session is visible only to its owner.');
  }

}
Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00			`<?php`

			`final class PhabricatorAuthSession extends PhabricatorAuthDAO`
			`implements PhabricatorPolicyInterface {`

Replace "web" and "conduit" magic session strings with constants Summary: Ref T4310. Ref T3720. We use bare strings to refer to session types in several places right now; use constants instead. Test Plan: grep; logged out; logged in; ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7963 2014-01-14 22:22:34 +01:00			`const TYPE_WEB = 'web';`
			`const TYPE_CONDUIT = 'conduit';`

Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00			`protected $userPHID;`
			`protected $type;`
			`protected $sessionKey;`
			`protected $sessionStart;`
Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`protected $sessionExpires;`
Add "High Security" mode to support multi-factor auth Summary: Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode". This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots. Test Plan: See guided walkthrough. Reviewers: chad, btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8851 2014-04-28 02:31:11 +02:00			`protected $highSecurityUntil;`
Require multiple auth factors to establish web sessions Summary: Ref T4398. This prompts users for multi-factor auth on login. Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one. Test Plan: - Used Conduit. - Logged in as multi-factor user. - Logged in as no-factor user. - Tried to do non-login-things with a partial session. - Reviewed account activity logs. {F149295} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8922 2014-05-01 19:23:02 +02:00			`protected $isPartial;`
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator Summary: Fixes T7159. Test Plan: Created a legalpad document that needed a signature and I was required to sign it no matter what page I hit. Signed it and things worked! Added a new legalpad document and I had to sign again! Ran unit tests and they passed! Logged out as a user who was roadblocked into signing a bunch of stuff and it worked! Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7159 Differential Revision: https://secure.phabricator.com/D11759 2015-02-13 00:22:56 +01:00			`protected $signedLegalpadDocuments;`
Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00
			`private $identityObject = self::ATTACHABLE;`

Fix visiblity of `LiskDAO::getConfiguration()` Summary: Ref T6822. Test Plan: `grep` Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: hach-que, Korvin, epriestley Maniphest Tasks: T6822 Differential Revision: https://secure.phabricator.com/D11370 2015-01-13 20:47:05 +01:00			`protected function getConfiguration() {`
Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00			`return array(`
			`self::CONFIG_TIMESTAMPS => false,`
Generate expected schemata for User/People tables Summary: Ref T1191. Some notes here: - Drops the old LDAP and OAuth info tables. These were migrated to the ExternalAccount table a very long time ago. - Separates surplus/missing keys from other types of surplus/missing things. In the long run, my plan is to have only two notice levels: - Error: something we can't fix (missing database, table, or column; overlong key). - Warning: something we can fix (surplus anything, missing key, bad column type, bad key columns, bad uniqueness, bad collation or charset). - For now, retaining three levels is helpful in generating all the expected scheamta. Test Plan: - Saw ~200 issues resolve, leaving ~1,300. - Grepped for removed tables. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T1191 Differential Revision: https://secure.phabricator.com/D10580 2014-10-01 16:36:47 +02:00			`self::CONFIG_COLUMN_SCHEMA => array(`
			`'type' => 'text32',`
			`'sessionKey' => 'bytes40',`
			`'sessionStart' => 'epoch',`
			`'sessionExpires' => 'epoch',`
			`'highSecurityUntil' => 'epoch?',`
			`'isPartial' => 'bool',`
Legalpad - allow for legalpad documents to be required to be signed for using Phabricator Summary: Fixes T7159. Test Plan: Created a legalpad document that needed a signature and I was required to sign it no matter what page I hit. Signed it and things worked! Added a new legalpad document and I had to sign again! Ran unit tests and they passed! Logged out as a user who was roadblocked into signing a bunch of stuff and it worked! Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7159 Differential Revision: https://secure.phabricator.com/D11759 2015-02-13 00:22:56 +01:00			`'signedLegalpadDocuments' => 'bool',`
Generate expected schemata for User/People tables Summary: Ref T1191. Some notes here: - Drops the old LDAP and OAuth info tables. These were migrated to the ExternalAccount table a very long time ago. - Separates surplus/missing keys from other types of surplus/missing things. In the long run, my plan is to have only two notice levels: - Error: something we can't fix (missing database, table, or column; overlong key). - Warning: something we can fix (surplus anything, missing key, bad column type, bad key columns, bad uniqueness, bad collation or charset). - For now, retaining three levels is helpful in generating all the expected scheamta. Test Plan: - Saw ~200 issues resolve, leaving ~1,300. - Grepped for removed tables. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T1191 Differential Revision: https://secure.phabricator.com/D10580 2014-10-01 16:36:47 +02:00			`),`
			`self::CONFIG_KEY_SCHEMA => array(`
			`'sessionKey' => array(`
			`'columns' => array('sessionKey'),`
			`'unique' => true,`
			`),`
			`'key_identity' => array(`
			`'columns' => array('userPHID', 'type'),`
			`),`
			`'key_expires' => array(`
			`'columns' => array('sessionExpires'),`
			`),`
			`),`
Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00			`) + parent::getConfiguration();`
			`}`

			`public function getApplicationName() {`
			`// This table predates the "Auth" application, and really all applications.`
			`return 'user';`
			`}`

			`public function getTableName() {`
			`// This is a very old table with a nonstandard name.`
			`return PhabricatorUser::SESSION_TABLE;`
			`}`

			`public function attachIdentityObject($identity_object) {`
			`$this->identityObject = $identity_object;`
			`return $this;`
			`}`

			`public function getIdentityObject() {`
			`return $this->assertAttached($this->identityObject);`
			`}`

Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`public static function getSessionTypeTTL($session_type) {`
			`switch ($session_type) {`
			`case self::TYPE_WEB:`
Minor cleanup of some session code Summary: Ref T4398. Add some documentation and use `phutil_units()`. Test Plan: - Established a web session. - Established a conduit session. - Entered and exited hisec. - Used "Sessions" panel to examine results. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8924 2014-05-01 19:23:19 +02:00			`return phutil_units('30 days in seconds');`
Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`case self::TYPE_CONDUIT:`
Minor cleanup of some session code Summary: Ref T4398. Add some documentation and use `phutil_units()`. Test Plan: - Established a web session. - Established a conduit session. - Entered and exited hisec. - Used "Sessions" panel to examine results. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8924 2014-05-01 19:23:19 +02:00			`return phutil_units('24 hours in seconds');`
Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`default:`
			`throw new Exception(pht('Unknown session type "%s".', $session_type));`
			`}`
			`}`

Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954 2014-01-14 20:05:45 +01:00			`/* -( PhabricatorPolicyInterface )----------------------------------------- */`


			`public function getCapabilities() {`
			`return array(`
			`PhabricatorPolicyCapability::CAN_VIEW,`
			`);`
			`}`

			`public function getPolicy($capability) {`
			`return PhabricatorPolicies::POLICY_NOONE;`
			`}`

			`public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {`
			`if (!$viewer->getPHID()) {`
			`return false;`
			`}`

			`$object = $this->getIdentityObject();`
			`if ($object instanceof PhabricatorUser) {`
			`return ($object->getPHID() == $viewer->getPHID());`
			`} else if ($object instanceof PhabricatorExternalAccount) {`
			`return ($object->getUserPHID() == $viewer->getPHID());`
			`}`

			`return false;`
			`}`

			`public function describeAutomaticCapability($capability) {`
			`return pht('A session is visible only to its owner.');`
			`}`

			`}`