phorge-phorge/src/applications/auth/engine/PhabricatorAuthSessionEngine.php

<?php

final class PhabricatorAuthSessionEngine extends Phobject {

  public function loadUserForSession($session_type, $session_key) {
    $session_table = new PhabricatorAuthSession();
    $user_table = new PhabricatorUser();
    $conn_r = $session_table->establishConnection('r');

    // NOTE: We're being clever here because this happens on every page load,
    // and by joining we can save a query.

    $info = queryfx_one(
      $conn_r,
      'SELECT s.sessionExpires AS _sessionExpires, s.id AS _sessionID, u.*
        FROM %T u JOIN %T s ON u.phid = s.userPHID
        AND s.type = %s AND s.sessionKey = %s',
      $user_table->getTableName(),
      $session_table->getTableName(),
      $session_type,
      PhabricatorHash::digest($session_key));

    if (!$info) {
      return null;
    }

    $expires = $info['_sessionExpires'];
    $id = $info['_sessionID'];
    unset($info['_sessionExpires']);
    unset($info['_sessionID']);

    $ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

    // If more than 20% of the time on this session has been used, refresh the
    // TTL back up to the full duration. The idea here is that sessions are
    // good forever if used regularly, but get GC'd when they fall out of use.

    if (time() + (0.80 * $ttl) > $expires) {
      $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
        $conn_w = $session_table->establishConnection('w');
        queryfx(
          $conn_w,
          'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d',
          $session_table->getTableName(),
          $ttl,
          $id);
      unset($unguarded);
    }

    return $user_table->loadFromArray($info);
  }


  /**
   * Issue a new session key for a given identity. Phabricator supports
   * different types of sessions (like "web" and "conduit") and each session
   * type may have multiple concurrent sessions (this allows a user to be
   * logged in on multiple browsers at the same time, for instance).
   *
   * Note that this method is transport-agnostic and does not set cookies or
   * issue other types of tokens, it ONLY generates a new session key.
   *
   * You can configure the maximum number of concurrent sessions for various
   * session types in the Phabricator configuration.
   *
   * @param   const   Session type constant (see
   *                  @{class:PhabricatorAuthSession}).
   * @param   phid    Identity to establish a session for, usually a user PHID.
   * @return  string  Newly generated session key.
   */
  public function establishSession($session_type, $identity_phid) {
    $session_table = new PhabricatorAuthSession();
    $conn_w = $session_table->establishConnection('w');

    // Consume entropy to generate a new session key, forestalling the eventual
    // heat death of the universe.
    $session_key = Filesystem::readRandomCharacters(40);

    // This has a side effect of validating the session type.
    $session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

    // Logging-in users don't have CSRF stuff yet, so we have to unguard this
    // write.
    $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
      id(new PhabricatorAuthSession())
        ->setUserPHID($identity_phid)
        ->setType($session_type)
        ->setSessionKey(PhabricatorHash::digest($session_key))
        ->setSessionStart(time())
        ->setSessionExpires(time() + $session_ttl)
        ->save();

      $log = PhabricatorUserLog::initializeNewLog(
        null,
        $identity_phid,
        PhabricatorUserLog::ACTION_LOGIN);
      $log->setDetails(
        array(
          'session_type' => $session_type,
        ));
      $log->setSession($session_key);
      $log->save();
    unset($unguarded);

    return $session_key;
  }

}
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`<?php`

			`final class PhabricatorAuthSessionEngine extends Phobject {`

			`public function loadUserForSession($session_type, $session_key) {`
			`$session_table = new PhabricatorAuthSession();`
			`$user_table = new PhabricatorUser();`
Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`$conn_r = $session_table->establishConnection('r');`

			`// NOTE: We're being clever here because this happens on every page load,`
			`// and by joining we can save a query.`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00
			`$info = queryfx_one(`
			`$conn_r,`
Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`'SELECT s.sessionExpires AS _sessionExpires, s.id AS _sessionID, u.*`
			`FROM %T u JOIN %T s ON u.phid = s.userPHID`
Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`AND s.type = %s AND s.sessionKey = %s',`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`$user_table->getTableName(),`
			`$session_table->getTableName(),`
Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`$session_type,`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`PhabricatorHash::digest($session_key));`

			`if (!$info) {`
			`return null;`
			`}`

Expire and garbage collect unused sessions Summary: Ref T3720. Ref T4310. Currently, we limit the maximum number of concurrent sessions of each type. This is primarily because sessions predate garbage collection and we had no way to prevent the session table from growing fairly quickly and without bound unless we did this. Now that we have GC (and it's modular!) we can just expire unused sessions after a while and throw them away: - Add a `sessionExpires` column to the table, with a key. - Add a GC for old sessions. - When we establish a session, set `sessionExpires` to the current time plus the session TTL. - When a user uses a session and has used up more than 20% of the time on it, extend the session. In addition to this, we could also rotate sessions, but I think that provides very little value. If we do want to implement it, we should hold it until after T3720 / T4310. Test Plan: - Ran schema changes. - Looked at database. - Tested GC: - Started GC. - Set expires on one row to the past. - Restarted GC. - Verified GC nuked the session. - Logged in. - Logged out. - Ran Conduit method. - Tested refresh: - Set threshold to 0.0001% instead of 20%. - Loaded page. - Saw a session extension ever few page loads. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7976 2014-01-15 22:56:16 +01:00			`$expires = $info['_sessionExpires'];`
			`$id = $info['_sessionID'];`
			`unset($info['_sessionExpires']);`
			`unset($info['_sessionID']);`

			`$ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);`

			`// If more than 20% of the time on this session has been used, refresh the`
			`// TTL back up to the full duration. The idea here is that sessions are`
			`// good forever if used regularly, but get GC'd when they fall out of use.`

			`if (time() + (0.80 * $ttl) > $expires) {`
			`$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();`
			`$conn_w = $session_table->establishConnection('w');`
			`queryfx(`
			`$conn_w,`
			`'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d',`
			`$session_table->getTableName(),`
			`$ttl,`
			`$id);`
			`unset($unguarded);`
			`}`

Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`return $user_table->loadFromArray($info);`
			`}`


			`/**`
			`* Issue a new session key for a given identity. Phabricator supports`
			`* different types of sessions (like "web" and "conduit") and each session`
			`* type may have multiple concurrent sessions (this allows a user to be`
			`* logged in on multiple browsers at the same time, for instance).`
			`*`
			`* Note that this method is transport-agnostic and does not set cookies or`
			`* issue other types of tokens, it ONLY generates a new session key.`
			`*`
			`* You can configure the maximum number of concurrent sessions for various`
			`* session types in the Phabricator configuration.`
			`*`
Replace "web" and "conduit" magic session strings with constants Summary: Ref T4310. Ref T3720. We use bare strings to refer to session types in several places right now; use constants instead. Test Plan: grep; logged out; logged in; ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7963 2014-01-14 22:22:34 +01:00			`* @param const Session type constant (see`
			`* @{class:PhabricatorAuthSession}).`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`* @param phid Identity to establish a session for, usually a user PHID.`
			`* @return string Newly generated session key.`
			`*/`
			`public function establishSession($session_type, $identity_phid) {`
			`$session_table = new PhabricatorAuthSession();`
			`$conn_w = $session_table->establishConnection('w');`

			`// Consume entropy to generate a new session key, forestalling the eventual`
			`// heat death of the universe.`
			`$session_key = Filesystem::readRandomCharacters(40);`

Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`// This has a side effect of validating the session type.`
			`$session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00
Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`// Logging-in users don't have CSRF stuff yet, so we have to unguard this`
			`// write.`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();`
Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`id(new PhabricatorAuthSession())`
			`->setUserPHID($identity_phid)`
			`->setType($session_type)`
			`->setSessionKey(PhabricatorHash::digest($session_key))`
			`->setSessionStart(time())`
			`->setSessionExpires(time() + $session_ttl)`
			`->save();`

			`$log = PhabricatorUserLog::initializeNewLog(`
			`null,`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00			`$identity_phid,`
Remove session limits and sequencing Summary: Ref T4310. Fixes T3720. This change: - Removes concurrent session limits. Instead, unused sessions are GC'd after a while. - Collapses all existing "web-1", "web-2", etc., sessions into "web" sessions. - Dramatically simplifies the code for establishing a session (like omg). Test Plan: Ran migration, checked Sessions panel and database for sanity. Used existing session. Logged out, logged in. Ran Conduit commands. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7978 2014-01-16 02:27:59 +01:00			`PhabricatorUserLog::ACTION_LOGIN);`
			`$log->setDetails(`
			`array(`
			`'session_type' => $session_type,`
			`));`
			`$log->setSession($session_key);`
			`$log->save();`
			`unset($unguarded);`
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962 2014-01-14 22:22:27 +01:00
			`return $session_key;`
			`}`

			`}`