phorge-phorge/src/applications/conduit/controller/token/PhabricatorConduitTokenController.php

<?php

/*
 * Copyright 2012 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/**
 * @group conduit
 */
class PhabricatorConduitTokenController extends PhabricatorConduitController {

  public function processRequest() {

    $user = $this->getRequest()->getUser();

    // Ideally we'd like to verify this, but it's fine to leave it unguarded
    // for now and verifying it would need some Ajax junk or for the user to
    // click a button or similar.
    $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

    $old_token = id(new PhabricatorConduitCertificateToken())
      ->loadOneWhere(
        'userPHID = %s',
        $user->getPHID());
    if ($old_token) {
      $old_token->delete();
    }

    $token = id(new PhabricatorConduitCertificateToken())
      ->setUserPHID($user->getPHID())
      ->setToken(Filesystem::readRandomCharacters(40))
      ->save();

    $panel = new AphrontPanelView();
    $panel->setHeader('Certificate Install Token');
    $panel->setWidth(AphrontPanelView::WIDTH_FORM);

    $panel->appendChild(
      '<p class="aphront-form-instructions">Copy and paste this token into '.
      'the prompt given to you by "arc install-certificate":</p>'.
      '<p style="padding: 0 0 1em 4em;">'.
        '<strong>'.phutil_escape_html($token->getToken()).'</strong>'.
      '</p>'.
      '<p class="aphront-form-instructions">arc will then complete the '.
      'install process for you.</p>');

    $this->setFilter('token');
    $this->setShowSideNav(false);

    return $this->buildStandardPageResponse(
      $panel,
      array(
        'title' => 'Certificate Install Token',
      ));
  }
}
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`<?php`

			`/*`
Conduit -- kill tabs Summary: this has a single side nav now. added a Utilites section below the methods which houses Logs and Token. On logs I ended up deleting this whole concept of "view" and the existing side nav -- I think there were plans to add a way to filter down to subset of the conduit calls. For logs, I envision that being a separate first class tool when / if we think we need additional complexity. On token I made the form FULL so it was like the rest of the views in this page. Test Plan: looks good! clicked on a few methods and it worked! clicked on the logs and they were there! clicked on the pager within the logs and it worked! checked out the token page and it looked good too. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T631 Differential Revision: https://secure.phabricator.com/D1499 2012-01-26 21:47:23 +01:00			`* Copyright 2012 Facebook, Inc.`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

Provide basic Conduit documentation. 2011-07-04 21:03:36 +02:00			`/**`
			`* @group conduit`
			`*/`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`class PhabricatorConduitTokenController extends PhabricatorConduitController {`

			`public function processRequest() {`

			`$user = $this->getRequest()->getUser();`

Unguard another safe write in Conduit token generation. 2011-08-17 21:00:35 +02:00			`// Ideally we'd like to verify this, but it's fine to leave it unguarded`
			`// for now and verifying it would need some Ajax junk or for the user to`
			`// click a button or similar.`
			`$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();`

"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`$old_token = id(new PhabricatorConduitCertificateToken())`
			`->loadOneWhere(`
			`'userPHID = %s',`
			`$user->getPHID());`
			`if ($old_token) {`
			`$old_token->delete();`
			`}`

			`$token = id(new PhabricatorConduitCertificateToken())`
			`->setUserPHID($user->getPHID())`
Replace callsites to sha1() that use it to asciify entropy with Filesystem::readRandomCharacters() Summary: See T547. To improve auditability of use of crypto-sensitive hash functions, use Filesystem::readRandomCharacters() in place of sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII strings. Test Plan: - Generated a new PHID. - Logged out and logged back in (to test sessions). - Regenerated Conduit certificate. - Created a new task, verified mail key generated sensibly. - Created a new revision, verified mail key generated sensibly. - Ran "arc list", got blocked, installed new certificate, ran "arc list" again. Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews Reviewed By: jungejason CC: aran, epriestley, jungejason Differential Revision: 1000 2011-10-11 04:22:30 +02:00			`->setToken(Filesystem::readRandomCharacters(40))`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`->save();`

			`$panel = new AphrontPanelView();`
			`$panel->setHeader('Certificate Install Token');`
			`$panel->setWidth(AphrontPanelView::WIDTH_FORM);`

			`$panel->appendChild(`
			`'<p class="aphront-form-instructions">Copy and paste this token into '.`
			`'the prompt given to you by "arc install-certificate":</p>'.`
			`'<p style="padding: 0 0 1em 4em;">'.`
			`'<strong>'.phutil_escape_html($token->getToken()).'</strong>'.`
			`'</p>'.`
			`'<p class="aphront-form-instructions">arc will then complete the '.`
			`'install process for you.</p>');`

Conduit -- kill tabs Summary: this has a single side nav now. added a Utilites section below the methods which houses Logs and Token. On logs I ended up deleting this whole concept of "view" and the existing side nav -- I think there were plans to add a way to filter down to subset of the conduit calls. For logs, I envision that being a separate first class tool when / if we think we need additional complexity. On token I made the form FULL so it was like the rest of the views in this page. Test Plan: looks good! clicked on a few methods and it worked! clicked on the logs and they were there! clicked on the pager within the logs and it worked! checked out the token page and it looked good too. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T631 Differential Revision: https://secure.phabricator.com/D1499 2012-01-26 21:47:23 +01:00			`$this->setFilter('token');`
			`$this->setShowSideNav(false);`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00
			`return $this->buildStandardPageResponse(`
			`$panel,`
			`array(`
			`'title' => 'Certificate Install Token',`
			`));`
			`}`
			`}`