phorge-phorge/src/applications/conduit/controller/PhabricatorConduitTokenTerminateController.php

<?php

final class PhabricatorConduitTokenTerminateController
  extends PhabricatorConduitController {

  public function handleRequest(AphrontRequest $request) {
    $viewer = $request->getViewer();
    $object_phid = $request->getStr('objectPHID');
    $id = $request->getURIData('id');

    if ($id) {
      $token = id(new PhabricatorConduitTokenQuery())
        ->setViewer($viewer)
        ->withIDs(array($id))
        ->withExpired(false)
        ->requireCapabilities(
          array(
            PhabricatorPolicyCapability::CAN_VIEW,
            PhabricatorPolicyCapability::CAN_EDIT,
          ))
        ->executeOne();
      if (!$token) {
        return new Aphront404Response();
      }

      $tokens = array($token);
      $object_phid = $token->getObjectPHID();

      $title = pht('Terminate API Token');
      $body = pht(
        'Really terminate this token? Any system using this token '.
        'will no longer be able to make API requests.');
      $submit_button = pht('Terminate Token');
    } else {
      $tokens = id(new PhabricatorConduitTokenQuery())
        ->setViewer($viewer)
        ->withObjectPHIDs(array($object_phid))
        ->withExpired(false)
        ->requireCapabilities(
          array(
            PhabricatorPolicyCapability::CAN_VIEW,
            PhabricatorPolicyCapability::CAN_EDIT,
          ))
        ->execute();

      $title = pht('Terminate API Tokens');
      $body = pht(
        'Really terminate all active API tokens? Any systems using these '.
        'tokens will no longer be able to make API requests.');
      $submit_button = pht('Terminate Tokens');
    }

    if ($object_phid != $viewer->getPHID()) {
      $object = id(new PhabricatorObjectQuery())
        ->setViewer($viewer)
        ->withPHIDs(array($object_phid))
        ->executeOne();
      if (!$object) {
        return new Aphront404Response();
      }
    } else {
      $object = $viewer;
    }

    $panel_uri = id(new PhabricatorConduitTokensSettingsPanel())
      ->setViewer($viewer)
      ->setUser($object)
      ->getPanelURI();

    id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
      $viewer,
      $request,
      $panel_uri);

    if (!$tokens) {
      return $this->newDialog()
        ->setTitle(pht('No Tokens to Terminate'))
        ->appendParagraph(
          pht('There are no API tokens to terminate.'))
        ->addCancelButton($panel_uri);
    }

    if ($request->isFormPost()) {
      foreach ($tokens as $token) {
        $token
          ->setExpires(PhabricatorTime::getNow() - 60)
          ->save();
      }
      return id(new AphrontRedirectResponse())->setURI($panel_uri);
    }

    return $this->newDialog()
      ->setTitle($title)
      ->addHiddenInput('objectPHID', $object_phid)
      ->appendParagraph($body)
      ->addSubmitButton($submit_button)
      ->addCancelButton($panel_uri);
  }

}
Add Conduit Tokens to make authentication in Conduit somewhat more sane Summary: Ref T5955. Summary of intended changes: Improve Granularity of Authorization: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them. Standardize Token Management: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess. Make Authentication Faster: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this. Make Authentication Simpler: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs. Make Token Management Simpler: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist. Lower Protocol Barrier: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this. Unblock T2783: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required. Test Plan: - Generated tokens. - Generated tokens for a bot account. - Terminated tokens (and for a bot account). - Terminated all tokens (and for a bot account). - Ran GC and saw it reap all the expired tokens. NOTE: These tokens can not actually be used to authenticate yet! {F249658} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5955 Differential Revision: https://secure.phabricator.com/D10985 2014-12-15 11:14:23 -08:00			`<?php`

			`final class PhabricatorConduitTokenTerminateController`
			`extends PhabricatorConduitController {`

			`public function handleRequest(AphrontRequest $request) {`
			`$viewer = $request->getViewer();`
			`$object_phid = $request->getStr('objectPHID');`
			`$id = $request->getURIData('id');`
Update Conduit for handleRequest Summary: Ref T8628. Updates Conduit for handleRequest Test Plan: Use Conduit, test list, method calls, try a query, post this diff. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T8628 Differential Revision: https://secure.phabricator.com/D14265 2015-10-18 16:07:07 -07:00
Add Conduit Tokens to make authentication in Conduit somewhat more sane Summary: Ref T5955. Summary of intended changes: Improve Granularity of Authorization: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them. Standardize Token Management: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess. Make Authentication Faster: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this. Make Authentication Simpler: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs. Make Token Management Simpler: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist. Lower Protocol Barrier: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this. Unblock T2783: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required. Test Plan: - Generated tokens. - Generated tokens for a bot account. - Terminated tokens (and for a bot account). - Terminated all tokens (and for a bot account). - Ran GC and saw it reap all the expired tokens. NOTE: These tokens can not actually be used to authenticate yet! {F249658} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5955 Differential Revision: https://secure.phabricator.com/D10985 2014-12-15 11:14:23 -08:00			`if ($id) {`
			`$token = id(new PhabricatorConduitTokenQuery())`
			`->setViewer($viewer)`
			`->withIDs(array($id))`
			`->withExpired(false)`
			`->requireCapabilities(`
			`array(`
			`PhabricatorPolicyCapability::CAN_VIEW,`
			`PhabricatorPolicyCapability::CAN_EDIT,`
			`))`
			`->executeOne();`
			`if (!$token) {`
			`return new Aphront404Response();`
			`}`

			`$tokens = array($token);`
			`$object_phid = $token->getObjectPHID();`

			`$title = pht('Terminate API Token');`
			`$body = pht(`
			`'Really terminate this token? Any system using this token '.`
			`'will no longer be able to make API requests.');`
			`$submit_button = pht('Terminate Token');`
			`} else {`
			`$tokens = id(new PhabricatorConduitTokenQuery())`
			`->setViewer($viewer)`
			`->withObjectPHIDs(array($object_phid))`
			`->withExpired(false)`
			`->requireCapabilities(`
			`array(`
			`PhabricatorPolicyCapability::CAN_VIEW,`
			`PhabricatorPolicyCapability::CAN_EDIT,`
			`))`
			`->execute();`

			`$title = pht('Terminate API Tokens');`
			`$body = pht(`
			`'Really terminate all active API tokens? Any systems using these '.`
			`'tokens will no longer be able to make API requests.');`
			`$submit_button = pht('Terminate Tokens');`
			`}`

			`if ($object_phid != $viewer->getPHID()) {`
			`$object = id(new PhabricatorObjectQuery())`
			`->setViewer($viewer)`
			`->withPHIDs(array($object_phid))`
			`->executeOne();`
			`if (!$object) {`
			`return new Aphront404Response();`
			`}`
Clean up redirect URIs for "Temporary Tokens" and "API Tokens" settings panels Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded. Test Plan: - Generated and revoked API tokens for myself. - Generated and revoked API tokens for bots. - Revoked temporary tokens for myself. - Clicked the link to the API tokens panel from the Conduit console. - Clicked all the cancel buttons in all the dialogs, too. In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots). Reviewers: chad Reviewed By: chad Maniphest Tasks: T11223 Differential Revision: https://secure.phabricator.com/D16185 2016-06-28 14:22:31 -07:00			`} else {`
			`$object = $viewer;`
Add Conduit Tokens to make authentication in Conduit somewhat more sane Summary: Ref T5955. Summary of intended changes: Improve Granularity of Authorization: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them. Standardize Token Management: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess. Make Authentication Faster: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this. Make Authentication Simpler: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs. Make Token Management Simpler: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist. Lower Protocol Barrier: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this. Unblock T2783: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required. Test Plan: - Generated tokens. - Generated tokens for a bot account. - Terminated tokens (and for a bot account). - Terminated all tokens (and for a bot account). - Ran GC and saw it reap all the expired tokens. NOTE: These tokens can not actually be used to authenticate yet! {F249658} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5955 Differential Revision: https://secure.phabricator.com/D10985 2014-12-15 11:14:23 -08:00			`}`

Clean up redirect URIs for "Temporary Tokens" and "API Tokens" settings panels Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded. Test Plan: - Generated and revoked API tokens for myself. - Generated and revoked API tokens for bots. - Revoked temporary tokens for myself. - Clicked the link to the API tokens panel from the Conduit console. - Clicked all the cancel buttons in all the dialogs, too. In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots). Reviewers: chad Reviewed By: chad Maniphest Tasks: T11223 Differential Revision: https://secure.phabricator.com/D16185 2016-06-28 14:22:31 -07:00			`$panel_uri = id(new PhabricatorConduitTokensSettingsPanel())`
			`->setViewer($viewer)`
			`->setUser($object)`
			`->getPanelURI();`

Add Conduit Tokens to make authentication in Conduit somewhat more sane Summary: Ref T5955. Summary of intended changes: Improve Granularity of Authorization: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them. Standardize Token Management: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess. Make Authentication Faster: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this. Make Authentication Simpler: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs. Make Token Management Simpler: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist. Lower Protocol Barrier: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this. Unblock T2783: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required. Test Plan: - Generated tokens. - Generated tokens for a bot account. - Terminated tokens (and for a bot account). - Terminated all tokens (and for a bot account). - Ran GC and saw it reap all the expired tokens. NOTE: These tokens can not actually be used to authenticate yet! {F249658} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5955 Differential Revision: https://secure.phabricator.com/D10985 2014-12-15 11:14:23 -08:00			`id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(`
			`$viewer,`
			`$request,`
			`$panel_uri);`

			`if (!$tokens) {`
			`return $this->newDialog()`
			`->setTitle(pht('No Tokens to Terminate'))`
			`->appendParagraph(`
			`pht('There are no API tokens to terminate.'))`
			`->addCancelButton($panel_uri);`
			`}`

			`if ($request->isFormPost()) {`
			`foreach ($tokens as $token) {`
			`$token`
			`->setExpires(PhabricatorTime::getNow() - 60)`
			`->save();`
			`}`
			`return id(new AphrontRedirectResponse())->setURI($panel_uri);`
			`}`

			`return $this->newDialog()`
			`->setTitle($title)`
			`->addHiddenInput('objectPHID', $object_phid)`
			`->appendParagraph($body)`
			`->addSubmitButton($submit_button)`
			`->addCancelButton($panel_uri);`
			`}`

			`}`