2014-01-14 20:05:45 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
final class PhabricatorAuthSession extends PhabricatorAuthDAO
|
|
|
|
implements PhabricatorPolicyInterface {
|
|
|
|
|
2014-01-14 22:22:34 +01:00
|
|
|
const TYPE_WEB = 'web';
|
|
|
|
const TYPE_CONDUIT = 'conduit';
|
|
|
|
|
2014-01-14 20:05:45 +01:00
|
|
|
protected $userPHID;
|
|
|
|
protected $type;
|
|
|
|
protected $sessionKey;
|
|
|
|
protected $sessionStart;
|
2014-01-15 22:56:16 +01:00
|
|
|
protected $sessionExpires;
|
2014-04-28 02:31:11 +02:00
|
|
|
protected $highSecurityUntil;
|
2014-05-01 19:23:02 +02:00
|
|
|
protected $isPartial;
|
2014-01-14 20:05:45 +01:00
|
|
|
|
|
|
|
private $identityObject = self::ATTACHABLE;
|
|
|
|
|
|
|
|
public function getConfiguration() {
|
|
|
|
return array(
|
|
|
|
self::CONFIG_TIMESTAMPS => false,
|
Generate expected schemata for User/People tables
Summary:
Ref T1191. Some notes here:
- Drops the old LDAP and OAuth info tables. These were migrated to the ExternalAccount table a very long time ago.
- Separates surplus/missing keys from other types of surplus/missing things. In the long run, my plan is to have only two notice levels:
- Error: something we can't fix (missing database, table, or column; overlong key).
- Warning: something we can fix (surplus anything, missing key, bad column type, bad key columns, bad uniqueness, bad collation or charset).
- For now, retaining three levels is helpful in generating all the expected scheamta.
Test Plan:
- Saw ~200 issues resolve, leaving ~1,300.
- Grepped for removed tables.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T1191
Differential Revision: https://secure.phabricator.com/D10580
2014-10-01 16:36:47 +02:00
|
|
|
self::CONFIG_COLUMN_SCHEMA => array(
|
|
|
|
'type' => 'text32',
|
|
|
|
'sessionKey' => 'bytes40',
|
|
|
|
'sessionStart' => 'epoch',
|
|
|
|
'sessionExpires' => 'epoch',
|
|
|
|
'highSecurityUntil' => 'epoch?',
|
|
|
|
'isPartial' => 'bool',
|
|
|
|
),
|
|
|
|
self::CONFIG_KEY_SCHEMA => array(
|
|
|
|
'sessionKey' => array(
|
|
|
|
'columns' => array('sessionKey'),
|
|
|
|
'unique' => true,
|
|
|
|
),
|
|
|
|
'key_identity' => array(
|
|
|
|
'columns' => array('userPHID', 'type'),
|
|
|
|
),
|
|
|
|
'key_expires' => array(
|
|
|
|
'columns' => array('sessionExpires'),
|
|
|
|
),
|
|
|
|
),
|
2014-01-14 20:05:45 +01:00
|
|
|
) + parent::getConfiguration();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getApplicationName() {
|
|
|
|
// This table predates the "Auth" application, and really all applications.
|
|
|
|
return 'user';
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getTableName() {
|
|
|
|
// This is a very old table with a nonstandard name.
|
|
|
|
return PhabricatorUser::SESSION_TABLE;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function attachIdentityObject($identity_object) {
|
|
|
|
$this->identityObject = $identity_object;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getIdentityObject() {
|
|
|
|
return $this->assertAttached($this->identityObject);
|
|
|
|
}
|
|
|
|
|
2014-01-15 22:56:16 +01:00
|
|
|
public static function getSessionTypeTTL($session_type) {
|
|
|
|
switch ($session_type) {
|
|
|
|
case self::TYPE_WEB:
|
2014-05-01 19:23:19 +02:00
|
|
|
return phutil_units('30 days in seconds');
|
2014-01-15 22:56:16 +01:00
|
|
|
case self::TYPE_CONDUIT:
|
2014-05-01 19:23:19 +02:00
|
|
|
return phutil_units('24 hours in seconds');
|
2014-01-15 22:56:16 +01:00
|
|
|
default:
|
|
|
|
throw new Exception(pht('Unknown session type "%s".', $session_type));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-01-14 20:05:45 +01:00
|
|
|
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
|
|
|
|
|
|
|
|
|
|
|
public function getCapabilities() {
|
|
|
|
return array(
|
|
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getPolicy($capability) {
|
|
|
|
return PhabricatorPolicies::POLICY_NOONE;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
|
|
|
if (!$viewer->getPHID()) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$object = $this->getIdentityObject();
|
|
|
|
if ($object instanceof PhabricatorUser) {
|
|
|
|
return ($object->getPHID() == $viewer->getPHID());
|
|
|
|
} else if ($object instanceof PhabricatorExternalAccount) {
|
|
|
|
return ($object->getUserPHID() == $viewer->getPHID());
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function describeAutomaticCapability($capability) {
|
|
|
|
return pht('A session is visible only to its owner.');
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|