2011-01-24 18:00:29 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/*
|
2012-02-02 07:11:49 +01:00
|
|
|
* Copyright 2012 Facebook, Inc.
|
2011-01-24 18:00:29 +01:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2011-07-04 21:03:36 +02:00
|
|
|
/**
|
|
|
|
|
* @group conduit
|
|
|
|
|
*/
|
2011-01-24 18:00:29 +01:00
|
|
|
abstract class ConduitAPIMethod {
|
|
|
|
|
|
|
|
|
|
abstract public function getMethodDescription();
|
|
|
|
|
abstract public function defineParamTypes();
|
|
|
|
|
abstract public function defineReturnType();
|
|
|
|
|
abstract public function defineErrorTypes();
|
|
|
|
|
abstract protected function execute(ConduitAPIRequest $request);
|
|
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getErrorDescription($error_code) {
|
|
|
|
|
return idx($this->defineErrorTypes(), $error_code, 'Unknown Error');
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-21 23:28:05 +01:00
|
|
|
public function getRequiredScope() {
|
|
|
|
|
// by default, conduit methods are not accessible via OAuth
|
|
|
|
|
return PhabricatorOAuthServerScope::SCOPE_NOT_ACCESSIBLE;
|
|
|
|
|
}
|
|
|
|
|
|
2011-01-24 18:00:29 +01:00
|
|
|
public function executeMethod(ConduitAPIRequest $request) {
|
|
|
|
|
return $this->execute($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getAPIMethodName() {
|
|
|
|
|
return self::getAPIMethodNameFromClassName(get_class($this));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function getClassNameFromAPIMethodName($method_name) {
|
|
|
|
|
$method_fragment = str_replace('.', '_', $method_name);
|
|
|
|
|
return 'ConduitAPI_'.$method_fragment.'_Method';
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-06 07:36:21 +01:00
|
|
|
public function shouldRequireAuthentication() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
public function shouldAllowUnguardedWrites() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2011-01-24 18:00:29 +01:00
|
|
|
public static function getAPIMethodNameFromClassName($class_name) {
|
|
|
|
|
$match = null;
|
|
|
|
|
$is_valid = preg_match(
|
|
|
|
|
'/^ConduitAPI_(.*)_Method$/',
|
|
|
|
|
$class_name,
|
|
|
|
|
$match);
|
|
|
|
|
if (!$is_valid) {
|
|
|
|
|
throw new Exception(
|
|
|
|
|
"Parameter '{$class_name}' is not a valid Conduit API method class.");
|
|
|
|
|
}
|
|
|
|
|
$method_fragment = $match[1];
|
|
|
|
|
return str_replace('_', '.', $method_fragment);
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-05 16:21:04 +02:00
|
|
|
protected function validateHost($host) {
|
|
|
|
|
if (!$host) {
|
|
|
|
|
// If the client doesn't send a host key, don't complain. We should in
|
|
|
|
|
// the future, but this change isn't severe enough to bump the protocol
|
|
|
|
|
// version.
|
|
|
|
|
|
|
|
|
|
// TODO: Remove this once the protocol version gets bumped past 2 (i.e.,
|
|
|
|
|
// require the host key be present and valid).
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$host = new PhutilURI($host);
|
|
|
|
|
$host->setPath('/');
|
|
|
|
|
$host = (string)$host;
|
|
|
|
|
|
2012-02-02 07:11:49 +01:00
|
|
|
$self = PhabricatorEnv::getURI('/');
|
2011-07-05 16:21:04 +02:00
|
|
|
if ($self !== $host) {
|
|
|
|
|
throw new Exception(
|
|
|
|
|
"Your client is connecting to this install as '{$host}', but it is ".
|
|
|
|
|
"configured as '{$self}'. The client and server must use the exact ".
|
|
|
|
|
"same URI to identify the install. Edit your .arcconfig or ".
|
|
|
|
|
"phabricator/conf so they agree on the URI for the install.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-01-24 18:00:29 +01:00
|
|
|
}
|
