2011-06-14 12:17:14 -07:00
|
|
|
<?php
|
|
|
|
|
Rename Conduit classes
Summary: Ref T5655. Rename Conduit classes and provide a `getAPIMethodName` method to declare the API method.
Test Plan:
```
> echo '{}' | arc --conduit-uri='http://phabricator.joshuaspence.com' call-conduit user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-lioqffnwn6y475mu5ndb","userName":"josh","realName":"Joshua Spence","image":"http:\/\/phabricator.joshuaspence.com\/res\/1404425321T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/phabricator.joshuaspence.com\/p\/josh\/","roles":["admin","verified","approved","activated"]}}
```
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley, #blessed_reviewers
Subscribers: epriestley, Korvin, hach-que
Maniphest Tasks: T5655
Differential Revision: https://secure.phabricator.com/D9991
2014-07-25 10:54:15 +10:00
|
|
|
final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {
|
|
|
|
|
|
|
|
public function getAPIMethodName() {
|
|
|
|
return 'conduit.getcertificate';
|
|
|
|
}
|
2011-06-14 12:17:14 -07:00
|
|
|
|
|
|
|
public function shouldRequireAuthentication() {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-08-17 12:26:30 -07:00
|
|
|
public function shouldAllowUnguardedWrites() {
|
|
|
|
// This method performs logging and is on the authentication pathway.
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2011-06-14 12:17:14 -07:00
|
|
|
public function getMethodDescription() {
|
2014-06-09 11:36:49 -07:00
|
|
|
return 'Retrieve certificate information for a user.';
|
2011-06-14 12:17:14 -07:00
|
|
|
}
|
|
|
|
|
2015-04-12 15:59:07 -07:00
|
|
|
protected function defineParamTypes() {
|
2011-06-14 12:17:14 -07:00
|
|
|
return array(
|
|
|
|
'token' => 'required string',
|
2011-07-05 07:21:04 -07:00
|
|
|
'host' => 'required string',
|
2011-06-14 12:17:14 -07:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2015-04-12 15:59:07 -07:00
|
|
|
protected function defineReturnType() {
|
2011-06-14 12:17:14 -07:00
|
|
|
return 'dict<string, any>';
|
|
|
|
}
|
|
|
|
|
2015-04-12 15:59:07 -07:00
|
|
|
protected function defineErrorTypes() {
|
2011-06-14 12:17:14 -07:00
|
|
|
return array(
|
2014-06-09 11:36:49 -07:00
|
|
|
'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',
|
|
|
|
'ERR-RATE-LIMIT' =>
|
|
|
|
'You have made too many invalid token requests recently. Wait before '.
|
|
|
|
'making more.',
|
2011-06-14 12:17:14 -07:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function execute(ConduitAPIRequest $request) {
|
|
|
|
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
|
|
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
|
|
|
|
60 * 5);
|
|
|
|
|
|
|
|
if (count($failed_attempts) > 5) {
|
2014-04-28 15:44:52 -07:00
|
|
|
$this->logFailure($request);
|
2011-06-14 12:17:14 -07:00
|
|
|
throw new ConduitException('ERR-RATE-LIMIT');
|
|
|
|
}
|
|
|
|
|
|
|
|
$token = $request->getValue('token');
|
|
|
|
$info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
|
|
|
|
'token = %s',
|
|
|
|
trim($token));
|
|
|
|
|
|
|
|
if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
|
2014-04-28 15:44:52 -07:00
|
|
|
$this->logFailure($request, $info);
|
2011-06-14 12:17:14 -07:00
|
|
|
throw new ConduitException('ERR-BAD-TOKEN');
|
|
|
|
} else {
|
2014-04-28 15:44:52 -07:00
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
|
|
$request->getUser(),
|
|
|
|
$info->getUserPHID(),
|
|
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
|
2011-06-14 12:17:14 -07:00
|
|
|
->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
|
|
'phid = %s',
|
|
|
|
$info->getUserPHID());
|
|
|
|
if (!$user) {
|
2014-06-09 11:36:49 -07:00
|
|
|
throw new Exception('Certificate token points to an invalid user!');
|
2011-06-14 12:17:14 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
return array(
|
|
|
|
'username' => $user->getUserName(),
|
|
|
|
'certificate' => $user->getConduitCertificate(),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2014-04-28 15:44:52 -07:00
|
|
|
private function logFailure(
|
2014-07-10 08:12:48 +10:00
|
|
|
ConduitAPIRequest $request,
|
|
|
|
PhabricatorConduitCertificateToken $info = null) {
|
2011-08-17 12:26:30 -07:00
|
|
|
|
2014-04-28 15:44:52 -07:00
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
|
|
$request->getUser(),
|
|
|
|
$info ? $info->getUserPHID() : '-',
|
|
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
|
2011-06-14 12:17:14 -07:00
|
|
|
->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|