phorge-phorge/src/applications/conduit/method/ConduitGetCertificateConduitAPIMethod.php

<?php

final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {

  public function getAPIMethodName() {
    return 'conduit.getcertificate';
  }

  public function shouldRequireAuthentication() {
    return false;
  }

  public function shouldAllowUnguardedWrites() {
    // This method performs logging and is on the authentication pathway.
    return true;
  }

  public function getMethodDescription() {
    return 'Retrieve certificate information for a user.';
  }

  public function defineParamTypes() {
    return array(
      'token' => 'required string',
      'host'  => 'required string',
    );
  }

  public function defineReturnType() {
    return 'dict<string, any>';
  }

  public function defineErrorTypes() {
    return array(
      'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',
      'ERR-RATE-LIMIT' =>
        'You have made too many invalid token requests recently. Wait before '.
        'making more.',
    );
  }

  protected function execute(ConduitAPIRequest $request) {
    $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
      PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
      60 * 5);

    if (count($failed_attempts) > 5) {
      $this->logFailure($request);
      throw new ConduitException('ERR-RATE-LIMIT');
    }

    $token = $request->getValue('token');
    $info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
      'token = %s',
      trim($token));

    if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
      $this->logFailure($request, $info);
      throw new ConduitException('ERR-BAD-TOKEN');
    } else {
      $log = PhabricatorUserLog::initializeNewLog(
          $request->getUser(),
          $info->getUserPHID(),
          PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
        ->save();
    }

    $user = id(new PhabricatorUser())->loadOneWhere(
      'phid = %s',
      $info->getUserPHID());
    if (!$user) {
      throw new Exception('Certificate token points to an invalid user!');
    }

    return array(
      'username'    => $user->getUserName(),
      'certificate' => $user->getConduitCertificate(),
    );
  }

  private function logFailure(
    ConduitAPIRequest $request,
    PhabricatorConduitCertificateToken $info = null) {

    $log = PhabricatorUserLog::initializeNewLog(
        $request->getUser(),
        $info ? $info->getUserPHID() : '-',
        PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
      ->save();
  }

}
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`<?php`

Rename Conduit classes Summary: Ref T5655. Rename Conduit classes and provide a `getAPIMethodName` method to declare the API method. Test Plan: ``` > echo '{}' \| arc --conduit-uri='http://phabricator.joshuaspence.com' call-conduit user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-lioqffnwn6y475mu5ndb","userName":"josh","realName":"Joshua Spence","image":"http:\/\/phabricator.joshuaspence.com\/res\/1404425321T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/phabricator.joshuaspence.com\/p\/josh\/","roles":["admin","verified","approved","activated"]}} ``` Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: epriestley, Korvin, hach-que Maniphest Tasks: T5655 Differential Revision: https://secure.phabricator.com/D9991 2014-07-25 02:54:15 +02:00			`final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {`

			`public function getAPIMethodName() {`
			`return 'conduit.getcertificate';`
			`}`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00
			`public function shouldRequireAuthentication() {`
			`return false;`
			`}`

Unguard conduit.getcertificate() so it can execute logging writes. 2011-08-17 21:26:30 +02:00			`public function shouldAllowUnguardedWrites() {`
			`// This method performs logging and is on the authentication pathway.`
			`return true;`
			`}`

"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`public function getMethodDescription() {`
Change double quotes to single quotes. Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected. Test Plan: Eyeballed it. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9431 2014-06-09 20:36:49 +02:00			`return 'Retrieve certificate information for a user.';`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`}`

			`public function defineParamTypes() {`
			`return array(`
			`'token' => 'required string',`
Validate the provided "host" key for certain Conduit methods Summary: This allows us to detect a mismatched client and server hostname. See D591. Test Plan: See D591. Reviewed By: tuomaspelkonen Reviewers: jungejason, llorca, tuomaspelkonen, aran CC: aran, tuomaspelkonen Differential Revision: 592 2011-07-05 16:21:04 +02:00			`'host' => 'required string',`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`);`
			`}`

			`public function defineReturnType() {`
			`return 'dict<string, any>';`
			`}`

			`public function defineErrorTypes() {`
			`return array(`
Change double quotes to single quotes. Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected. Test Plan: Eyeballed it. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9431 2014-06-09 20:36:49 +02:00			`'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',`
			`'ERR-RATE-LIMIT' =>`
			`'You have made too many invalid token requests recently. Wait before '.`
			`'making more.',`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`);`
			`}`

			`protected function execute(ConduitAPIRequest $request) {`
			`$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(`
			`PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,`
			`60 * 5);`

			`if (count($failed_attempts) > 5) {`
Use initializeNewLog rather than instantiate the UserLog Summary: Use initializeNewLog rather than instantiate the UserLog, Closes T4912 Test Plan: Run install-certificate Reviewers: #blessed_reviewers, btrahan Reviewed By: #blessed_reviewers, btrahan Subscribers: epriestley Maniphest Tasks: T4912 Differential Revision: https://secure.phabricator.com/D8887 2014-04-29 00:44:52 +02:00			`$this->logFailure($request);`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`throw new ConduitException('ERR-RATE-LIMIT');`
			`}`

			`$token = $request->getValue('token');`
			`$info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(`
			`'token = %s',`
			`trim($token));`

			`if (!$info \|\| $info->getDateCreated() < time() - (60 * 15)) {`
Use initializeNewLog rather than instantiate the UserLog Summary: Use initializeNewLog rather than instantiate the UserLog, Closes T4912 Test Plan: Run install-certificate Reviewers: #blessed_reviewers, btrahan Reviewed By: #blessed_reviewers, btrahan Subscribers: epriestley Maniphest Tasks: T4912 Differential Revision: https://secure.phabricator.com/D8887 2014-04-29 00:44:52 +02:00			`$this->logFailure($request, $info);`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`throw new ConduitException('ERR-BAD-TOKEN');`
			`} else {`
Use initializeNewLog rather than instantiate the UserLog Summary: Use initializeNewLog rather than instantiate the UserLog, Closes T4912 Test Plan: Run install-certificate Reviewers: #blessed_reviewers, btrahan Reviewed By: #blessed_reviewers, btrahan Subscribers: epriestley Maniphest Tasks: T4912 Differential Revision: https://secure.phabricator.com/D8887 2014-04-29 00:44:52 +02:00			`$log = PhabricatorUserLog::initializeNewLog(`
			`$request->getUser(),`
			`$info->getUserPHID(),`
			`PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`->save();`
			`}`

			`$user = id(new PhabricatorUser())->loadOneWhere(`
			`'phid = %s',`
			`$info->getUserPHID());`
			`if (!$user) {`
Change double quotes to single quotes. Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected. Test Plan: Eyeballed it. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9431 2014-06-09 20:36:49 +02:00			`throw new Exception('Certificate token points to an invalid user!');`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`}`

			`return array(`
			`'username' => $user->getUserName(),`
			`'certificate' => $user->getConduitCertificate(),`
			`);`
			`}`

Use initializeNewLog rather than instantiate the UserLog Summary: Use initializeNewLog rather than instantiate the UserLog, Closes T4912 Test Plan: Run install-certificate Reviewers: #blessed_reviewers, btrahan Reviewed By: #blessed_reviewers, btrahan Subscribers: epriestley Maniphest Tasks: T4912 Differential Revision: https://secure.phabricator.com/D8887 2014-04-29 00:44:52 +02:00			`private function logFailure(`
Remove `@group` annotations Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues. Test Plan: Eye-ball it. Reviewers: #blessed_reviewers, epriestley, chad Reviewed By: #blessed_reviewers, epriestley Subscribers: epriestley, Korvin, hach-que Differential Revision: https://secure.phabricator.com/D9859 2014-07-10 00:12:48 +02:00			`ConduitAPIRequest $request,`
			`PhabricatorConduitCertificateToken $info = null) {`
Unguard conduit.getcertificate() so it can execute logging writes. 2011-08-17 21:26:30 +02:00
Use initializeNewLog rather than instantiate the UserLog Summary: Use initializeNewLog rather than instantiate the UserLog, Closes T4912 Test Plan: Run install-certificate Reviewers: #blessed_reviewers, btrahan Reviewed By: #blessed_reviewers, btrahan Subscribers: epriestley Maniphest Tasks: T4912 Differential Revision: https://secure.phabricator.com/D8887 2014-04-29 00:44:52 +02:00			`$log = PhabricatorUserLog::initializeNewLog(`
			`$request->getUser(),`
			`$info ? $info->getUserPHID() : '-',`
			`PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`->save();`
			`}`

			`}`