phorge-phorge/src/applications/conduit/controller/PhabricatorConduitTokenController.php

<?php

/**
 * @group conduit
 */
final class PhabricatorConduitTokenController
  extends PhabricatorConduitController {

  public function processRequest() {

    $user = $this->getRequest()->getUser();

    // Ideally we'd like to verify this, but it's fine to leave it unguarded
    // for now and verifying it would need some Ajax junk or for the user to
    // click a button or similar.
    $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

    $old_token = id(new PhabricatorConduitCertificateToken())
      ->loadOneWhere(
        'userPHID = %s',
        $user->getPHID());
    if ($old_token) {
      $old_token->delete();
    }

    $token = id(new PhabricatorConduitCertificateToken())
      ->setUserPHID($user->getPHID())
      ->setToken(Filesystem::readRandomCharacters(40))
      ->save();

    $panel = new AphrontPanelView();
    $panel->setHeader('Certificate Install Token');
    $panel->setWidth(AphrontPanelView::WIDTH_FORM);

    $panel->appendChild(hsprintf(
      '<p class="aphront-form-instructions">Copy and paste this token into '.
      'the prompt given to you by "arc install-certificate":</p>'.
      '<p style="padding: 0 0 1em 4em;">'.
        '<strong>%s</strong>'.
      '</p>'.
      '<p class="aphront-form-instructions">arc will then complete the '.
      'install process for you.</p>',
      $token->getToken()));

    $this->setShowSideNav(false);

    return $this->buildStandardPageResponse(
      $panel,
      array(
        'title' => 'Certificate Install Token',
      ));
  }
}
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`<?php`

Provide basic Conduit documentation. 2011-07-04 21:03:36 +02:00			`/**`
			`* @group conduit`
			`*/`
Add "final" to all Phabricator "Controller" classes Summary: These are all unambiguously unextensible. Issues I hit: - Maniphest Change/Diff controllers, just consolidated them. - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects. - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962. Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1843 2012-03-10 00:46:25 +01:00			`final class PhabricatorConduitTokenController`
			`extends PhabricatorConduitController {`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00
			`public function processRequest() {`

			`$user = $this->getRequest()->getUser();`

Unguard another safe write in Conduit token generation. 2011-08-17 21:00:35 +02:00			`// Ideally we'd like to verify this, but it's fine to leave it unguarded`
			`// for now and verifying it would need some Ajax junk or for the user to`
			`// click a button or similar.`
			`$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();`

"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`$old_token = id(new PhabricatorConduitCertificateToken())`
			`->loadOneWhere(`
			`'userPHID = %s',`
			`$user->getPHID());`
			`if ($old_token) {`
			`$old_token->delete();`
			`}`

			`$token = id(new PhabricatorConduitCertificateToken())`
			`->setUserPHID($user->getPHID())`
Replace callsites to sha1() that use it to asciify entropy with Filesystem::readRandomCharacters() Summary: See T547. To improve auditability of use of crypto-sensitive hash functions, use Filesystem::readRandomCharacters() in place of sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII strings. Test Plan: - Generated a new PHID. - Logged out and logged back in (to test sessions). - Regenerated Conduit certificate. - Created a new task, verified mail key generated sensibly. - Created a new revision, verified mail key generated sensibly. - Ran "arc list", got blocked, installed new certificate, ran "arc list" again. Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews Reviewed By: jungejason CC: aran, epriestley, jungejason Differential Revision: 1000 2011-10-11 04:22:30 +02:00			`->setToken(Filesystem::readRandomCharacters(40))`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`->save();`

			`$panel = new AphrontPanelView();`
			`$panel->setHeader('Certificate Install Token');`
			`$panel->setWidth(AphrontPanelView::WIDTH_FORM);`

Convert some phutil_escape_html() to hsprintf() Summary: In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`. This is an example of how it could look. Test Plan: /api/user.whoami Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4823 2013-02-05 21:49:46 +01:00			`$panel->appendChild(hsprintf(`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`'<p class="aphront-form-instructions">Copy and paste this token into '.`
			`'the prompt given to you by "arc install-certificate":</p>'.`
			`'<p style="padding: 0 0 1em 4em;">'.`
Convert some phutil_escape_html() to hsprintf() Summary: In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`. This is an example of how it could look. Test Plan: /api/user.whoami Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4823 2013-02-05 21:49:46 +01:00			`'<strong>%s</strong>'.`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00			`'</p>'.`
			`'<p class="aphront-form-instructions">arc will then complete the '.`
Convert some phutil_escape_html() to hsprintf() Summary: In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`. This is an example of how it could look. Test Plan: /api/user.whoami Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4823 2013-02-05 21:49:46 +01:00			`'install process for you.</p>',`
			`$token->getToken()));`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00
Conduit -- kill tabs Summary: this has a single side nav now. added a Utilites section below the methods which houses Logs and Token. On logs I ended up deleting this whole concept of "view" and the existing side nav -- I think there were plans to add a way to filter down to subset of the conduit calls. For logs, I envision that being a separate first class tool when / if we think we need additional complexity. On token I made the form FULL so it was like the rest of the views in this page. Test Plan: looks good! clicked on a few methods and it worked! clicked on the logs and they were there! clicked on the pager within the logs and it worked! checked out the token page and it looked good too. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T631 Differential Revision: https://secure.phabricator.com/D1499 2012-01-26 21:47:23 +01:00			`$this->setShowSideNav(false);`
"arc install-certificate", server-side components Summary: Provides a new workflow for making it non-horrible to install certificates. Basically you run "arc install-certificate" and then copy/paste a short token off a webpage and it does the ~/.arcrc edits for you. Test Plan: Installed certificates, used bad tokens, hit rate limiting. Reviewed By: aran Reviewers: aran, jungejason, tuomaspelkonen CC: aran Differential Revision: 460 2011-06-14 21:17:14 +02:00
			`return $this->buildStandardPageResponse(`
			`$panel,`
			`array(`
			`'title' => 'Certificate Install Token',`
			`));`
			`}`
			`}`