phorge-phorge/src/applications/conduit/method/ConduitAPIMethod.php

<?php

/**
 *
 * @task  status  Method Status
 * @group conduit
 */
abstract class ConduitAPIMethod {

  const METHOD_STATUS_STABLE      = 'stable';
  const METHOD_STATUS_UNSTABLE    = 'unstable';
  const METHOD_STATUS_DEPRECATED  = 'deprecated';

  abstract public function getMethodDescription();
  abstract public function defineParamTypes();
  abstract public function defineReturnType();
  abstract public function defineErrorTypes();
  abstract protected function execute(ConduitAPIRequest $request);

  public function __construct() {

  }

  /**
   * Get the status for this method (e.g., stable, unstable or deprecated).
   * Should return a METHOD_STATUS_* constant. By default, methods are
   * "stable".
   *
   * @return const  METHOD_STATUS_* constant.
   * @task status
   */
  public function getMethodStatus() {
    return self::METHOD_STATUS_STABLE;
  }

  /**
   * Optional description to supplement the method status. In particular, if
   * a method is deprecated, you can return a string here describing the reason
   * for deprecation and stable alternatives.
   *
   * @return string|null  Description of the method status, if available.
   * @task status
   */
  public function getMethodStatusDescription() {
    return null;
  }

  public function getErrorDescription($error_code) {
    return idx($this->defineErrorTypes(), $error_code, 'Unknown Error');
  }

  public function getRequiredScope() {
    // by default, conduit methods are not accessible via OAuth
    return PhabricatorOAuthServerScope::SCOPE_NOT_ACCESSIBLE;
  }

  public function executeMethod(ConduitAPIRequest $request) {
    return $this->execute($request);
  }

  public function getAPIMethodName() {
    return self::getAPIMethodNameFromClassName(get_class($this));
  }

  public static function getClassNameFromAPIMethodName($method_name) {
    $method_fragment = str_replace('.', '_', $method_name);
    return 'ConduitAPI_'.$method_fragment.'_Method';
  }

  public function shouldRequireAuthentication() {
    return true;
  }

  public function shouldAllowUnguardedWrites() {
    return false;
  }


  /**
   * Optionally, return a @{class:PhabricatorApplication} which this call is
   * part of. The call will be disabled when the application is uninstalled.
   *
   * @return PhabricatorApplication|null  Related application.
   */
  public function getApplication() {
    return null;
  }

  public static function getAPIMethodNameFromClassName($class_name) {
    $match = null;
    $is_valid = preg_match(
      '/^ConduitAPI_(.*)_Method$/',
      $class_name,
      $match);
    if (!$is_valid) {
      throw new Exception(
        "Parameter '{$class_name}' is not a valid Conduit API method class.");
    }
    $method_fragment = $match[1];
    return str_replace('_', '.', $method_fragment);
  }

  protected function validateHost($host) {
    if (!$host) {
      // If the client doesn't send a host key, don't complain. We should in
      // the future, but this change isn't severe enough to bump the protocol
      // version.

      // TODO: Remove this once the protocol version gets bumped past 2 (i.e.,
      // require the host key be present and valid).
      return;
    }

    // NOTE: Compare domains only so we aren't sensitive to port specification
    // or omission.

    $host = new PhutilURI($host);
    $host = $host->getDomain();

    $self = new PhutilURI(PhabricatorEnv::getURI('/'));
    $self = $self->getDomain();

    if ($self !== $host) {
      throw new Exception(
        "Your client is connecting to this install as '{$host}', but it is ".
        "configured as '{$self}'. The client and server must use the exact ".
        "same URI to identify the install. Edit your .arcconfig or ".
        "phabricator/conf so they agree on the URI for the install.");
    }
  }

}
Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`<?php`

Provide basic Conduit documentation. 2011-07-04 21:03:36 +02:00			`/**`
Formalize a mechanism for marking Conduit methods deprecated/unstable Summary: This is better than writing "(UNSTABLE!!!)" in front of the text description. I'll add a wiki to keep track of API changes, too. See also D2087, which motivates this. Test Plan: Browsed console, saw "deprecated" and "unstable" on appropriate methods. Reviewers: btrahan, vrana, jungejason Reviewed By: vrana CC: aran Maniphest Tasks: T909 Differential Revision: https://secure.phabricator.com/D2271 2012-04-18 23:25:27 +02:00			`*`
			`* @task status Method Status`
Provide basic Conduit documentation. 2011-07-04 21:03:36 +02:00			`* @group conduit`
			`*/`
Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`abstract class ConduitAPIMethod {`

Formalize a mechanism for marking Conduit methods deprecated/unstable Summary: This is better than writing "(UNSTABLE!!!)" in front of the text description. I'll add a wiki to keep track of API changes, too. See also D2087, which motivates this. Test Plan: Browsed console, saw "deprecated" and "unstable" on appropriate methods. Reviewers: btrahan, vrana, jungejason Reviewed By: vrana CC: aran Maniphest Tasks: T909 Differential Revision: https://secure.phabricator.com/D2271 2012-04-18 23:25:27 +02:00			`const METHOD_STATUS_STABLE = 'stable';`
			`const METHOD_STATUS_UNSTABLE = 'unstable';`
			`const METHOD_STATUS_DEPRECATED = 'deprecated';`

Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`abstract public function getMethodDescription();`
			`abstract public function defineParamTypes();`
			`abstract public function defineReturnType();`
			`abstract public function defineErrorTypes();`
			`abstract protected function execute(ConduitAPIRequest $request);`

			`public function __construct() {`

			`}`

Formalize a mechanism for marking Conduit methods deprecated/unstable Summary: This is better than writing "(UNSTABLE!!!)" in front of the text description. I'll add a wiki to keep track of API changes, too. See also D2087, which motivates this. Test Plan: Browsed console, saw "deprecated" and "unstable" on appropriate methods. Reviewers: btrahan, vrana, jungejason Reviewed By: vrana CC: aran Maniphest Tasks: T909 Differential Revision: https://secure.phabricator.com/D2271 2012-04-18 23:25:27 +02:00			`/**`
			`* Get the status for this method (e.g., stable, unstable or deprecated).`
			`* Should return a METHOD_STATUS_* constant. By default, methods are`
			`* "stable".`
			`*`
			`* @return const METHOD_STATUS_* constant.`
			`* @task status`
			`*/`
			`public function getMethodStatus() {`
			`return self::METHOD_STATUS_STABLE;`
			`}`

			`/**`
			`* Optional description to supplement the method status. In particular, if`
			`* a method is deprecated, you can return a string here describing the reason`
			`* for deprecation and stable alternatives.`
			`*`
			`* @return string\|null Description of the method status, if available.`
			`* @task status`
			`*/`
			`public function getMethodStatusDescription() {`
			`return null;`
			`}`

Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`public function getErrorDescription($error_code) {`
			`return idx($this->defineErrorTypes(), $error_code, 'Unknown Error');`
			`}`

OAuth Server enhancements -- more complete access token response and groundwork for scope Summary: this patch makes the access token response "complete" relative to spec by returning when it expires AND that the token_type is in fact 'Bearer'. This patch also lays the groundwork for scope by fixing the underlying data model and adding the first scope checks for "offline_access" relative to expires and the "whoami" method. Further, conduit is augmented to open up individual methods for access via OAuth generally to enable "whoami" access. There's also a tidy little scope class to keep track of all the various scopes we plan to have as well as strings for display (T849 - work undone) Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE. We then don't even bother with the OAuth stuff within conduit if we're not supposed to be accessing the method via Conduit. Felt relatively clean to me in terms of additional code complexity, etc. Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize clients for specific scopes which kinds of needs T850). There's also a bunch of work that needs to be done to return the appropriate, well-formatted error codes. All in due time...! Test Plan: verified that an access_token with no scope doesn't let me see anything anymore. :( verified that access_tokens made awhile ago expire. :( Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T888, T848 Differential Revision: https://secure.phabricator.com/D1657 2012-02-21 23:28:05 +01:00			`public function getRequiredScope() {`
			`// by default, conduit methods are not accessible via OAuth`
			`return PhabricatorOAuthServerScope::SCOPE_NOT_ACCESSIBLE;`
			`}`

Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`public function executeMethod(ConduitAPIRequest $request) {`
			`return $this->execute($request);`
			`}`

			`public function getAPIMethodName() {`
			`return self::getAPIMethodNameFromClassName(get_class($this));`
			`}`

			`public static function getClassNameFromAPIMethodName($method_name) {`
			`$method_fragment = str_replace('.', '_', $method_name);`
			`return 'ConduitAPI_'.$method_fragment.'_Method';`
			`}`

Some acutal conduit authentication. 2011-02-06 07:36:21 +01:00			`public function shouldRequireAuthentication() {`
			`return true;`
			`}`

Create AphrontWriteGuard, a backup mechanism for CSRF validation Summary: Provide a catchall mechanism to find unprotected writes. - Depends on D758. - Similar to WriteOnHTTPGet stuff from Facebook's stack. - Since we have a small number of storage mechanisms and highly structured read/write pathways, we can explicitly answer the question "is this page performing a write?". - Never allow writes without CSRF checks. - This will probably break some things. That's fine: they're CSRF vulnerabilities or weird edge cases that we can fix. But don't push to Facebook for a few days unless you're prepared to deal with this. - >>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF! <<< Test Plan: - Ran some scripts that perform writes (scripts/search indexers), no issues. - Performed normal CSRF submits. - Added writes to an un-CSRF'd page, got an exception. - Executed conduit methods. - Did login/logout (this works because the logged-out user validates the logged-out csrf "token"). - Did OAuth login. - Did OAuth registration. Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran, codeblock Commenters: pedram CC: aran, epriestley, pedram Differential Revision: 777 2011-08-03 20:49:27 +02:00			`public function shouldAllowUnguardedWrites() {`
			`return false;`
			`}`

Uninstall Conduit calls when uninstalling applications Summary: Fixes T2698. When applications are installed, their Conduit calls should drop out. This will also let us land Releeph without exposing Conduit calls. Test Plan: - Viewed Conduit console; uninstalled some applications and verified their calls dropped out. - Tried to make an uninstalled call; got an appropriate error. Reviewers: edward, btrahan Reviewed By: edward CC: aran Maniphest Tasks: T2698 Differential Revision: https://secure.phabricator.com/D5302 2013-03-13 15:09:05 +01:00
			`/**`
			`* Optionally, return a @{class:PhabricatorApplication} which this call is`
			`* part of. The call will be disabled when the application is uninstalled.`
			`*`
			`* @return PhabricatorApplication\|null Related application.`
			`*/`
			`public function getApplication() {`
			`return null;`
			`}`

Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`public static function getAPIMethodNameFromClassName($class_name) {`
			`$match = null;`
			`$is_valid = preg_match(`
			`'/^ConduitAPI_(.*)_Method$/',`
			`$class_name,`
			`$match);`
			`if (!$is_valid) {`
			`throw new Exception(`
			`"Parameter '{$class_name}' is not a valid Conduit API method class.");`
			`}`
			`$method_fragment = $match[1];`
			`return str_replace('_', '.', $method_fragment);`
			`}`

Validate the provided "host" key for certain Conduit methods Summary: This allows us to detect a mismatched client and server hostname. See D591. Test Plan: See D591. Reviewed By: tuomaspelkonen Reviewers: jungejason, llorca, tuomaspelkonen, aran CC: aran, tuomaspelkonen Differential Revision: 592 2011-07-05 16:21:04 +02:00			`protected function validateHost($host) {`
			`if (!$host) {`
			`// If the client doesn't send a host key, don't complain. We should in`
			`// the future, but this change isn't severe enough to bump the protocol`
			`// version.`

			`// TODO: Remove this once the protocol version gets bumped past 2 (i.e.,`
			`// require the host key be present and valid).`
			`return;`
			`}`

Allow users to add flags via Herald rules Summary: Add "Mark with flag" rules to Herald. Test Plan: Created / edited a "Mark with flag" rule. Parsed revisions / commits, got flags added. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran, epriestley, vrana Maniphest Tasks: T1041 Differential Revision: https://secure.phabricator.com/D2060 2012-03-30 22:51:54 +02:00			`// NOTE: Compare domains only so we aren't sensitive to port specification`
			`// or omission.`

Validate the provided "host" key for certain Conduit methods Summary: This allows us to detect a mismatched client and server hostname. See D591. Test Plan: See D591. Reviewed By: tuomaspelkonen Reviewers: jungejason, llorca, tuomaspelkonen, aran CC: aran, tuomaspelkonen Differential Revision: 592 2011-07-05 16:21:04 +02:00			`$host = new PhutilURI($host);`
Allow users to add flags via Herald rules Summary: Add "Mark with flag" rules to Herald. Test Plan: Created / edited a "Mark with flag" rule. Parsed revisions / commits, got flags added. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran, epriestley, vrana Maniphest Tasks: T1041 Differential Revision: https://secure.phabricator.com/D2060 2012-03-30 22:51:54 +02:00			`$host = $host->getDomain();`

			`$self = new PhutilURI(PhabricatorEnv::getURI('/'));`
			`$self = $self->getDomain();`
Validate the provided "host" key for certain Conduit methods Summary: This allows us to detect a mismatched client and server hostname. See D591. Test Plan: See D591. Reviewed By: tuomaspelkonen Reviewers: jungejason, llorca, tuomaspelkonen, aran CC: aran, tuomaspelkonen Differential Revision: 592 2011-07-05 16:21:04 +02:00
			`if ($self !== $host) {`
			`throw new Exception(`
			`"Your client is connecting to this install as '{$host}', but it is ".`
			`"configured as '{$self}'. The client and server must use the exact ".`
			`"same URI to identify the install. Edit your .arcconfig or ".`
			`"phabricator/conf so they agree on the URI for the install.");`
			`}`
			`}`

Conduit server-side basics. 2011-01-24 18:00:29 +01:00			`}`