revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 18:32:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/auth/storage/PhabricatorAuthSession.php

83 lines
2.1 KiB
PHP
Raw Normal View History

Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954
2014-01-14 20:05:45 +01:00
<?php
final class PhabricatorAuthSession extends PhabricatorAuthDAO
implements PhabricatorPolicyInterface {
protected $userPHID;
protected $type;
protected $sessionKey;
protected $sessionStart;
private $identityObject = self::ATTACHABLE;
public function getConfiguration() {
return array(
self::CONFIG_IDS => self::IDS_MANUAL,
self::CONFIG_TIMESTAMPS => false,
) + parent::getConfiguration();
}
public function getApplicationName() {
// This table predates the "Auth" application, and really all applications.
return 'user';
}
public function getTableName() {
// This is a very old table with a nonstandard name.
return PhabricatorUser::SESSION_TABLE;
}
public function attachIdentityObject($identity_object) {
$this->identityObject = $identity_object;
return $this;
}
public function getIdentityObject() {
return $this->assertAttached($this->identityObject);
}
Separate session management from PhabricatorUser Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`. Test Plan: - Viewed sessions. - Regenerated Conduit certificate. - Verified Conduit sessions were destroyed. - Logged out. - Logged in. - Ran conduit commands. - Viewed sessions again. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4310, T3720 Differential Revision: https://secure.phabricator.com/D7962
2014-01-14 22:22:27 +01:00
public function delete() {
// TODO: We don't have a proper `id` column yet, so make this work as
// expected until we do.
queryfx(
$this->establishConnection('w'),
'DELETE FROM %T WHERE sessionKey = %s',
$this->getTableName(),
$this->getSessionKey());
return $this;
}
Add an "active login sessions" table to Settings Summary: Ref T4310. Ref T3720. Partly, this makes it easier for users to understand login sessions. Partly, it makes it easier for me to make changes to login sessions for T4310 / T3720 without messing anything up. Test Plan: {F101512} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3720, T4310 Differential Revision: https://secure.phabricator.com/D7954
2014-01-14 20:05:45 +01:00
/* -( PhabricatorPolicyInterface )----------------------------------------- */
public function getCapabilities() {
return array(
PhabricatorPolicyCapability::CAN_VIEW,
);
}
public function getPolicy($capability) {
return PhabricatorPolicies::POLICY_NOONE;
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
if (!$viewer->getPHID()) {
return false;
}
$object = $this->getIdentityObject();
if ($object instanceof PhabricatorUser) {
return ($object->getPHID() == $viewer->getPHID());
} else if ($object instanceof PhabricatorExternalAccount) {
return ($object->getUserPHID() == $viewer->getPHID());
}
return false;
}
public function describeAutomaticCapability($capability) {
return pht('A session is visible only to its owner.');
}
}
Copy permalink