revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 13:22:42 +01:00
Code Issues Releases Wiki Activity

Sessionless auth, sort of a mess.

Browse source
This commit is contained in:
epriestley 2011-04-12 18:06:25 -07:00
parent 79b32afeec
commit 703fd47bd7
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
View file

@ -160,6 +160,30 @@ class PhabricatorConduitAPIController
return null;
}
// Handle sessionless auth. TOOD: This is super messy.
if (isset($metadata['authUser'])) {
$user = id(new PhabricatorUser())->loadOneWhere(
'userName = %s',
$metadata['authUser']);
if (!$user) {
return array(
'ERR-INVALID-AUTH',
'Authentication is invalid.',
);
}
$token = idx($metadata, 'authToken');
$signature = idx($metadata, 'authSignature');
$certificate = $user->getConduitCertificate();
if (sha1($token.$certificate) !== $signature) {
return array(
'ERR-INVALID-AUTH',
'Authentication is invalid.',
);
}
$api_request->setUser($user);
return null;
}
$session_key = idx($metadata, 'sessionKey');
if (!$session_key) {
return array(