From 8915fd8be8a692c611063249bba88a6a4216fd93 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 8 Jun 2015 16:07:21 -0700 Subject: [PATCH] Don't try to generate a CSRF token for the omnipotent user Summary: We can end up here with a stack trace like this, while rendering an embedded Slowvote trying to publish a Feed story: ``` Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] [2015-06-08 22:49:57] EXCEPTION: (PhutilProxyException) Error while executing Task ID 830591. {>} (PhabricatorDataNotAttachedException) Attempting to access attached data on PhabricatorUser (via getAlternateCSRFString()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it. Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] Data is normally attached by calling the corresponding needX() method on the Query class when the object is loaded. You can also call the corresponding attachX() method explicitly. at [/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:166] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] arcanist(head=master, ref.master=7d15b85a1bc0), phabricator(head=master, ref.master=929f5f22acef), phutil(head=master, ref.master=92882eb9404d) Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #0 <#2> PhabricatorLiskDAO::assertAttached(string) called at [/src/applications/people/storage/PhabricatorUser.php:556] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #1 <#2> PhabricatorUser::getAlternateCSRFString() called at [/src/applications/people/storage/PhabricatorUser.php:432] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #2 <#2> PhabricatorUser::generateToken(integer, integer, string, integer) called at [/src/applications/people/storage/PhabricatorUser.php:344] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #3 <#2> PhabricatorUser::getRawCSRFToken() called at [/src/applications/people/storage/PhabricatorUser.php:357] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #4 <#2> PhabricatorUser::getCSRFToken() called at [/src/infrastructure/javelin/markup.php:91] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #5 <#2> phabricator_form(PhabricatorUser, array, array) called at [/src/applications/slowvote/view/SlowvoteEmbedView.php:169] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #6 <#2> SlowvoteEmbedView::render() called at [/src/view/AphrontView.php:175] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #7 <#2> AphrontView::producePhutilSafeHTML() called at [/src/markup/render.php:133] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #8 <#2> phutil_escape_html(SlowvoteEmbedView) Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #9 <#2> array_map(string, array) called at [/src/markup/engine/remarkup/PhutilRemarkupBlockStorage.php:56] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #10 <#2> PhutilRemarkupBlockStorage::restore(PhutilSafeHTML, integer) called at [/src/markup/engine/PhutilRemarkupEngine.php:299] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #11 <#2> PhutilRemarkupEngine::restoreText(PhutilSafeHTML, integer) called at [/src/markup/engine/PhutilRemarkupEngine.php:295] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #12 <#2> PhutilRemarkupEngine::postprocessText(array) called at [/src/infrastructure/markup/PhabricatorMarkupEngine.php:138] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #13 <#2> PhabricatorMarkupEngine::process() called at [/src/applications/feed/story/PhabricatorFeedStory.php:167] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #14 <#2> PhabricatorFeedStory::loadAllFromRows(array, PhabricatorUser) called at [/src/applications/feed/query/PhabricatorFeedQuery.php:37] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #15 <#2> PhabricatorFeedQuery::willFilterPage(array) called at [/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:237] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #16 <#2> PhabricatorPolicyAwareQuery::execute() called at [/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:168] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #17 <#2> PhabricatorPolicyAwareQuery::executeOne() called at [/src/applications/feed/worker/FeedPushWorker.php:12] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #18 <#2> FeedPushWorker::loadFeedStory() called at [/src/applications/feed/worker/FeedPublisherWorker.php:6] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #19 <#2> FeedPublisherWorker::doWork() called at [/src/infrastructure/daemon/workers/PhabricatorWorker.php:91] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #20 <#2> PhabricatorWorker::executeTask() called at [/src/infrastructure/daemon/workers/storage/PhabricatorWorkerActiveTask.php:162] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #21 <#2> PhabricatorWorkerActiveTask::executeTask() called at [/src/infrastructure/daemon/workers/PhabricatorTaskmasterDaemon.php:22] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #22 PhabricatorTaskmasterDaemon::run() called at [/src/daemon/PhutilDaemon.php:185] Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] #23 PhutilDaemon::execute() called at [/scripts/daemon/exec/exec_daemon.php:125] ``` Just return `null`. Test Plan: Will check that tasks clear in production. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D13218 --- src/applications/people/storage/PhabricatorUser.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php index 84cd47ab10..1d1d3316c0 100644 --- a/src/applications/people/storage/PhabricatorUser.php +++ b/src/applications/people/storage/PhabricatorUser.php @@ -345,6 +345,12 @@ final class PhabricatorUser } public function getCSRFToken() { + if ($this->isOmnipotent()) { + // We may end up here when called from the daemons. The omnipotent user + // has no meaningful CSRF token, so just return `null`. + return null; + } + if ($this->csrfSalt === null) { $this->csrfSalt = Filesystem::readRandomCharacters( self::CSRF_SALT_LENGTH);