diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index cba44e7a9a..250178b17f 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -1,7 +1,11 @@ time() || $force) { return new PhabricatorAuthHighSecurityToken(); } + return null; } @@ -360,9 +387,10 @@ final class PhabricatorAuthSessionEngine extends Phobject { /** * Render a form for providing relevant multi-factor credentials. * - * @param PhabricatorUser Viewing user. - * @param AphrontRequest Current request. - * @return AphrontFormView Renderable form. + * @param PhabricatorUser Viewing user. + * @param AphrontRequest Current request. + * @return AphrontFormView Renderable form. + * @task hisec */ public function renderHighSecurityForm( array $factors, @@ -388,10 +416,24 @@ final class PhabricatorAuthSessionEngine extends Phobject { } + /** + * Strip the high security flag from a session. + * + * Kicks a session out of high security and logs the exit. + * + * @param PhabricatorUser Acting user. + * @param PhabricatorAuthSession Session to return to normal security. + * @return void + * @task hisec + */ public function exitHighSecurity( PhabricatorUser $viewer, PhabricatorAuthSession $session) { + if (!$session->getHighSecurityUntil()) { + return; + } + queryfx( $session->establishConnection('w'), 'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d', @@ -406,11 +448,15 @@ final class PhabricatorAuthSessionEngine extends Phobject { } +/* -( Partial Sessions )--------------------------------------------------- */ + + /** * Upgrade a partial session to a full session. * * @param PhabricatorAuthSession Session to upgrade. * @return void + * @task partial */ public function upgradePartialSession(PhabricatorUser $viewer) { if (!$viewer->hasSession()) { diff --git a/src/applications/auth/storage/PhabricatorAuthSession.php b/src/applications/auth/storage/PhabricatorAuthSession.php index 3566e796ae..37ce01e4b5 100644 --- a/src/applications/auth/storage/PhabricatorAuthSession.php +++ b/src/applications/auth/storage/PhabricatorAuthSession.php @@ -44,9 +44,9 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO public static function getSessionTypeTTL($session_type) { switch ($session_type) { case self::TYPE_WEB: - return (60 * 60 * 24 * 30); // 30 days + return phutil_units('30 days in seconds'); case self::TYPE_CONDUIT: - return (60 * 60 * 24); // 24 hours + return phutil_units('24 hours in seconds'); default: throw new Exception(pht('Unknown session type "%s".', $session_type)); }