1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00

Minor cleanup of some session code

Summary: Ref T4398. Add some documentation and use `phutil_units()`.

Test Plan:
  - Established a web session.
  - Established a conduit session.
  - Entered and exited hisec.
  - Used "Sessions" panel to examine results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8924
This commit is contained in:
epriestley 2014-05-01 10:23:19 -07:00
parent e146958217
commit a04e138ae2
2 changed files with 52 additions and 6 deletions

View file

@ -1,7 +1,11 @@
<?php <?php
/** /**
* @task hisec High Security Mode *
* @task use Using Sessions
* @task new Creating Sessions
* @task hisec High Security
* @task partial Partial Sessions
*/ */
final class PhabricatorAuthSessionEngine extends Phobject { final class PhabricatorAuthSessionEngine extends Phobject {
@ -60,6 +64,23 @@ final class PhabricatorAuthSessionEngine extends Phobject {
} }
/**
* Load the user identity associated with a session of a given type,
* identified by token.
*
* When the user presents a session token to an API, this method verifies
* it is of the correct type and loads the corresponding identity if the
* session exists and is valid.
*
* NOTE: `$session_type` is the type of session that is required by the
* loading context. This prevents use of a Conduit sesssion as a Web
* session, for example.
*
* @param const The type of session to load.
* @param string The session token.
* @return PhabricatorUser|null
* @task use
*/
public function loadUserForSession($session_type, $session_token) { public function loadUserForSession($session_type, $session_token) {
$session_kind = self::getSessionKindFromToken($session_token); $session_kind = self::getSessionKindFromToken($session_token);
switch ($session_kind) { switch ($session_kind) {
@ -211,6 +232,9 @@ final class PhabricatorAuthSessionEngine extends Phobject {
} }
/* -( High Security )------------------------------------------------------ */
/** /**
* Require high security, or prompt the user to enter high security. * Require high security, or prompt the user to enter high security.
* *
@ -222,6 +246,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
* @param AphrontReqeust Current request. * @param AphrontReqeust Current request.
* @param string URI to return the user to if they cancel. * @param string URI to return the user to if they cancel.
* @return PhabricatorAuthHighSecurityToken Security token. * @return PhabricatorAuthHighSecurityToken Security token.
* @task hisec
*/ */
public function requireHighSecuritySession( public function requireHighSecuritySession(
PhabricatorUser $viewer, PhabricatorUser $viewer,
@ -344,6 +369,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
* @param PhabricatorAuthSession Session to issue a token for. * @param PhabricatorAuthSession Session to issue a token for.
* @param bool Force token issue. * @param bool Force token issue.
* @return PhabricatorAuthHighSecurityToken|null Token, if authorized. * @return PhabricatorAuthHighSecurityToken|null Token, if authorized.
* @task hisec
*/ */
private function issueHighSecurityToken( private function issueHighSecurityToken(
PhabricatorAuthSession $session, PhabricatorAuthSession $session,
@ -353,6 +379,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
if ($until > time() || $force) { if ($until > time() || $force) {
return new PhabricatorAuthHighSecurityToken(); return new PhabricatorAuthHighSecurityToken();
} }
return null; return null;
} }
@ -360,9 +387,10 @@ final class PhabricatorAuthSessionEngine extends Phobject {
/** /**
* Render a form for providing relevant multi-factor credentials. * Render a form for providing relevant multi-factor credentials.
* *
* @param PhabricatorUser Viewing user. * @param PhabricatorUser Viewing user.
* @param AphrontRequest Current request. * @param AphrontRequest Current request.
* @return AphrontFormView Renderable form. * @return AphrontFormView Renderable form.
* @task hisec
*/ */
public function renderHighSecurityForm( public function renderHighSecurityForm(
array $factors, array $factors,
@ -388,10 +416,24 @@ final class PhabricatorAuthSessionEngine extends Phobject {
} }
/**
* Strip the high security flag from a session.
*
* Kicks a session out of high security and logs the exit.
*
* @param PhabricatorUser Acting user.
* @param PhabricatorAuthSession Session to return to normal security.
* @return void
* @task hisec
*/
public function exitHighSecurity( public function exitHighSecurity(
PhabricatorUser $viewer, PhabricatorUser $viewer,
PhabricatorAuthSession $session) { PhabricatorAuthSession $session) {
if (!$session->getHighSecurityUntil()) {
return;
}
queryfx( queryfx(
$session->establishConnection('w'), $session->establishConnection('w'),
'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d', 'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',
@ -406,11 +448,15 @@ final class PhabricatorAuthSessionEngine extends Phobject {
} }
/* -( Partial Sessions )--------------------------------------------------- */
/** /**
* Upgrade a partial session to a full session. * Upgrade a partial session to a full session.
* *
* @param PhabricatorAuthSession Session to upgrade. * @param PhabricatorAuthSession Session to upgrade.
* @return void * @return void
* @task partial
*/ */
public function upgradePartialSession(PhabricatorUser $viewer) { public function upgradePartialSession(PhabricatorUser $viewer) {
if (!$viewer->hasSession()) { if (!$viewer->hasSession()) {

View file

@ -44,9 +44,9 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO
public static function getSessionTypeTTL($session_type) { public static function getSessionTypeTTL($session_type) {
switch ($session_type) { switch ($session_type) {
case self::TYPE_WEB: case self::TYPE_WEB:
return (60 * 60 * 24 * 30); // 30 days return phutil_units('30 days in seconds');
case self::TYPE_CONDUIT: case self::TYPE_CONDUIT:
return (60 * 60 * 24); // 24 hours return phutil_units('24 hours in seconds');
default: default:
throw new Exception(pht('Unknown session type "%s".', $session_type)); throw new Exception(pht('Unknown session type "%s".', $session_type));
} }