Remove AphrontWriteGuard from phabricator/

Summary: See D3051. Test Plan: Loaded some pages. Reviewers: btrahan, vrana Reviewed By: vrana CC: aran Maniphest Tasks: T1283 Differential Revision: https://secure.phabricator.com/D3052
2024-11-26 08:42:41 +01:00 · 2012-07-24 10:46:07 -07:00 · 2012-07-24 10:46:07 -07:00 · be63cb386b
commit be63cb386b
parent 1e9120cdfb
3 changed files with 0 additions and 303 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -98,7 +98,6 @@ phutil_register_library_map(array(
    'AphrontRequestFailureView' => 'view/page/AphrontRequestFailureView.php',
    'AphrontRequestTestCase' => 'aphront/__tests__/AphrontRequestTestCase.php',
    'AphrontResponse' => 'aphront/response/AphrontResponse.php',
    'AphrontScopedUnguardedWriteCapability' => 'aphront/writeguard/AphrontScopedUnguardedWriteCapability.php',
    'AphrontSideNavFilterView' => 'view/layout/AphrontSideNavFilterView.php',
    'AphrontSideNavView' => 'view/layout/AphrontSideNavView.php',
    'AphrontTableView' => 'view/control/AphrontTableView.php',
@ -108,7 +107,6 @@ phutil_register_library_map(array(
    'AphrontUsageException' => 'aphront/exception/AphrontUsageException.php',
    'AphrontView' => 'view/AphrontView.php',
    'AphrontWebpageResponse' => 'aphront/response/AphrontWebpageResponse.php',
    'AphrontWriteGuard' => 'aphront/writeguard/AphrontWriteGuard.php',
    'CelerityAPI' => 'infrastructure/celerity/CelerityAPI.php',
    'CelerityResourceController' => 'infrastructure/celerity/CelerityResourceController.php',
    'CelerityResourceGraph' => 'infrastructure/celerity/CelerityResourceGraph.php',
--- a/src/aphront/writeguard/AphrontScopedUnguardedWriteCapability.php
+++ b/src/aphront/writeguard/AphrontScopedUnguardedWriteCapability.php
@ -1,28 +0,0 @@
 <?php
 /*
 * Copyright 2011 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * @group aphront
 */
 final class AphrontScopedUnguardedWriteCapability {
  final public function __destruct() {
    AphrontWriteGuard::endUnguardedWrites();
  }
 }
--- a/src/aphront/writeguard/AphrontWriteGuard.php
+++ b/src/aphront/writeguard/AphrontWriteGuard.php
@ -1,273 +0,0 @@
 <?php
 /*
 * Copyright 2012 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 /**
 * Guard writes against CSRF. The Aphront structure takes care of most of this
 * for you, you just need to call:
 *
 *    AphrontWriteGuard::willWrite();
 *
 * ...before executing a write against any new kind of storage engine. MySQL
 * databases and the default file storage engines are already covered, but if
 * you introduce new types of datastores make sure their writes are guarded. If
 * you don't guard writes and make a mistake doing CSRF checks in a controller,
 * a CSRF vulnerability can escape undetected.
 *
 * If you need to execute writes on a page which doesn't have CSRF tokens (for
 * example, because you need to do logging), you can temporarily disable the
 * write guard by calling:
 *
 *    AphrontWriteGuard::beginUnguardedWrites();
 *    do_logging_write();
 *    AphrontWriteGuard::endUnguardedWrites();
 *
 * This is dangerous, because it disables the backup layer of CSRF protection
 * this class provides. You should need this only very, very rarely.
 *
 * @task protect  Protecting Writes
 * @task disable  Disabling Protection
 * @task manage   Managing Write Guards
 * @task internal Internals
 *
 * @group aphront
 */
 final class AphrontWriteGuard {
  private static $instance;
  private static $allowUnguardedWrites = false;
  private $callback;
  private $allowDepth = 0;
 /* -(  Managing Write Guards  )---------------------------------------------- */
  /**
   * Construct a new write guard for a request. Only one write guard may be
   * active at a time. You must explicitly call @{method:dispose} when you are
   * done with a write guard:
   *
   *    $guard = new AphrontWriteGuard($callback);
   *    // ...
   *    $guard->dispose();
   *
   * Normally, you do not need to manage guards yourself -- the Aphront stack
   * handles it for you.
   *
   * This class accepts a callback, which will be invoked when a write is
   * attempted. The callback should validate the presence of a CSRF token in
   * the request, or abort the request (e.g., by throwing an exception) if a
   * valid token isn't present.
   *
   * @param   callable CSRF callback.
   * @return  this
   * @task    manage
   */
  public function __construct($callback) {
    if (self::$instance) {
      throw new Exception(
        "An AphrontWriteGuard already exists. Dispose of the previous guard ".
        "before creating a new one.");
    }
    if (self::$allowUnguardedWrites) {
      throw new Exception(
        "An AphrontWriteGuard is being created in a context which permits ".
        "unguarded writes unconditionally. This is not allowed and indicates ".
        "a serious error.");
    }
    $this->callback = $callback;
    self::$instance = $this;
  }
  /**
   * Dispose of the active write guard. You must call this method when you are
   * done with a write guard. You do not normally need to call this yourself.
   *
   * @return void
   * @task manage
   */
  public function dispose() {
    if ($this->allowDepth > 0) {
      throw new Exception(
        "Imbalanced AphrontWriteGuard: more beginUnguardedWrites() calls than ".
        "endUnguardedWrites() calls.");
    }
    self::$instance = null;
  }
  /**
   * Determine if there is an active write guard.
   *
   * @return bool
   * @task manage
   */
  public static function isGuardActive() {
    return (bool)self::$instance;
  }
 /* -(  Protecting Writes  )-------------------------------------------------- */
  /**
   * Declare intention to perform a write, validating that writes are allowed.
   * You should call this method before executing a write whenever you implement
   * a new storage engine where information can be permanently kept.
   *
   * Writes are permitted if:
   *
   *   - The request has valid CSRF tokens.
   *   - Unguarded writes have been temporarily enabled by a call to
   *     @{method:beginUnguardedWrites}.
   *   - All write guarding has been disabled with
   *     @{method:allowDangerousUnguardedWrites}.
   *
   * If none of these conditions are true, this method will throw and prevent
   * the write.
   *
   * @return void
   * @task protect
   */
  public static function willWrite() {
    if (!self::$instance) {
      if (!self::$allowUnguardedWrites) {
        throw new Exception(
          "Unguarded write! There must be an active AphrontWriteGuard to ".
          "perform writes.");
      } else {
        // Unguarded writes are being allowed unconditionally.
        return;
      }
    }
    $instance = self::$instance;
    if ($instance->allowDepth == 0) {
      call_user_func($instance->callback);
    }
  }
 /* -(  Disabling Write Protection  )----------------------------------------- */
  /**
   * Enter a scope which permits unguarded writes. This works like
   * @{method:beginUnguardedWrites} but returns an object which will end
   * the unguarded write scope when its __destruct() method is called. This
   * is useful to more easily handle exceptions correctly in unguarded write
   * blocks:
   *
   *   // Restores the guard even if do_logging() throws.
   *   function unguarded_scope() {
   *     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
   *     do_logging();
   *   }
   *
   * @return AphrontScopedUnguardedWriteCapability Object which ends unguarded
   *            writes when it leaves scope.
   * @task disable
   */
  public static function beginScopedUnguardedWrites() {
    self::beginUnguardedWrites();
    return new AphrontScopedUnguardedWriteCapability();
  }
  /**
   * Begin a block which permits unguarded writes. You should use this very
   * sparingly, and only for things like logging where CSRF is not a concern.
   *
   * You must pair every call to @{method:beginUnguardedWrites} with a call to
   * @{method:endUnguardedWrites}:
   *
   *   AphrontWriteGuard::beginUnguardedWrites();
   *   do_logging();
   *   AphrontWriteGuard::endUnguardedWrites();
   *
   * @return void
   * @task disable
   */
  public static function beginUnguardedWrites() {
    if (!self::$instance) {
      return;
    }
    self::$instance->allowDepth++;
  }
  /**
   * Declare that you have finished performing unguarded writes. You must
   * call this exactly once for each call to @{method:beginUnguardedWrites}.
   *
   * @return void
   * @task disable
   */
  public static function endUnguardedWrites() {
    if (!self::$instance) {
      return;
    }
    if (self::$instance->allowDepth <= 0) {
      throw new Exception(
        "Imbalanced AphrontWriteGuard: more endUnguardedWrites() calls than ".
        "beginUnguardedWrites() calls.");
    }
    self::$instance->allowDepth--;
  }
  /**
   * Allow execution of unguarded writes. This is ONLY appropriate for use in
   * script contexts or other contexts where you are guaranteed to never be
   * vulnerable to CSRF concerns. Calling this method is EXTREMELY DANGEROUS
   * if you do not understand the consequences.
   *
   * If you need to perform unguarded writes on an otherwise guarded workflow
   * which is vulnerable to CSRF, use @{method:beginUnguardedWrites}.
   *
   * @return void
   * @task disable
   */
  public static function allowDangerousUnguardedWrites($allow) {
    if (self::$instance) {
      throw new Exception(
        "You can not unconditionally disable AphrontWriteGuard by calling ".
        "allowDangerousUnguardedWrites() while a write guard is active. Use ".
        "beginUnguardedWrites() to temporarily allow unguarded writes.");
    }
    self::$allowUnguardedWrites = true;
  }
 /* -(  Internals  )---------------------------------------------------------- */
  /**
   * When the object is destroyed, make sure @{method:dispose} was called.
   *
   * @task internal
   */
  public function __destruct() {
    if (isset(self::$instance)) {
      throw new Exception(
        "AphrontWriteGuard was not properly disposed of! Call dispose() on ".
        "every AphrontWriteGuard object you instantiate.");
    }
  }
 }