Give sessions real PHIDs and slightly modernize session queries

Summary: Ref T13222. See PHI873. I'm preparing to introduce a new MFA "Challenge" table which stores state about challenges we've issued (to bind challenges to sessions and prevent most challenge reuse). This table will reference sessions (since each challenge will be bound to a particular session) but sessions currently don't have PHIDs. Give them PHIDs and slightly modernize some related code. Test Plan: - Ran migrations. - Verified table got PHIDs. - Used `var_dump()` to dump an organic user session. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19881
2025-01-08 22:01:03 +01:00 · 2018-12-13 10:13:56 -08:00 · 2018-12-13 10:13:56 -08:00 · c58506aeaa
commit c58506aeaa
parent ecae936d97
8 changed files with 85 additions and 17 deletions
--- a/resources/sql/autopatches/20181213.auth.01.sessionphid.sql
+++ b/resources/sql/autopatches/20181213.auth.01.sessionphid.sql
@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_user.phabricator_session
+  ADD phid VARBINARY(64) NOT NULL;
--- a/resources/sql/autopatches/20181213.auth.02.populatephid.php
+++ b/resources/sql/autopatches/20181213.auth.02.populatephid.php
@ -0,0 +1,18 @@
+<?php
+
+$table = new PhabricatorAuthSession();
+$iterator = new LiskMigrationIterator($table);
+$conn = $table->establishConnection('w');
+
+foreach ($iterator as $session) {
+  if (strlen($session->getPHID())) {
+    continue;
+  }
+
+  queryfx(
+    $conn,
+    'UPDATE %R SET phid = %s WHERE id = %d',
+    $table,
+    $session->generatePHID(),
+    $session->getID());
+}
--- a/resources/sql/autopatches/20181213.auth.03.phidkey.sql
+++ b/resources/sql/autopatches/20181213.auth.03.phidkey.sql
@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_user.phabricator_session
+  ADD UNIQUE KEY `key_phid` (phid);
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -2296,6 +2296,7 @@ phutil_register_library_map(array(
    'PhabricatorAuthSessionEngineExtensionModule' => 'applications/auth/engine/PhabricatorAuthSessionEngineExtensionModule.php',
    'PhabricatorAuthSessionGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthSessionGarbageCollector.php',
    'PhabricatorAuthSessionInfo' => 'applications/auth/data/PhabricatorAuthSessionInfo.php',
+    'PhabricatorAuthSessionPHIDType' => 'applications/auth/phid/PhabricatorAuthSessionPHIDType.php',
    'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php',
    'PhabricatorAuthSessionRevoker' => 'applications/auth/revoker/PhabricatorAuthSessionRevoker.php',
    'PhabricatorAuthSetPasswordController' => 'applications/auth/controller/PhabricatorAuthSetPasswordController.php',
@ -7948,6 +7949,7 @@ phutil_register_library_map(array(
    'PhabricatorAuthSessionEngineExtensionModule' => 'PhabricatorConfigModule',
    'PhabricatorAuthSessionGarbageCollector' => 'PhabricatorGarbageCollector',
    'PhabricatorAuthSessionInfo' => 'Phobject',
+    'PhabricatorAuthSessionPHIDType' => 'PhabricatorPHIDType',
    'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
    'PhabricatorAuthSessionRevoker' => 'PhabricatorAuthRevoker',
    'PhabricatorAuthSetPasswordController' => 'PhabricatorAuthController',
--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
@ -119,6 +119,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
      $conn_r,
      'SELECT
          s.id AS s_id,
+          s.phid AS s_phid,
          s.sessionExpires AS s_sessionExpires,
          s.sessionStart AS s_sessionStart,
          s.highSecurityUntil AS s_highSecurityUntil,
--- a/src/applications/auth/phid/PhabricatorAuthSessionPHIDType.php
+++ b/src/applications/auth/phid/PhabricatorAuthSessionPHIDType.php
@ -0,0 +1,34 @@
+<?php
+
+final class PhabricatorAuthSessionPHIDType
+  extends PhabricatorPHIDType {
+
+  const TYPECONST = 'SSSN';
+
+  public function getTypeName() {
+    return pht('Session');
+  }
+
+  public function newObject() {
+    return new PhabricatorAuthSession();
+  }
+
+  public function getPHIDTypeApplicationClass() {
+    return 'PhabricatorAuthApplication';
+  }
+
+  protected function buildQueryForObjects(
+    PhabricatorObjectQuery $query,
+    array $phids) {
+    return id(new PhabricatorAuthSessionQuery())
+      ->withPHIDs($phids);
+  }
+
+  public function loadHandles(
+    PhabricatorHandleQuery $query,
+    array $handles,
+    array $objects) {
+    return;
+  }
+
+}
--- a/src/applications/auth/query/PhabricatorAuthSessionQuery.php
+++ b/src/applications/auth/query/PhabricatorAuthSessionQuery.php
@ -4,6 +4,7 @@ final class PhabricatorAuthSessionQuery
  extends PhabricatorCursorPagedPolicyAwareQuery {

  private $ids;
+  private $phids;
  private $identityPHIDs;
  private $sessionKeys;
  private $sessionTypes;
@ -28,19 +29,17 @@ final class PhabricatorAuthSessionQuery
    return $this;
  }

+  public function withPHIDs(array $phids) {
+    $this->phids = $phids;
+    return $this;
+  }
+
+  public function newResultObject() {
+    return new PhabricatorAuthSession();
+  }
+
  protected function loadPage() {
-    $table = new PhabricatorAuthSession();
-    $conn_r = $table->establishConnection('r');
-
-    $data = queryfx_all(
-      $conn_r,
-      'SELECT * FROM %T %Q %Q %Q',
-      $table->getTableName(),
-      $this->buildWhereClause($conn_r),
-      $this->buildOrderClause($conn_r),
-      $this->buildLimitClause($conn_r));
-
-    return $table->loadAllFromArray($data);
+    return $this->loadStandardPage($this->newResultObject());
  }

  protected function willFilterPage(array $sessions) {
@ -65,8 +64,8 @@ final class PhabricatorAuthSessionQuery
    return $sessions;
  }

-  protected function buildWhereClause(AphrontDatabaseConnection $conn) {
-    $where = array();
+  protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
+    $where = parent::buildWhereClauseParts($conn);

    if ($this->ids !== null) {
      $where[] = qsprintf(
@ -75,6 +74,13 @@ final class PhabricatorAuthSessionQuery
        $this->ids);
    }

+    if ($this->phids !== null) {
+      $where[] = qsprintf(
+        $conn,
+        'phid IN (%Ls)',
+        $this->phids);
+    }
+
    if ($this->identityPHIDs !== null) {
      $where[] = qsprintf(
        $conn,
@ -100,9 +106,7 @@ final class PhabricatorAuthSessionQuery
        $this->sessionTypes);
    }

-    $where[] = $this->buildPagingClause($conn);
-
-    return $this->formatWhereClause($conn, $where);
+    return $where;
  }

  public function getQueryApplicationClass() {
--- a/src/applications/auth/storage/PhabricatorAuthSession.php
+++ b/src/applications/auth/storage/PhabricatorAuthSession.php
@ -20,6 +20,7 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO
  protected function getConfiguration() {
    return array(
      self::CONFIG_TIMESTAMPS => false,
+      self::CONFIG_AUX_PHID => true,
      self::CONFIG_COLUMN_SCHEMA => array(
        'type' => 'text32',
        'sessionKey' => 'bytes40',
@ -74,6 +75,10 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO
    }
  }

+  public function getPHIDType() {
+    return PhabricatorAuthSessionPHIDType::TYPECONST;
+  }
+
  public function isHighSecuritySession() {
    $until = $this->getHighSecurityUntil();