mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-10 06:41:04 +01:00
Give sessions real PHIDs and slightly modernize session queries
Summary: Ref T13222. See PHI873. I'm preparing to introduce a new MFA "Challenge" table which stores state about challenges we've issued (to bind challenges to sessions and prevent most challenge reuse). This table will reference sessions (since each challenge will be bound to a particular session) but sessions currently don't have PHIDs. Give them PHIDs and slightly modernize some related code. Test Plan: - Ran migrations. - Verified table got PHIDs. - Used `var_dump()` to dump an organic user session. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19881
This commit is contained in:
parent
ecae936d97
commit
c58506aeaa
8 changed files with 85 additions and 17 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
ALTER TABLE {$NAMESPACE}_user.phabricator_session
|
||||||
|
ADD phid VARBINARY(64) NOT NULL;
|
18
resources/sql/autopatches/20181213.auth.02.populatephid.php
Normal file
18
resources/sql/autopatches/20181213.auth.02.populatephid.php
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$table = new PhabricatorAuthSession();
|
||||||
|
$iterator = new LiskMigrationIterator($table);
|
||||||
|
$conn = $table->establishConnection('w');
|
||||||
|
|
||||||
|
foreach ($iterator as $session) {
|
||||||
|
if (strlen($session->getPHID())) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
queryfx(
|
||||||
|
$conn,
|
||||||
|
'UPDATE %R SET phid = %s WHERE id = %d',
|
||||||
|
$table,
|
||||||
|
$session->generatePHID(),
|
||||||
|
$session->getID());
|
||||||
|
}
|
2
resources/sql/autopatches/20181213.auth.03.phidkey.sql
Normal file
2
resources/sql/autopatches/20181213.auth.03.phidkey.sql
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
ALTER TABLE {$NAMESPACE}_user.phabricator_session
|
||||||
|
ADD UNIQUE KEY `key_phid` (phid);
|
|
@ -2296,6 +2296,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthSessionEngineExtensionModule' => 'applications/auth/engine/PhabricatorAuthSessionEngineExtensionModule.php',
|
'PhabricatorAuthSessionEngineExtensionModule' => 'applications/auth/engine/PhabricatorAuthSessionEngineExtensionModule.php',
|
||||||
'PhabricatorAuthSessionGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthSessionGarbageCollector.php',
|
'PhabricatorAuthSessionGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthSessionGarbageCollector.php',
|
||||||
'PhabricatorAuthSessionInfo' => 'applications/auth/data/PhabricatorAuthSessionInfo.php',
|
'PhabricatorAuthSessionInfo' => 'applications/auth/data/PhabricatorAuthSessionInfo.php',
|
||||||
|
'PhabricatorAuthSessionPHIDType' => 'applications/auth/phid/PhabricatorAuthSessionPHIDType.php',
|
||||||
'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php',
|
'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php',
|
||||||
'PhabricatorAuthSessionRevoker' => 'applications/auth/revoker/PhabricatorAuthSessionRevoker.php',
|
'PhabricatorAuthSessionRevoker' => 'applications/auth/revoker/PhabricatorAuthSessionRevoker.php',
|
||||||
'PhabricatorAuthSetPasswordController' => 'applications/auth/controller/PhabricatorAuthSetPasswordController.php',
|
'PhabricatorAuthSetPasswordController' => 'applications/auth/controller/PhabricatorAuthSetPasswordController.php',
|
||||||
|
@ -7948,6 +7949,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthSessionEngineExtensionModule' => 'PhabricatorConfigModule',
|
'PhabricatorAuthSessionEngineExtensionModule' => 'PhabricatorConfigModule',
|
||||||
'PhabricatorAuthSessionGarbageCollector' => 'PhabricatorGarbageCollector',
|
'PhabricatorAuthSessionGarbageCollector' => 'PhabricatorGarbageCollector',
|
||||||
'PhabricatorAuthSessionInfo' => 'Phobject',
|
'PhabricatorAuthSessionInfo' => 'Phobject',
|
||||||
|
'PhabricatorAuthSessionPHIDType' => 'PhabricatorPHIDType',
|
||||||
'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
||||||
'PhabricatorAuthSessionRevoker' => 'PhabricatorAuthRevoker',
|
'PhabricatorAuthSessionRevoker' => 'PhabricatorAuthRevoker',
|
||||||
'PhabricatorAuthSetPasswordController' => 'PhabricatorAuthController',
|
'PhabricatorAuthSetPasswordController' => 'PhabricatorAuthController',
|
||||||
|
|
|
@ -119,6 +119,7 @@ final class PhabricatorAuthSessionEngine extends Phobject {
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'SELECT
|
'SELECT
|
||||||
s.id AS s_id,
|
s.id AS s_id,
|
||||||
|
s.phid AS s_phid,
|
||||||
s.sessionExpires AS s_sessionExpires,
|
s.sessionExpires AS s_sessionExpires,
|
||||||
s.sessionStart AS s_sessionStart,
|
s.sessionStart AS s_sessionStart,
|
||||||
s.highSecurityUntil AS s_highSecurityUntil,
|
s.highSecurityUntil AS s_highSecurityUntil,
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthSessionPHIDType
|
||||||
|
extends PhabricatorPHIDType {
|
||||||
|
|
||||||
|
const TYPECONST = 'SSSN';
|
||||||
|
|
||||||
|
public function getTypeName() {
|
||||||
|
return pht('Session');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function newObject() {
|
||||||
|
return new PhabricatorAuthSession();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getPHIDTypeApplicationClass() {
|
||||||
|
return 'PhabricatorAuthApplication';
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function buildQueryForObjects(
|
||||||
|
PhabricatorObjectQuery $query,
|
||||||
|
array $phids) {
|
||||||
|
return id(new PhabricatorAuthSessionQuery())
|
||||||
|
->withPHIDs($phids);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function loadHandles(
|
||||||
|
PhabricatorHandleQuery $query,
|
||||||
|
array $handles,
|
||||||
|
array $objects) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -4,6 +4,7 @@ final class PhabricatorAuthSessionQuery
|
||||||
extends PhabricatorCursorPagedPolicyAwareQuery {
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
||||||
|
|
||||||
private $ids;
|
private $ids;
|
||||||
|
private $phids;
|
||||||
private $identityPHIDs;
|
private $identityPHIDs;
|
||||||
private $sessionKeys;
|
private $sessionKeys;
|
||||||
private $sessionTypes;
|
private $sessionTypes;
|
||||||
|
@ -28,19 +29,17 @@ final class PhabricatorAuthSessionQuery
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function withPHIDs(array $phids) {
|
||||||
|
$this->phids = $phids;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function newResultObject() {
|
||||||
|
return new PhabricatorAuthSession();
|
||||||
|
}
|
||||||
|
|
||||||
protected function loadPage() {
|
protected function loadPage() {
|
||||||
$table = new PhabricatorAuthSession();
|
return $this->loadStandardPage($this->newResultObject());
|
||||||
$conn_r = $table->establishConnection('r');
|
|
||||||
|
|
||||||
$data = queryfx_all(
|
|
||||||
$conn_r,
|
|
||||||
'SELECT * FROM %T %Q %Q %Q',
|
|
||||||
$table->getTableName(),
|
|
||||||
$this->buildWhereClause($conn_r),
|
|
||||||
$this->buildOrderClause($conn_r),
|
|
||||||
$this->buildLimitClause($conn_r));
|
|
||||||
|
|
||||||
return $table->loadAllFromArray($data);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function willFilterPage(array $sessions) {
|
protected function willFilterPage(array $sessions) {
|
||||||
|
@ -65,8 +64,8 @@ final class PhabricatorAuthSessionQuery
|
||||||
return $sessions;
|
return $sessions;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function buildWhereClause(AphrontDatabaseConnection $conn) {
|
protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
|
||||||
$where = array();
|
$where = parent::buildWhereClauseParts($conn);
|
||||||
|
|
||||||
if ($this->ids !== null) {
|
if ($this->ids !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
|
@ -75,6 +74,13 @@ final class PhabricatorAuthSessionQuery
|
||||||
$this->ids);
|
$this->ids);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($this->phids !== null) {
|
||||||
|
$where[] = qsprintf(
|
||||||
|
$conn,
|
||||||
|
'phid IN (%Ls)',
|
||||||
|
$this->phids);
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->identityPHIDs !== null) {
|
if ($this->identityPHIDs !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn,
|
$conn,
|
||||||
|
@ -100,9 +106,7 @@ final class PhabricatorAuthSessionQuery
|
||||||
$this->sessionTypes);
|
$this->sessionTypes);
|
||||||
}
|
}
|
||||||
|
|
||||||
$where[] = $this->buildPagingClause($conn);
|
return $where;
|
||||||
|
|
||||||
return $this->formatWhereClause($conn, $where);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getQueryApplicationClass() {
|
public function getQueryApplicationClass() {
|
||||||
|
|
|
@ -20,6 +20,7 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO
|
||||||
protected function getConfiguration() {
|
protected function getConfiguration() {
|
||||||
return array(
|
return array(
|
||||||
self::CONFIG_TIMESTAMPS => false,
|
self::CONFIG_TIMESTAMPS => false,
|
||||||
|
self::CONFIG_AUX_PHID => true,
|
||||||
self::CONFIG_COLUMN_SCHEMA => array(
|
self::CONFIG_COLUMN_SCHEMA => array(
|
||||||
'type' => 'text32',
|
'type' => 'text32',
|
||||||
'sessionKey' => 'bytes40',
|
'sessionKey' => 'bytes40',
|
||||||
|
@ -74,6 +75,10 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getPHIDType() {
|
||||||
|
return PhabricatorAuthSessionPHIDType::TYPECONST;
|
||||||
|
}
|
||||||
|
|
||||||
public function isHighSecuritySession() {
|
public function isHighSecuritySession() {
|
||||||
$until = $this->getHighSecurityUntil();
|
$until = $this->getHighSecurityUntil();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue