Modularize temporary token types

Summary: Ref T10603. For LFS, we need to issue a new type of temporary token. This makes the temporary token code modular so applications can add new token types without modifying the Auth application. (I'm moving slowly here because it impacts authentication.) Test Plan: - Used `bin/auth recover` to get a one-time token from the CLI. - Used "Forgot your password?" to get a one-time token from the web UI. - Followed the web UI token to initiate a password reset, prompting generation of a password token. - Viewed these tokens in the web UI: {F1176908} - Revoked a token. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10603 Differential Revision: https://secure.phabricator.com/D15475
2024-12-18 19:40:55 +01:00 · 2016-03-16 05:17:41 -07:00 · 2016-03-16 05:17:41 -07:00 · cf15e0de43
commit cf15e0de43
parent 121e68e3ad
5 changed files with 81 additions and 11 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -1816,6 +1816,8 @@ phutil_register_library_map(array(
    'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
    'PhabricatorAuthOldOAuthRedirectController' => 'applications/auth/controller/PhabricatorAuthOldOAuthRedirectController.php',
    'PhabricatorAuthOneTimeLoginController' => 'applications/auth/controller/PhabricatorAuthOneTimeLoginController.php',
+    'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php',
+    'PhabricatorAuthPasswordResetTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php',
    'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
    'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
    'PhabricatorAuthProviderConfigController' => 'applications/auth/controller/config/PhabricatorAuthProviderConfigController.php',
@ -1844,6 +1846,7 @@ phutil_register_library_map(array(
    'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php',
    'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php',
    'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php',
+    'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php',
    'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php',
    'PhabricatorAuthTryFactorAction' => 'applications/auth/action/PhabricatorAuthTryFactorAction.php',
    'PhabricatorAuthUnlinkController' => 'applications/auth/controller/PhabricatorAuthUnlinkController.php',
@ -6123,6 +6126,8 @@ phutil_register_library_map(array(
    'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
    'PhabricatorAuthOldOAuthRedirectController' => 'PhabricatorAuthController',
    'PhabricatorAuthOneTimeLoginController' => 'PhabricatorAuthController',
+    'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
+    'PhabricatorAuthPasswordResetTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
    'PhabricatorAuthProvider' => 'Phobject',
    'PhabricatorAuthProviderConfig' => array(
      'PhabricatorAuthDAO',
@ -6165,6 +6170,7 @@ phutil_register_library_map(array(
    ),
    'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector',
    'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'PhabricatorAuthTemporaryTokenType' => 'Phobject',
    'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController',
    'PhabricatorAuthTryFactorAction' => 'PhabricatorSystemAction',
    'PhabricatorAuthUnlinkController' => 'PhabricatorAuthController',
--- a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
+++ b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
@ -31,14 +31,21 @@ final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
    ) + parent::getConfiguration();
  }

+  private function newTokenTypeImplementation() {
+    $types = PhabricatorAuthTemporaryTokenType::getAllTypes();
+
+    $type = idx($types, $this->tokenType);
+    if ($type) {
+      return clone $type;
+    }
+
+    return null;
+  }
+
  public function getTokenReadableTypeName() {
-    // Eventually, it would be nice to let applications implement token types
-    // so we can put this in modular subclasses.
-    switch ($this->tokenType) {
-      case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
-        return pht('One-Time Login Token');
-      case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
-        return pht('Password Reset Token');
+    $type = $this->newTokenTypeImplementation();
+    if ($type) {
+      return $type->getTokenReadableTypeName($this);
    }

    return $this->tokenType;
@ -49,10 +56,9 @@ final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
      return false;
    }

-    switch ($this->tokenType) {
-      case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
-      case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
-        return true;
+    $type = $this->newTokenTypeImplementation();
+    if ($type) {
+      return $type->isTokenRevocable($this);
    }

    return false;
--- a/src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
+++ b/src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
@ -0,0 +1,17 @@
+<?php
+
+final class PhabricatorAuthOneTimeLoginTemporaryTokenType
+  extends PhabricatorAuthTemporaryTokenType {
+
+  const TOKENTYPE = 'login:onetime';
+
+  public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token) {
+    return pht('One-Time Login Token');
+  }
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return true;
+  }
+
+}
--- a/src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
+++ b/src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
@ -0,0 +1,17 @@
+<?php
+
+final class PhabricatorAuthPasswordResetTemporaryTokenType
+  extends PhabricatorAuthTemporaryTokenType {
+
+  const TOKENTYPE = 'login:password';
+
+  public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token) {
+    return pht('Password Reset Token');
+  }
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return true;
+  }
+
+}
--- a/src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
+++ b/src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
@ -0,0 +1,24 @@
+<?php
+
+abstract class PhabricatorAuthTemporaryTokenType
+  extends Phobject {
+
+  abstract public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token);
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return false;
+  }
+
+  final public function getTokenTypeConstant() {
+    return $this->getPhobjectClassConstant('TOKENTYPE', 64);
+  }
+
+  final public static function getAllTypes() {
+    return id(new PhutilClassMapQuery())
+      ->setAncestorClass(__CLASS__)
+      ->setUniqueMethod('getTokenTypeConstant')
+      ->execute();
+  }
+
+}