From cf15e0de4386416f6565d25fd40e90610184cb29 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 16 Mar 2016 05:17:41 -0700
Subject: [PATCH] Modularize temporary token types

Summary:
Ref T10603. For LFS, we need to issue a new type of temporary token.

This makes the temporary token code modular so applications can add new token types without modifying the Auth application.

(I'm moving slowly here because it impacts authentication.)

Test Plan:
  - Used `bin/auth recover` to get a one-time token from the CLI.
  - Used "Forgot your password?" to get a one-time token from the web UI.
  - Followed the web UI token to initiate a password reset, prompting generation of a password token.
  - Viewed these tokens in the web UI:

{F1176908}

  - Revoked a token.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15475
---
 src/__phutil_library_map__.php                |  6 ++++
 .../storage/PhabricatorAuthTemporaryToken.php | 28 +++++++++++--------
 ...atorAuthOneTimeLoginTemporaryTokenType.php | 17 +++++++++++
 ...torAuthPasswordResetTemporaryTokenType.php | 17 +++++++++++
 .../PhabricatorAuthTemporaryTokenType.php     | 24 ++++++++++++++++
 5 files changed, 81 insertions(+), 11 deletions(-)
 create mode 100644 src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
 create mode 100644 src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
 create mode 100644 src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index f253b328b2..643467646d 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1816,6 +1816,8 @@ phutil_register_library_map(array(
     'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
     'PhabricatorAuthOldOAuthRedirectController' => 'applications/auth/controller/PhabricatorAuthOldOAuthRedirectController.php',
     'PhabricatorAuthOneTimeLoginController' => 'applications/auth/controller/PhabricatorAuthOneTimeLoginController.php',
+    'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php',
+    'PhabricatorAuthPasswordResetTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php',
     'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
     'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
     'PhabricatorAuthProviderConfigController' => 'applications/auth/controller/config/PhabricatorAuthProviderConfigController.php',
@@ -1844,6 +1846,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php',
     'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php',
     'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php',
+    'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php',
     'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php',
     'PhabricatorAuthTryFactorAction' => 'applications/auth/action/PhabricatorAuthTryFactorAction.php',
     'PhabricatorAuthUnlinkController' => 'applications/auth/controller/PhabricatorAuthUnlinkController.php',
@@ -6123,6 +6126,8 @@ phutil_register_library_map(array(
     'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
     'PhabricatorAuthOldOAuthRedirectController' => 'PhabricatorAuthController',
     'PhabricatorAuthOneTimeLoginController' => 'PhabricatorAuthController',
+    'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
+    'PhabricatorAuthPasswordResetTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
     'PhabricatorAuthProvider' => 'Phobject',
     'PhabricatorAuthProviderConfig' => array(
       'PhabricatorAuthDAO',
@@ -6165,6 +6170,7 @@ phutil_register_library_map(array(
     ),
     'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector',
     'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
+    'PhabricatorAuthTemporaryTokenType' => 'Phobject',
     'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController',
     'PhabricatorAuthTryFactorAction' => 'PhabricatorSystemAction',
     'PhabricatorAuthUnlinkController' => 'PhabricatorAuthController',
diff --git a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
index e379a6aaeb..93e491bdb0 100644
--- a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
+++ b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
@@ -31,14 +31,21 @@ final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
     ) + parent::getConfiguration();
   }
 
+  private function newTokenTypeImplementation() {
+    $types = PhabricatorAuthTemporaryTokenType::getAllTypes();
+
+    $type = idx($types, $this->tokenType);
+    if ($type) {
+      return clone $type;
+    }
+
+    return null;
+  }
+
   public function getTokenReadableTypeName() {
-    // Eventually, it would be nice to let applications implement token types
-    // so we can put this in modular subclasses.
-    switch ($this->tokenType) {
-      case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
-        return pht('One-Time Login Token');
-      case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
-        return pht('Password Reset Token');
+    $type = $this->newTokenTypeImplementation();
+    if ($type) {
+      return $type->getTokenReadableTypeName($this);
     }
 
     return $this->tokenType;
@@ -49,10 +56,9 @@ final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
       return false;
     }
 
-    switch ($this->tokenType) {
-      case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
-      case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
-        return true;
+    $type = $this->newTokenTypeImplementation();
+    if ($type) {
+      return $type->isTokenRevocable($this);
     }
 
     return false;
diff --git a/src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php b/src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
new file mode 100644
index 0000000000..f48956ff87
--- /dev/null
+++ b/src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
@@ -0,0 +1,17 @@
+<?php
+
+final class PhabricatorAuthOneTimeLoginTemporaryTokenType
+  extends PhabricatorAuthTemporaryTokenType {
+
+  const TOKENTYPE = 'login:onetime';
+
+  public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token) {
+    return pht('One-Time Login Token');
+  }
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return true;
+  }
+
+}
diff --git a/src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php b/src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
new file mode 100644
index 0000000000..bd82bca596
--- /dev/null
+++ b/src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
@@ -0,0 +1,17 @@
+<?php
+
+final class PhabricatorAuthPasswordResetTemporaryTokenType
+  extends PhabricatorAuthTemporaryTokenType {
+
+  const TOKENTYPE = 'login:password';
+
+  public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token) {
+    return pht('Password Reset Token');
+  }
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return true;
+  }
+
+}
diff --git a/src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php b/src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
new file mode 100644
index 0000000000..aaad89504c
--- /dev/null
+++ b/src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
@@ -0,0 +1,24 @@
+<?php
+
+abstract class PhabricatorAuthTemporaryTokenType
+  extends Phobject {
+
+  abstract public function getTokenReadableTypeName(
+    PhabricatorAuthTemporaryToken $token);
+
+  public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
+    return false;
+  }
+
+  final public function getTokenTypeConstant() {
+    return $this->getPhobjectClassConstant('TOKENTYPE', 64);
+  }
+
+  final public static function getAllTypes() {
+    return id(new PhutilClassMapQuery())
+      ->setAncestorClass(__CLASS__)
+      ->setUniqueMethod('getTokenTypeConstant')
+      ->execute();
+  }
+
+}