Replace "web" and "conduit" magic session strings with constants

Summary: Ref T4310. Ref T3720. We use bare strings to refer to session types in several places right now; use constants instead.

Test Plan: grep; logged out; logged in; ran Conduit commands.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4310, T3720

Differential Revision: https://secure.phabricator.com/D7963

src/applications/auth/controller/PhabricatorAuthController.php

@@ -65,7 +65,7 @@ abstract class PhabricatorAuthController extends PhabricatorController {
   protected function loginUser(PhabricatorUser $user) {
 
     $response = $this->buildLoginValidateResponse($user);
-    $session_type = 'web';
+    $session_type = PhabricatorAuthSession::TYPE_WEB;
 
     $event_type = PhabricatorEventType::TYPE_AUTH_WILLLOGINUSER;
     $event_data = array(

src/applications/auth/engine/PhabricatorAuthSessionEngine.php

@@ -36,7 +36,8 @@ final class PhabricatorAuthSessionEngine extends Phobject {
    * You can configure the maximum number of concurrent sessions for various
    * session types in the Phabricator configuration.
    *
-   * @param   string  Session type, like "web".
+   * @param   const   Session type constant (see
+   *                  @{class:PhabricatorAuthSession}).
    * @param   phid    Identity to establish a session for, usually a user PHID.
    * @return  string  Newly generated session key.
    */
@@ -56,10 +57,10 @@ final class PhabricatorAuthSessionEngine extends Phobject {
 
     $session_limit = 1;
     switch ($session_type) {
-      case 'web':
+      case PhabricatorAuthSession::TYPE_WEB:
         $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web');
         break;
-      case 'conduit':
+      case PhabricatorAuthSession::TYPE_CONDUIT:
         $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit');
         break;
       default:

src/applications/auth/storage/PhabricatorAuthSession.php

@@ -3,6 +3,9 @@
 final class PhabricatorAuthSession extends PhabricatorAuthDAO
   implements PhabricatorPolicyInterface {
 
+  const TYPE_WEB      = 'web';
+  const TYPE_CONDUIT  = 'conduit';
+
   protected $userPHID;
   protected $type;
   protected $sessionKey;

src/applications/base/controller/PhabricatorController.php

@@ -38,7 +38,7 @@ abstract class PhabricatorController extends AphrontController {
       $phsid = $request->getCookie('phsid');
       if ($phsid) {
         $session_user = id(new PhabricatorAuthSessionEngine())
-          ->loadUserForSession('web', $phsid);
+          ->loadUserForSession(PhabricatorAuthSession::TYPE_WEB, $phsid);
         if ($session_user) {
           $user = $session_user;
         }

src/applications/conduit/controller/PhabricatorConduitAPIController.php

@@ -280,7 +280,7 @@ final class PhabricatorConduitAPIController
     }
 
     $user = id(new PhabricatorAuthSessionEngine())
-      ->loadUserForSession('conduit', $session_key);
+      ->loadUserForSession(PhabricatorAuthSession::TYPE_CONDUIT, $session_key);
 
     if (!$user) {
       return array(

src/applications/conduit/method/ConduitAPI_conduit_connect_Method.php

@@ -143,7 +143,9 @@ final class ConduitAPI_conduit_connect_Method extends ConduitAPIMethod {
         throw new ConduitException('ERR-INVALID-CERTIFICATE');
       }
       $session_key = id(new PhabricatorAuthSessionEngine())
-        ->establishSession('conduit', $user->getPHID());
+        ->establishSession(
+          PhabricatorAuthSession::TYPE_CONDUIT,
+          $user->getPHID());
     } else {
       throw new ConduitException('ERR-NO-CERTIFICATE');
     }

src/applications/settings/panel/PhabricatorSettingsPanelConduit.php

@@ -37,7 +37,7 @@ final class PhabricatorSettingsPanelConduit
       $sessions = id(new PhabricatorAuthSessionQuery())
         ->setViewer($user)
         ->withIdentityPHIDs(array($user->getPHID()))
-        ->withSessionTypes(array('conduit'))
+        ->withSessionTypes(array(PhabricatorAuthSession::TYPE_CONDUIT))
         ->execute();
       foreach ($sessions as $session) {
         $session->delete();