mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-22 20:51:10 +01:00
156b156e77
Summary: Ref T7803. Ref T5873. I want to drive Conduit through more shared infrastructure, but can't currently add parameters automatically. Put a `getX()` around the `defineX()` methods so the parent can provide default behaviors. Also like 60% of methods don't define any special error types; don't require them to implement this method. I want to move away from this in general. Test Plan: - Ran `arc unit --everything`. - Called `conduit.query`. - Browsed Conduit UI. Reviewers: btrahan Reviewed By: btrahan Subscribers: hach-que, epriestley Maniphest Tasks: T5873, T7803 Differential Revision: https://secure.phabricator.com/D12380
92 lines
2.4 KiB
PHP
92 lines
2.4 KiB
PHP
<?php
|
|
|
|
final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {
|
|
|
|
public function getAPIMethodName() {
|
|
return 'conduit.getcertificate';
|
|
}
|
|
|
|
public function shouldRequireAuthentication() {
|
|
return false;
|
|
}
|
|
|
|
public function shouldAllowUnguardedWrites() {
|
|
// This method performs logging and is on the authentication pathway.
|
|
return true;
|
|
}
|
|
|
|
public function getMethodDescription() {
|
|
return 'Retrieve certificate information for a user.';
|
|
}
|
|
|
|
protected function defineParamTypes() {
|
|
return array(
|
|
'token' => 'required string',
|
|
'host' => 'required string',
|
|
);
|
|
}
|
|
|
|
protected function defineReturnType() {
|
|
return 'dict<string, any>';
|
|
}
|
|
|
|
protected function defineErrorTypes() {
|
|
return array(
|
|
'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',
|
|
'ERR-RATE-LIMIT' =>
|
|
'You have made too many invalid token requests recently. Wait before '.
|
|
'making more.',
|
|
);
|
|
}
|
|
|
|
protected function execute(ConduitAPIRequest $request) {
|
|
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
|
|
60 * 5);
|
|
|
|
if (count($failed_attempts) > 5) {
|
|
$this->logFailure($request);
|
|
throw new ConduitException('ERR-RATE-LIMIT');
|
|
}
|
|
|
|
$token = $request->getValue('token');
|
|
$info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
|
|
'token = %s',
|
|
trim($token));
|
|
|
|
if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
|
|
$this->logFailure($request, $info);
|
|
throw new ConduitException('ERR-BAD-TOKEN');
|
|
} else {
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$request->getUser(),
|
|
$info->getUserPHID(),
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
|
|
->save();
|
|
}
|
|
|
|
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
'phid = %s',
|
|
$info->getUserPHID());
|
|
if (!$user) {
|
|
throw new Exception('Certificate token points to an invalid user!');
|
|
}
|
|
|
|
return array(
|
|
'username' => $user->getUserName(),
|
|
'certificate' => $user->getConduitCertificate(),
|
|
);
|
|
}
|
|
|
|
private function logFailure(
|
|
ConduitAPIRequest $request,
|
|
PhabricatorConduitCertificateToken $info = null) {
|
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$request->getUser(),
|
|
$info ? $info->getUserPHID() : '-',
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
|
|
->save();
|
|
}
|
|
|
|
}
|