mirror of
https://we.phorge.it/source/phorge.git
synced 2025-02-03 10:28:23 +01:00
ec8581ab62
Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded. Test Plan: - Generated and revoked API tokens for myself. - Generated and revoked API tokens for bots. - Revoked temporary tokens for myself. - Clicked the link to the API tokens panel from the Conduit console. - Clicked all the cancel buttons in all the dialogs, too. In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots). Reviewers: chad Reviewed By: chad Maniphest Tasks: T11223 Differential Revision: https://secure.phabricator.com/D16185
100 lines
2.8 KiB
PHP
100 lines
2.8 KiB
PHP
<?php
|
|
|
|
final class PhabricatorConduitTokenTerminateController
|
|
extends PhabricatorConduitController {
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $request->getViewer();
|
|
$object_phid = $request->getStr('objectPHID');
|
|
$id = $request->getURIData('id');
|
|
|
|
if ($id) {
|
|
$token = id(new PhabricatorConduitTokenQuery())
|
|
->setViewer($viewer)
|
|
->withIDs(array($id))
|
|
->withExpired(false)
|
|
->requireCapabilities(
|
|
array(
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
PhabricatorPolicyCapability::CAN_EDIT,
|
|
))
|
|
->executeOne();
|
|
if (!$token) {
|
|
return new Aphront404Response();
|
|
}
|
|
|
|
$tokens = array($token);
|
|
$object_phid = $token->getObjectPHID();
|
|
|
|
$title = pht('Terminate API Token');
|
|
$body = pht(
|
|
'Really terminate this token? Any system using this token '.
|
|
'will no longer be able to make API requests.');
|
|
$submit_button = pht('Terminate Token');
|
|
} else {
|
|
$tokens = id(new PhabricatorConduitTokenQuery())
|
|
->setViewer($viewer)
|
|
->withObjectPHIDs(array($object_phid))
|
|
->withExpired(false)
|
|
->requireCapabilities(
|
|
array(
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
PhabricatorPolicyCapability::CAN_EDIT,
|
|
))
|
|
->execute();
|
|
|
|
$title = pht('Terminate API Tokens');
|
|
$body = pht(
|
|
'Really terminate all active API tokens? Any systems using these '.
|
|
'tokens will no longer be able to make API requests.');
|
|
$submit_button = pht('Terminate Tokens');
|
|
}
|
|
|
|
if ($object_phid != $viewer->getPHID()) {
|
|
$object = id(new PhabricatorObjectQuery())
|
|
->setViewer($viewer)
|
|
->withPHIDs(array($object_phid))
|
|
->executeOne();
|
|
if (!$object) {
|
|
return new Aphront404Response();
|
|
}
|
|
} else {
|
|
$object = $viewer;
|
|
}
|
|
|
|
$panel_uri = id(new PhabricatorConduitTokensSettingsPanel())
|
|
->setViewer($viewer)
|
|
->setUser($object)
|
|
->getPanelURI();
|
|
|
|
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
|
|
$viewer,
|
|
$request,
|
|
$panel_uri);
|
|
|
|
if (!$tokens) {
|
|
return $this->newDialog()
|
|
->setTitle(pht('No Tokens to Terminate'))
|
|
->appendParagraph(
|
|
pht('There are no API tokens to terminate.'))
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
if ($request->isFormPost()) {
|
|
foreach ($tokens as $token) {
|
|
$token
|
|
->setExpires(PhabricatorTime::getNow() - 60)
|
|
->save();
|
|
}
|
|
return id(new AphrontRedirectResponse())->setURI($panel_uri);
|
|
}
|
|
|
|
return $this->newDialog()
|
|
->setTitle($title)
|
|
->addHiddenInput('objectPHID', $object_phid)
|
|
->appendParagraph($body)
|
|
->addSubmitButton($submit_button)
|
|
->addCancelButton($panel_uri);
|
|
}
|
|
|
|
}
|