1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 06:20:56 +01:00
phorge-phorge/src/applications/conduit/method/ConduitGetCapabilitiesConduitAPIMethod.php
epriestley 60133b6fa5 Begin cleaning up OAuth scope handling
Summary:
Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information.

Test Plan:
  - Used a token to call `user.whoami`.
  - Used a token to call `conduit.query`.
  - Used a token to try to call `user.query`, got rebuffed.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15593
2016-04-04 09:11:51 -07:00

60 lines
1.2 KiB
PHP

<?php
final class ConduitGetCapabilitiesConduitAPIMethod extends ConduitAPIMethod {
public function getAPIMethodName() {
return 'conduit.getcapabilities';
}
public function shouldRequireAuthentication() {
return false;
}
public function getMethodDescription() {
return pht(
'List capabilities, wire formats, and authentication protocols '.
'available on this server.');
}
protected function defineParamTypes() {
return array();
}
protected function defineReturnType() {
return 'dict<string, any>';
}
public function getRequiredScope() {
return self::SCOPE_ALWAYS;
}
protected function execute(ConduitAPIRequest $request) {
$authentication = array(
'token',
'asymmetric',
'session',
'sessionless',
);
$oauth_app = 'PhabricatorOAuthServerApplication';
if (PhabricatorApplication::isClassInstalled($oauth_app)) {
$authentication[] = 'oauth';
}
return array(
'authentication' => $authentication,
'signatures' => array(
'consign',
),
'input' => array(
'json',
'urlencoded',
),
'output' => array(
'json',
'human',
),
);
}
}