mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 06:20:56 +01:00
60133b6fa5
Summary: Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess. Also introduce implicit "ALWAYS" and "NEVER" scopes. Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information. Test Plan: - Used a token to call `user.whoami`. - Used a token to call `conduit.query`. - Used a token to try to call `user.query`, got rebuffed. Reviewers: chad Reviewed By: chad Maniphest Tasks: T7303 Differential Revision: https://secure.phabricator.com/D15593
60 lines
1.2 KiB
PHP
60 lines
1.2 KiB
PHP
<?php
|
|
|
|
final class ConduitGetCapabilitiesConduitAPIMethod extends ConduitAPIMethod {
|
|
|
|
public function getAPIMethodName() {
|
|
return 'conduit.getcapabilities';
|
|
}
|
|
|
|
public function shouldRequireAuthentication() {
|
|
return false;
|
|
}
|
|
|
|
public function getMethodDescription() {
|
|
return pht(
|
|
'List capabilities, wire formats, and authentication protocols '.
|
|
'available on this server.');
|
|
}
|
|
|
|
protected function defineParamTypes() {
|
|
return array();
|
|
}
|
|
|
|
protected function defineReturnType() {
|
|
return 'dict<string, any>';
|
|
}
|
|
|
|
public function getRequiredScope() {
|
|
return self::SCOPE_ALWAYS;
|
|
}
|
|
|
|
protected function execute(ConduitAPIRequest $request) {
|
|
$authentication = array(
|
|
'token',
|
|
'asymmetric',
|
|
'session',
|
|
'sessionless',
|
|
);
|
|
|
|
$oauth_app = 'PhabricatorOAuthServerApplication';
|
|
if (PhabricatorApplication::isClassInstalled($oauth_app)) {
|
|
$authentication[] = 'oauth';
|
|
}
|
|
|
|
return array(
|
|
'authentication' => $authentication,
|
|
'signatures' => array(
|
|
'consign',
|
|
),
|
|
'input' => array(
|
|
'json',
|
|
'urlencoded',
|
|
),
|
|
'output' => array(
|
|
'json',
|
|
'human',
|
|
),
|
|
);
|
|
}
|
|
|
|
}
|