1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-11 16:16:14 +01:00
phorge-phorge/src/applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php
epriestley a837c3d73e Make temporary token storage/schema more flexible
Summary:
Ref T10603. This makes minor updates to temporary tokens:

  - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?).
  - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).

Test Plan:
- Ran `bin/storage upgrade -f`, got a clean upgrade.
- Viewed one-time tokens.
- Revoked one token.
- Revoked all tokens.
- Performed a one-time login.
- Performed a password reset.
- Added an MFA token.
- Removed an MFA token.
- Used a file token to view a file.
- Verified file token was removed after viewing file.
- Linked my account to an OAuth1 account (Twitter).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15478
2016-03-16 09:33:38 -07:00

110 lines
2.2 KiB
PHP

<?php
final class PhabricatorAuthTemporaryTokenQuery
extends PhabricatorCursorPagedPolicyAwareQuery {
private $ids;
private $tokenResources;
private $tokenTypes;
private $userPHIDs;
private $expired;
private $tokenCodes;
public function withIDs(array $ids) {
$this->ids = $ids;
return $this;
}
public function withTokenResources(array $resources) {
$this->tokenResources = $resources;
return $this;
}
public function withTokenTypes(array $types) {
$this->tokenTypes = $types;
return $this;
}
public function withExpired($expired) {
$this->expired = $expired;
return $this;
}
public function withTokenCodes(array $codes) {
$this->tokenCodes = $codes;
return $this;
}
public function withUserPHIDs(array $phids) {
$this->userPHIDs = $phids;
return $this;
}
public function newResultObject() {
return new PhabricatorAuthTemporaryToken();
}
protected function loadPage() {
return $this->loadStandardPage($this->newResultObject());
}
protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
$where = parent::buildWhereClauseParts($conn);
if ($this->ids !== null) {
$where[] = qsprintf(
$conn,
'id IN (%Ld)',
$this->ids);
}
if ($this->tokenResources !== null) {
$where[] = qsprintf(
$conn,
'tokenResource IN (%Ls)',
$this->tokenResources);
}
if ($this->tokenTypes !== null) {
$where[] = qsprintf(
$conn,
'tokenType IN (%Ls)',
$this->tokenTypes);
}
if ($this->expired !== null) {
if ($this->expired) {
$where[] = qsprintf(
$conn,
'tokenExpires <= %d',
time());
} else {
$where[] = qsprintf(
$conn,
'tokenExpires > %d',
time());
}
}
if ($this->tokenCodes !== null) {
$where[] = qsprintf(
$conn,
'tokenCode IN (%Ls)',
$this->tokenCodes);
}
if ($this->userPHIDs !== null) {
$where[] = qsprintf(
$conn,
'userPHID IN (%Ls)',
$this->userPHIDs);
}
return $where;
}
public function getQueryApplicationClass() {
return 'PhabricatorAuthApplication';
}
}