mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-11 16:16:14 +01:00
a837c3d73e
Summary: Ref T10603. This makes minor updates to temporary tokens: - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?). - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user. - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly). Test Plan: - Ran `bin/storage upgrade -f`, got a clean upgrade. - Viewed one-time tokens. - Revoked one token. - Revoked all tokens. - Performed a one-time login. - Performed a password reset. - Added an MFA token. - Removed an MFA token. - Used a file token to view a file. - Verified file token was removed after viewing file. - Linked my account to an OAuth1 account (Twitter). Reviewers: chad Reviewed By: chad Maniphest Tasks: T10603 Differential Revision: https://secure.phabricator.com/D15478
110 lines
2.2 KiB
PHP
110 lines
2.2 KiB
PHP
<?php
|
|
|
|
final class PhabricatorAuthTemporaryTokenQuery
|
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
|
|
|
private $ids;
|
|
private $tokenResources;
|
|
private $tokenTypes;
|
|
private $userPHIDs;
|
|
private $expired;
|
|
private $tokenCodes;
|
|
|
|
public function withIDs(array $ids) {
|
|
$this->ids = $ids;
|
|
return $this;
|
|
}
|
|
|
|
public function withTokenResources(array $resources) {
|
|
$this->tokenResources = $resources;
|
|
return $this;
|
|
}
|
|
|
|
public function withTokenTypes(array $types) {
|
|
$this->tokenTypes = $types;
|
|
return $this;
|
|
}
|
|
|
|
public function withExpired($expired) {
|
|
$this->expired = $expired;
|
|
return $this;
|
|
}
|
|
|
|
public function withTokenCodes(array $codes) {
|
|
$this->tokenCodes = $codes;
|
|
return $this;
|
|
}
|
|
|
|
public function withUserPHIDs(array $phids) {
|
|
$this->userPHIDs = $phids;
|
|
return $this;
|
|
}
|
|
|
|
public function newResultObject() {
|
|
return new PhabricatorAuthTemporaryToken();
|
|
}
|
|
|
|
protected function loadPage() {
|
|
return $this->loadStandardPage($this->newResultObject());
|
|
}
|
|
|
|
protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
|
|
$where = parent::buildWhereClauseParts($conn);
|
|
|
|
if ($this->ids !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'id IN (%Ld)',
|
|
$this->ids);
|
|
}
|
|
|
|
if ($this->tokenResources !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'tokenResource IN (%Ls)',
|
|
$this->tokenResources);
|
|
}
|
|
|
|
if ($this->tokenTypes !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'tokenType IN (%Ls)',
|
|
$this->tokenTypes);
|
|
}
|
|
|
|
if ($this->expired !== null) {
|
|
if ($this->expired) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'tokenExpires <= %d',
|
|
time());
|
|
} else {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'tokenExpires > %d',
|
|
time());
|
|
}
|
|
}
|
|
|
|
if ($this->tokenCodes !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'tokenCode IN (%Ls)',
|
|
$this->tokenCodes);
|
|
}
|
|
|
|
if ($this->userPHIDs !== null) {
|
|
$where[] = qsprintf(
|
|
$conn,
|
|
'userPHID IN (%Ls)',
|
|
$this->userPHIDs);
|
|
}
|
|
|
|
return $where;
|
|
}
|
|
|
|
public function getQueryApplicationClass() {
|
|
return 'PhabricatorAuthApplication';
|
|
}
|
|
|
|
}
|