mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-24 15:52:41 +01:00
023dee0d3b
Summary: Ref T5655. Rename Conduit classes and provide a `getAPIMethodName` method to declare the API method. Test Plan: ``` > echo '{}' | arc --conduit-uri='http://phabricator.joshuaspence.com' call-conduit user.whoami Waiting for JSON parameters on stdin... {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-lioqffnwn6y475mu5ndb","userName":"josh","realName":"Joshua Spence","image":"http:\/\/phabricator.joshuaspence.com\/res\/1404425321T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/phabricator.joshuaspence.com\/p\/josh\/","roles":["admin","verified","approved","activated"]}} ``` Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: epriestley, Korvin, hach-que Maniphest Tasks: T5655 Differential Revision: https://secure.phabricator.com/D9991
92 lines
2.4 KiB
PHP
92 lines
2.4 KiB
PHP
<?php
|
|
|
|
final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {
|
|
|
|
public function getAPIMethodName() {
|
|
return 'conduit.getcertificate';
|
|
}
|
|
|
|
public function shouldRequireAuthentication() {
|
|
return false;
|
|
}
|
|
|
|
public function shouldAllowUnguardedWrites() {
|
|
// This method performs logging and is on the authentication pathway.
|
|
return true;
|
|
}
|
|
|
|
public function getMethodDescription() {
|
|
return 'Retrieve certificate information for a user.';
|
|
}
|
|
|
|
public function defineParamTypes() {
|
|
return array(
|
|
'token' => 'required string',
|
|
'host' => 'required string',
|
|
);
|
|
}
|
|
|
|
public function defineReturnType() {
|
|
return 'dict<string, any>';
|
|
}
|
|
|
|
public function defineErrorTypes() {
|
|
return array(
|
|
'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',
|
|
'ERR-RATE-LIMIT' =>
|
|
'You have made too many invalid token requests recently. Wait before '.
|
|
'making more.',
|
|
);
|
|
}
|
|
|
|
protected function execute(ConduitAPIRequest $request) {
|
|
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
|
|
60 * 5);
|
|
|
|
if (count($failed_attempts) > 5) {
|
|
$this->logFailure($request);
|
|
throw new ConduitException('ERR-RATE-LIMIT');
|
|
}
|
|
|
|
$token = $request->getValue('token');
|
|
$info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
|
|
'token = %s',
|
|
trim($token));
|
|
|
|
if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
|
|
$this->logFailure($request, $info);
|
|
throw new ConduitException('ERR-BAD-TOKEN');
|
|
} else {
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$request->getUser(),
|
|
$info->getUserPHID(),
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
|
|
->save();
|
|
}
|
|
|
|
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
'phid = %s',
|
|
$info->getUserPHID());
|
|
if (!$user) {
|
|
throw new Exception('Certificate token points to an invalid user!');
|
|
}
|
|
|
|
return array(
|
|
'username' => $user->getUserName(),
|
|
'certificate' => $user->getConduitCertificate(),
|
|
);
|
|
}
|
|
|
|
private function logFailure(
|
|
ConduitAPIRequest $request,
|
|
PhabricatorConduitCertificateToken $info = null) {
|
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$request->getUser(),
|
|
$info ? $info->getUserPHID() : '-',
|
|
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
|
|
->save();
|
|
}
|
|
|
|
}
|