phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 04:20:55 +01:00

No description

Find a file

epriestley e55522cade Implement "auth.logout" Conduit API method Summary: Ref T7303. Ref T7673. This implements an "auth.logout" which: - terminates all web sessions; - terminates the current OAuth token if called via OAuth; and - may always be called via OAuth. (Since it consumes an OAuth token, even a "malicious" OAuth application can't really be that much of a jerk with this: it can't continuously log you out, since calling the method once kills the token. The application would need to ask your permission again to get a fresh token.) The primary goal here is to let Phacility instances call this against the Phacility upstream, so that when you log out of an instance it also logs you out of your Phacility account (possibly with a checkbox or something). This also smooths over the session token code. Before this change, your sessions would get logged out but when you reloaded we'd tell you your session was invalid. Instead, try to clear the invalid session before telling the user there's an issue. I think that ssentially 100% of invalid sessions are a result of something in this vein (e.g., forced logout via Settings) nowadays, since the session code is generally stable and sane and has been for a long time. Test Plan: - Called `auth.logout` via console, got a reasonable logout experience. - Called `auth.logout` via OAuth. - Tried to make another call, verified OAuth token had been invalidated. - Verified web session had been invalidated. Reviewers: chad Reviewed By: chad Maniphest Tasks: T7303, T7673 Differential Revision: https://secure.phabricator.com/D15594		2016-04-04 09:12:06 -07:00
bin	Provide `bin/nuance import` and ngram indexes for sources	2016-03-08 10:30:24 -08:00
conf	Mark some strings for translation	2015-06-09 23:06:52 +10:00
externals	Swap S3 to first-party client	2016-01-10 07:55:27 -08:00
resources	Fix Legalpad "Sign" box	2016-04-02 19:58:35 -07:00
scripts	Provide `bin/nuance import` and ngram indexes for sources	2016-03-08 10:30:24 -08:00
src	Implement "auth.logout" Conduit API method	2016-04-04 09:12:06 -07:00
support	Use AphrontRequestStream to read request input	2016-03-17 08:08:18 -07:00
webroot	Fix Legalpad "Sign" box	2016-04-02 19:58:35 -07:00
.arcconfig	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.arclint	Begin adding test coverage to GitHub Events API parsers	2016-03-09 09:30:07 -08:00
.arcunit	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.editorconfig	Fix text lint issues	2015-02-12 07:00:13 +11:00
.gitignore	Add custom Cows and Figlet directories to .gitignore	2015-10-08 20:23:05 -07:00
LICENSE	Fix text lint issues	2015-02-12 07:00:13 +11:00
NOTICE	Update Phabricator NOTICE file to reflect modern legal circumstances	2014-06-25 13:42:13 -07:00
README.md	Remove push to IRC from "readme.md" too	2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

reviewing and auditing source code;
hosting and browsing repositories;
tracking bugs;
managing projects;
conversing with team members;
assembling a party to venture forth;
writing stuff down and reading it later;
hiding stuff from coworkers; and
also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.