@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1<?php
2
3final class PhabricatorAuthSession extends PhabricatorAuthDAO
4 implements PhabricatorPolicyInterface {
5
6 const TYPE_WEB = 'web';
7 const TYPE_CONDUIT = 'conduit';
8
9 const SESSION_DIGEST_KEY = 'session.digest';
10
11 protected $userPHID;
12 protected $type;
13 protected $sessionKey;
14 protected $sessionStart;
15 protected $sessionExpires;
16 protected $highSecurityUntil;
17 protected $isPartial;
18 protected $signedLegalpadDocuments;
19
20 private $identityObject = self::ATTACHABLE;
21
22 public static function newSessionDigest(PhutilOpaqueEnvelope $session_token) {
23 return PhabricatorHash::digestWithNamedKey(
24 $session_token->openEnvelope(),
25 self::SESSION_DIGEST_KEY);
26 }
27
28 protected function getConfiguration() {
29 return array(
30 self::CONFIG_TIMESTAMPS => false,
31 self::CONFIG_AUX_PHID => true,
32 self::CONFIG_COLUMN_SCHEMA => array(
33 'type' => 'text32',
34 'sessionKey' => 'text64',
35 'sessionStart' => 'epoch',
36 'sessionExpires' => 'epoch',
37 'highSecurityUntil' => 'epoch?',
38 'isPartial' => 'bool',
39 'signedLegalpadDocuments' => 'bool',
40 ),
41 self::CONFIG_KEY_SCHEMA => array(
42 'sessionKey' => array(
43 'columns' => array('sessionKey'),
44 'unique' => true,
45 ),
46 'key_identity' => array(
47 'columns' => array('userPHID', 'type'),
48 ),
49 'key_expires' => array(
50 'columns' => array('sessionExpires'),
51 ),
52 ),
53 ) + parent::getConfiguration();
54 }
55
56 public function getApplicationName() {
57 // This table predates the "Auth" application, and really all applications.
58 return 'user';
59 }
60
61 public function getTableName() {
62 // This is a very old table with a nonstandard name.
63 return PhabricatorUser::SESSION_TABLE;
64 }
65
66 public function attachIdentityObject($identity_object) {
67 $this->identityObject = $identity_object;
68 return $this;
69 }
70
71 public function getIdentityObject() {
72 return $this->assertAttached($this->identityObject);
73 }
74
75 public static function getSessionTypeTTL($session_type, $is_partial) {
76 switch ($session_type) {
77 case self::TYPE_WEB:
78 if ($is_partial) {
79 return phutil_units('30 minutes in seconds');
80 } else {
81 return phutil_units('30 days in seconds');
82 }
83 case self::TYPE_CONDUIT:
84 return phutil_units('24 hours in seconds');
85 default:
86 throw new Exception(pht('Unknown session type "%s".', $session_type));
87 }
88 }
89
90 public function getPHIDType() {
91 return PhabricatorAuthSessionPHIDType::TYPECONST;
92 }
93
94 public function isHighSecuritySession() {
95 $until = $this->getHighSecurityUntil();
96
97 if (!$until) {
98 return false;
99 }
100
101 $now = PhabricatorTime::getNow();
102 if ($until < $now) {
103 return false;
104 }
105
106 return true;
107 }
108
109
110/* -( PhabricatorPolicyInterface )----------------------------------------- */
111
112
113 public function getCapabilities() {
114 return array(
115 PhabricatorPolicyCapability::CAN_VIEW,
116 );
117 }
118
119 public function getPolicy($capability) {
120 return PhabricatorPolicies::POLICY_NOONE;
121 }
122
123 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
124 if (!$viewer->getPHID()) {
125 return false;
126 }
127
128 $object = $this->getIdentityObject();
129 if ($object instanceof PhabricatorUser) {
130 return ($object->getPHID() == $viewer->getPHID());
131 } else if ($object instanceof PhabricatorExternalAccount) {
132 return ($object->getUserPHID() == $viewer->getPHID());
133 }
134
135 return false;
136 }
137
138 public function describeAutomaticCapability($capability) {
139 return pht('A session is visible only to its owner.');
140 }
141
142}