@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1<?php
2
3final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
4 implements PhabricatorPolicyInterface {
5
6 // NOTE: This is usually a PHID, but may be some other kind of resource
7 // identifier for some token types.
8 protected $tokenResource;
9 protected $tokenType;
10 protected $tokenExpires;
11 protected $tokenCode;
12 protected $userPHID;
13 protected $properties = array();
14
15 private $isNew = false;
16
17 protected function getConfiguration() {
18 return array(
19 self::CONFIG_TIMESTAMPS => false,
20 self::CONFIG_SERIALIZATION => array(
21 'properties' => self::SERIALIZATION_JSON,
22 ),
23 self::CONFIG_COLUMN_SCHEMA => array(
24 'tokenResource' => 'phid',
25 'tokenType' => 'text64',
26 'tokenExpires' => 'epoch',
27 'tokenCode' => 'text64',
28 'userPHID' => 'phid?',
29 ),
30 self::CONFIG_KEY_SCHEMA => array(
31 'key_token' => array(
32 'columns' => array('tokenResource', 'tokenType', 'tokenCode'),
33 'unique' => true,
34 ),
35 'key_expires' => array(
36 'columns' => array('tokenExpires'),
37 ),
38 'key_user' => array(
39 'columns' => array('userPHID'),
40 ),
41 ),
42 ) + parent::getConfiguration();
43 }
44
45 private function newTokenTypeImplementation() {
46 $types = PhabricatorAuthTemporaryTokenType::getAllTypes();
47
48 $type = idx($types, $this->tokenType);
49 if ($type) {
50 return clone $type;
51 }
52
53 return null;
54 }
55
56 public function getTokenReadableTypeName() {
57 $type = $this->newTokenTypeImplementation();
58 if ($type) {
59 return $type->getTokenReadableTypeName($this);
60 }
61
62 return $this->tokenType;
63 }
64
65 public function isRevocable() {
66 if ($this->tokenExpires < time()) {
67 return false;
68 }
69
70 $type = $this->newTokenTypeImplementation();
71 if ($type) {
72 return $type->isTokenRevocable($this);
73 }
74
75 return false;
76 }
77
78 public function revokeToken() {
79 if ($this->isRevocable()) {
80 $this->setTokenExpires(PhabricatorTime::getNow() - 1)->save();
81 }
82 return $this;
83 }
84
85 public static function revokeTokens(
86 PhabricatorUser $viewer,
87 array $token_resources,
88 array $token_types) {
89
90 $tokens = id(new PhabricatorAuthTemporaryTokenQuery())
91 ->setViewer($viewer)
92 ->withTokenResources($token_resources)
93 ->withTokenTypes($token_types)
94 ->withExpired(false)
95 ->execute();
96
97 foreach ($tokens as $token) {
98 $token->revokeToken();
99 }
100 }
101
102 public function getTemporaryTokenProperty($key, $default = null) {
103 return idx($this->properties, $key, $default);
104 }
105
106 public function setTemporaryTokenProperty($key, $value) {
107 $this->properties[$key] = $value;
108 return $this;
109 }
110
111 public function setShouldForceFullSession($force_full) {
112 return $this->setTemporaryTokenProperty('force-full-session', $force_full);
113 }
114
115 public function getShouldForceFullSession() {
116 return $this->getTemporaryTokenProperty('force-full-session', false);
117 }
118
119 public function setIsNewTemporaryToken($is_new) {
120 $this->isNew = $is_new;
121 return $this;
122 }
123
124 public function getIsNewTemporaryToken() {
125 return $this->isNew;
126 }
127
128
129/* -( PhabricatorPolicyInterface )----------------------------------------- */
130
131
132 public function getCapabilities() {
133 return array(
134 PhabricatorPolicyCapability::CAN_VIEW,
135 );
136 }
137
138 public function getPolicy($capability) {
139 // We're just implement this interface to get access to the standard
140 // query infrastructure.
141 return PhabricatorPolicies::getMostOpenPolicy();
142 }
143
144 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
145 return false;
146 }
147
148}