recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix logged-out Diffusion calls to Conduit

Summary:
Conduit doesn't currently have an analog to "shouldAllowPublic", so the recent policy checks added here caught legitimate Conduit calls when viewing Diffusion as a logged-out user.

Add `shouldAllowPublic()` and set it for all the Diffusion queries.

(More calls probably need this, but we can add it when we hit them.)

Test Plan: Looked at Diffusion as a logged-out user with public access enabled.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7380

epriestley 90b83d7a 7dd31a16

+20 -4
+11 -4
src/applications/conduit/call/ConduitCall.php
··· 86 86 87 87 $this->request->setUser($user); 88 88 89 - if ($this->shouldRequireAuthentication()) { 90 - // TODO: As per below, this should get centralized and cleaned up. 91 - if (!$user->isLoggedIn() && !$user->isOmnipotent()) { 92 - throw new ConduitException("ERR-INVALID-AUTH"); 89 + if (!$this->shouldRequireAuthentication()) { 90 + // No auth requirement here. 91 + } else { 92 + 93 + $allow_public = $this->handler->shouldAllowPublic() && 94 + PhabricatorEnv::getEnvConfig('policy.allow-public'); 95 + if (!$allow_public) { 96 + if (!$user->isLoggedIn() && !$user->isOmnipotent()) { 97 + // TODO: As per below, this should get centralized and cleaned up. 98 + throw new ConduitException("ERR-INVALID-AUTH"); 99 + } 93 100 } 94 101 95 102 // TODO: This would be slightly cleaner by just using a Query, but the
+4
src/applications/conduit/method/ConduitAPIMethod.php
··· 104 104 return true; 105 105 } 106 106 107 + public function shouldAllowPublic() { 108 + return false; 109 + } 110 + 107 111 public function shouldAllowUnguardedWrites() { 108 112 return false; 109 113 }
+5
src/applications/diffusion/conduit/ConduitAPI_diffusion_abstractquery_Method.php
··· 6 6 abstract class ConduitAPI_diffusion_abstractquery_Method 7 7 extends ConduitAPI_diffusion_Method { 8 8 9 + public function shouldAllowPublic() { 10 + return true; 11 + } 12 + 9 13 public function getMethodStatus() { 10 14 return self::METHOD_STATUS_UNSTABLE; 11 15 } 16 + 12 17 public function getMethodStatusDescription() { 13 18 return pht( 14 19 'See T2784 - migrating diffusion working copy calls to conduit methods. '.