recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Minor cleanup of some session code

Summary: Ref T4398. Add some documentation and use `phutil_units()`.

Test Plan:
- Established a web session.
- Established a conduit session.
- Entered and exited hisec.
- Used "Sessions" panel to examine results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8924

epriestley a04e138a e1469582

+52 -6
+50 -4
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
··· 1 1 <?php 2 2 3 3 /** 4 - * @task hisec High Security Mode 4 + * 5 + * @task use Using Sessions 6 + * @task new Creating Sessions 7 + * @task hisec High Security 8 + * @task partial Partial Sessions 5 9 */ 6 10 final class PhabricatorAuthSessionEngine extends Phobject { 7 11 ··· 60 64 } 61 65 62 66 67 + /** 68 + * Load the user identity associated with a session of a given type, 69 + * identified by token. 70 + * 71 + * When the user presents a session token to an API, this method verifies 72 + * it is of the correct type and loads the corresponding identity if the 73 + * session exists and is valid. 74 + * 75 + * NOTE: `$session_type` is the type of session that is required by the 76 + * loading context. This prevents use of a Conduit sesssion as a Web 77 + * session, for example. 78 + * 79 + * @param const The type of session to load. 80 + * @param string The session token. 81 + * @return PhabricatorUser|null 82 + * @task use 83 + */ 63 84 public function loadUserForSession($session_type, $session_token) { 64 85 $session_kind = self::getSessionKindFromToken($session_token); 65 86 switch ($session_kind) { ··· 211 232 } 212 233 213 234 235 + /* -( High Security )------------------------------------------------------ */ 236 + 237 + 214 238 /** 215 239 * Require high security, or prompt the user to enter high security. 216 240 * ··· 222 246 * @param AphrontReqeust Current request. 223 247 * @param string URI to return the user to if they cancel. 224 248 * @return PhabricatorAuthHighSecurityToken Security token. 249 + * @task hisec 225 250 */ 226 251 public function requireHighSecuritySession( 227 252 PhabricatorUser $viewer, ··· 344 369 * @param PhabricatorAuthSession Session to issue a token for. 345 370 * @param bool Force token issue. 346 371 * @return PhabricatorAuthHighSecurityToken|null Token, if authorized. 372 + * @task hisec 347 373 */ 348 374 private function issueHighSecurityToken( 349 375 PhabricatorAuthSession $session, ··· 353 379 if ($until > time() || $force) { 354 380 return new PhabricatorAuthHighSecurityToken(); 355 381 } 382 + 356 383 return null; 357 384 } 358 385 ··· 360 387 /** 361 388 * Render a form for providing relevant multi-factor credentials. 362 389 * 363 - * @param PhabricatorUser Viewing user. 364 - * @param AphrontRequest Current request. 365 - * @return AphrontFormView Renderable form. 390 + * @param PhabricatorUser Viewing user. 391 + * @param AphrontRequest Current request. 392 + * @return AphrontFormView Renderable form. 393 + * @task hisec 366 394 */ 367 395 public function renderHighSecurityForm( 368 396 array $factors, ··· 388 416 } 389 417 390 418 419 + /** 420 + * Strip the high security flag from a session. 421 + * 422 + * Kicks a session out of high security and logs the exit. 423 + * 424 + * @param PhabricatorUser Acting user. 425 + * @param PhabricatorAuthSession Session to return to normal security. 426 + * @return void 427 + * @task hisec 428 + */ 391 429 public function exitHighSecurity( 392 430 PhabricatorUser $viewer, 393 431 PhabricatorAuthSession $session) { 394 432 433 + if (!$session->getHighSecurityUntil()) { 434 + return; 435 + } 436 + 395 437 queryfx( 396 438 $session->establishConnection('w'), 397 439 'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d', ··· 406 448 } 407 449 408 450 451 + /* -( Partial Sessions )--------------------------------------------------- */ 452 + 453 + 409 454 /** 410 455 * Upgrade a partial session to a full session. 411 456 * 412 457 * @param PhabricatorAuthSession Session to upgrade. 413 458 * @return void 459 + * @task partial 414 460 */ 415 461 public function upgradePartialSession(PhabricatorUser $viewer) { 416 462 if (!$viewer->hasSession()) {
+2 -2
src/applications/auth/storage/PhabricatorAuthSession.php
··· 44 44 public static function getSessionTypeTTL($session_type) { 45 45 switch ($session_type) { 46 46 case self::TYPE_WEB: 47 - return (60 * 60 * 24 * 30); // 30 days 47 + return phutil_units('30 days in seconds'); 48 48 case self::TYPE_CONDUIT: 49 - return (60 * 60 * 24); // 24 hours 49 + return phutil_units('24 hours in seconds'); 50 50 default: 51 51 throw new Exception(pht('Unknown session type "%s".', $session_type)); 52 52 }