@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Modularize temporary token types
Summary:
Ref T10603. For LFS, we need to issue a new type of temporary token.
This makes the temporary token code modular so applications can add new token types without modifying the Auth application.
(I'm moving slowly here because it impacts authentication.)
Test Plan:
- Used `bin/auth recover` to get a one-time token from the CLI.
- Used "Forgot your password?" to get a one-time token from the web UI.
- Followed the web UI token to initiate a password reset, prompting generation of a password token.
- Viewed these tokens in the web UI:
{F1176908}
- Revoked a token.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T10603
Differential Revision: https://secure.phabricator.com/D15475
+81
-11
+6
src/__phutil_library_map__.php
+6
src/__phutil_library_map__.php
···
1816
1816
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
1817
1817
'PhabricatorAuthOldOAuthRedirectController' => 'applications/auth/controller/PhabricatorAuthOldOAuthRedirectController.php',
1818
1818
'PhabricatorAuthOneTimeLoginController' => 'applications/auth/controller/PhabricatorAuthOneTimeLoginController.php',
1819
+
'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php',
1820
+
'PhabricatorAuthPasswordResetTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php',
1819
1821
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
1820
1822
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
1821
1823
'PhabricatorAuthProviderConfigController' => 'applications/auth/controller/config/PhabricatorAuthProviderConfigController.php',
···
1844
1846
'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php',
1845
1847
'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php',
1846
1848
'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php',
1849
+
'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php',
1847
1850
'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php',
1848
1851
'PhabricatorAuthTryFactorAction' => 'applications/auth/action/PhabricatorAuthTryFactorAction.php',
1849
1852
'PhabricatorAuthUnlinkController' => 'applications/auth/controller/PhabricatorAuthUnlinkController.php',
···
6123
6126
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
6124
6127
'PhabricatorAuthOldOAuthRedirectController' => 'PhabricatorAuthController',
6125
6128
'PhabricatorAuthOneTimeLoginController' => 'PhabricatorAuthController',
6129
+
'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
6130
+
'PhabricatorAuthPasswordResetTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType',
6126
6131
'PhabricatorAuthProvider' => 'Phobject',
6127
6132
'PhabricatorAuthProviderConfig' => array(
6128
6133
'PhabricatorAuthDAO',
···
6165
6170
),
6166
6171
'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector',
6167
6172
'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
6173
+
'PhabricatorAuthTemporaryTokenType' => 'Phobject',
6168
6174
'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController',
6169
6175
'PhabricatorAuthTryFactorAction' => 'PhabricatorSystemAction',
6170
6176
'PhabricatorAuthUnlinkController' => 'PhabricatorAuthController',
+17
-11
src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
+17
-11
src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
···
31
31
) + parent::getConfiguration();
32
32
}
33
33
34
+
private function newTokenTypeImplementation() {
35
+
$types = PhabricatorAuthTemporaryTokenType::getAllTypes();
36
+
37
+
$type = idx($types, $this->tokenType);
38
+
if ($type) {
39
+
return clone $type;
40
+
}
41
+
42
+
return null;
43
+
}
44
+
34
45
public function getTokenReadableTypeName() {
35
-
// Eventually, it would be nice to let applications implement token types
36
-
// so we can put this in modular subclasses.
37
-
switch ($this->tokenType) {
38
-
case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
39
-
return pht('One-Time Login Token');
40
-
case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
41
-
return pht('Password Reset Token');
46
+
$type = $this->newTokenTypeImplementation();
47
+
if ($type) {
48
+
return $type->getTokenReadableTypeName($this);
42
49
}
43
50
44
51
return $this->tokenType;
···
49
56
return false;
50
57
}
51
58
52
-
switch ($this->tokenType) {
53
-
case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
54
-
case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
55
-
return true;
59
+
$type = $this->newTokenTypeImplementation();
60
+
if ($type) {
61
+
return $type->isTokenRevocable($this);
56
62
}
57
63
58
64
return false;
+17
src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
+17
src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthOneTimeLoginTemporaryTokenType
4
+
extends PhabricatorAuthTemporaryTokenType {
5
+
6
+
const TOKENTYPE = 'login:onetime';
7
+
8
+
public function getTokenReadableTypeName(
9
+
PhabricatorAuthTemporaryToken $token) {
10
+
return pht('One-Time Login Token');
11
+
}
12
+
13
+
public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
14
+
return true;
15
+
}
16
+
17
+
}
+17
src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
+17
src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthPasswordResetTemporaryTokenType
4
+
extends PhabricatorAuthTemporaryTokenType {
5
+
6
+
const TOKENTYPE = 'login:password';
7
+
8
+
public function getTokenReadableTypeName(
9
+
PhabricatorAuthTemporaryToken $token) {
10
+
return pht('Password Reset Token');
11
+
}
12
+
13
+
public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
14
+
return true;
15
+
}
16
+
17
+
}
+24
src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
+24
src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
···
1
+
<?php
2
+
3
+
abstract class PhabricatorAuthTemporaryTokenType
4
+
extends Phobject {
5
+
6
+
abstract public function getTokenReadableTypeName(
7
+
PhabricatorAuthTemporaryToken $token);
8
+
9
+
public function isTokenRevocable(PhabricatorAuthTemporaryToken $token) {
10
+
return false;
11
+
}
12
+
13
+
final public function getTokenTypeConstant() {
14
+
return $this->getPhobjectClassConstant('TOKENTYPE', 64);
15
+
}
16
+
17
+
final public static function getAllTypes() {
18
+
return id(new PhutilClassMapQuery())
19
+
->setAncestorClass(__CLASS__)
20
+
->setUniqueMethod('getTokenTypeConstant')
21
+
->execute();
22
+
}
23
+
24
+
}