Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/phabricator
 Path: blob/master/src/applications/auth/storage/PhabricatorAuthSession.php
12256 views
1
<?php

2


3
final class PhabricatorAuthSession extends PhabricatorAuthDAO

4
  implements PhabricatorPolicyInterface {

5


6
  const TYPE_WEB      = 'web';

7
  const TYPE_CONDUIT  = 'conduit';

8


9
  const SESSION_DIGEST_KEY = 'session.digest';

10


11
  protected $userPHID;

12
  protected $type;

13
  protected $sessionKey;

14
  protected $sessionStart;

15
  protected $sessionExpires;

16
  protected $highSecurityUntil;

17
  protected $isPartial;

18
  protected $signedLegalpadDocuments;

19


20
  private $identityObject = self::ATTACHABLE;

21


22
  public static function newSessionDigest(PhutilOpaqueEnvelope $session_token) {

23
    return PhabricatorHash::digestWithNamedKey(

24
      $session_token->openEnvelope(),

25
      self::SESSION_DIGEST_KEY);

26
  }

27


28
  protected function getConfiguration() {

29
    return array(

30
      self::CONFIG_TIMESTAMPS => false,

31
      self::CONFIG_AUX_PHID => true,

32
      self::CONFIG_COLUMN_SCHEMA => array(

33
        'type' => 'text32',

34
        'sessionKey' => 'text64',

35
        'sessionStart' => 'epoch',

36
        'sessionExpires' => 'epoch',

37
        'highSecurityUntil' => 'epoch?',

38
        'isPartial' => 'bool',

39
        'signedLegalpadDocuments' => 'bool',

40
      ),

41
      self::CONFIG_KEY_SCHEMA => array(

42
        'sessionKey' => array(

43
          'columns' => array('sessionKey'),

44
          'unique' => true,

45
        ),

46
        'key_identity' => array(

47
          'columns' => array('userPHID', 'type'),

48
        ),

49
        'key_expires' => array(

50
          'columns' => array('sessionExpires'),

51
        ),

52
      ),

53
    ) + parent::getConfiguration();

54
  }

55


56
  public function getApplicationName() {

57
    // This table predates the "Auth" application, and really all applications.

58
    return 'user';

59
  }

60


61
  public function getTableName() {

62
    // This is a very old table with a nonstandard name.

63
    return PhabricatorUser::SESSION_TABLE;

64
  }

65


66
  public function attachIdentityObject($identity_object) {

67
    $this->identityObject = $identity_object;

68
    return $this;

69
  }

70


71
  public function getIdentityObject() {

72
    return $this->assertAttached($this->identityObject);

73
  }

74


75
  public static function getSessionTypeTTL($session_type, $is_partial) {

76
    switch ($session_type) {

77
      case self::TYPE_WEB:

78
        if ($is_partial) {

79
          return phutil_units('30 minutes in seconds');

80
        } else {

81
          return phutil_units('30 days in seconds');

82
        }

83
      case self::TYPE_CONDUIT:

84
        return phutil_units('24 hours in seconds');

85
      default:

86
        throw new Exception(pht('Unknown session type "%s".', $session_type));

87
    }

88
  }

89


90
  public function getPHIDType() {

91
    return PhabricatorAuthSessionPHIDType::TYPECONST;

92
  }

93


94
  public function isHighSecuritySession() {

95
    $until = $this->getHighSecurityUntil();

96


97
    if (!$until) {

98
      return false;

99
    }

100


101
    $now = PhabricatorTime::getNow();

102
    if ($until < $now) {

103
      return false;

104
    }

105


106
    return true;

107
  }

108


109


110
/* -(  PhabricatorPolicyInterface  )----------------------------------------- */

111


112


113
  public function getCapabilities() {

114
    return array(

115
      PhabricatorPolicyCapability::CAN_VIEW,

116
    );

117
  }

118


119
  public function getPolicy($capability) {

120
    return PhabricatorPolicies::POLICY_NOONE;

121
  }

122


123
  public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {

124
    if (!$viewer->getPHID()) {

125
      return false;

126
    }

127


128
    $object = $this->getIdentityObject();

129
    if ($object instanceof PhabricatorUser) {

130
      return ($object->getPHID() == $viewer->getPHID());

131
    } else if ($object instanceof PhabricatorExternalAccount) {

132
      return ($object->getUserPHID() == $viewer->getPHID());

133
    }

134


135
    return false;

136
  }

137


138
  public function describeAutomaticCapability($capability) {

139
    return pht('A session is visible only to its owner.');

140
  }

141


142
}

143


144