Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/phabricator
 Path: blob/master/src/applications/conduit/method/ConduitGetCertificateConduitAPIMethod.php
12256 views
1
<?php

2


3
final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {

4


5
  public function getAPIMethodName() {

6
    return 'conduit.getcertificate';

7
  }

8


9
  public function shouldRequireAuthentication() {

10
    return false;

11
  }

12


13
  public function shouldAllowUnguardedWrites() {

14
    // This method performs logging and is on the authentication pathway.

15
    return true;

16
  }

17


18
  public function getMethodDescription() {

19
    return pht('Retrieve certificate information for a user.');

20
  }

21


22
  protected function defineParamTypes() {

23
    return array(

24
      'token' => 'required string',

25
      'host'  => 'required string',

26
    );

27
  }

28


29
  protected function defineReturnType() {

30
    return 'dict<string, any>';

31
  }

32


33
  protected function defineErrorTypes() {

34
    return array(

35
      'ERR-BAD-TOKEN' => pht('Token does not exist or has expired.'),

36
      'ERR-RATE-LIMIT' => pht(

37
        'You have made too many invalid token requests recently. Wait before '.

38
        'making more.'),

39
    );

40
  }

41


42
  protected function execute(ConduitAPIRequest $request) {

43
    $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(

44
      PhabricatorConduitCertificateFailureUserLogType::LOGTYPE,

45
      60 * 5);

46


47
    if (count($failed_attempts) > 5) {

48
      $this->logFailure($request);

49
      throw new ConduitException('ERR-RATE-LIMIT');

50
    }

51


52
    $token = $request->getValue('token');

53
    $info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(

54
      'token = %s',

55
      trim($token));

56


57
    if (!$info || $info->getDateCreated() < time() - (60 * 15)) {

58
      $this->logFailure($request, $info);

59
      throw new ConduitException('ERR-BAD-TOKEN');

60
    } else {

61
      $log = PhabricatorUserLog::initializeNewLog(

62
          $request->getUser(),

63
          $info->getUserPHID(),

64
          PhabricatorConduitCertificateUserLogType::LOGTYPE)

65
        ->save();

66
    }

67


68
    $user = id(new PhabricatorUser())->loadOneWhere(

69
      'phid = %s',

70
      $info->getUserPHID());

71
    if (!$user) {

72
      throw new Exception(pht('Certificate token points to an invalid user!'));

73
    }

74


75
    return array(

76
      'username'    => $user->getUserName(),

77
      'certificate' => $user->getConduitCertificate(),

78
    );

79
  }

80


81
  private function logFailure(

82
    ConduitAPIRequest $request,

83
    PhabricatorConduitCertificateToken $info = null) {

84


85
    $log = PhabricatorUserLog::initializeNewLog(

86
        $request->getUser(),

87
        $info ? $info->getUserPHID() : '-',

88
        PhabricatorConduitCertificateFailureUserLogType::LOGTYPE)

89
      ->save();

90
  }

91


92
}

93


94