[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class PhabricatorAuthSession extends PhabricatorAuthDAO
   4    implements PhabricatorPolicyInterface {
   5  
   6    const TYPE_WEB      = 'web';
   7    const TYPE_CONDUIT  = 'conduit';
   8  
   9    protected $userPHID;
  10    protected $type;
  11    protected $sessionKey;
  12    protected $sessionStart;
  13    protected $sessionExpires;
  14    protected $highSecurityUntil;
  15    protected $isPartial;
  16  
  17    private $identityObject = self::ATTACHABLE;
  18  
  19    public function getConfiguration() {
  20      return array(
  21        self::CONFIG_TIMESTAMPS => false,
  22        self::CONFIG_COLUMN_SCHEMA => array(
  23          'type' => 'text32',
  24          'sessionKey' => 'bytes40',
  25          'sessionStart' => 'epoch',
  26          'sessionExpires' => 'epoch',
  27          'highSecurityUntil' => 'epoch?',
  28          'isPartial' => 'bool',
  29        ),
  30        self::CONFIG_KEY_SCHEMA => array(
  31          'sessionKey' => array(
  32            'columns' => array('sessionKey'),
  33            'unique' => true,
  34          ),
  35          'key_identity' => array(
  36            'columns' => array('userPHID', 'type'),
  37          ),
  38          'key_expires' => array(
  39            'columns' => array('sessionExpires'),
  40          ),
  41        ),
  42      ) + parent::getConfiguration();
  43    }
  44  
  45    public function getApplicationName() {
  46      // This table predates the "Auth" application, and really all applications.
  47      return 'user';
  48    }
  49  
  50    public function getTableName() {
  51      // This is a very old table with a nonstandard name.
  52      return PhabricatorUser::SESSION_TABLE;
  53    }
  54  
  55    public function attachIdentityObject($identity_object) {
  56      $this->identityObject = $identity_object;
  57      return $this;
  58    }
  59  
  60    public function getIdentityObject() {
  61      return $this->assertAttached($this->identityObject);
  62    }
  63  
  64    public static function getSessionTypeTTL($session_type) {
  65      switch ($session_type) {
  66        case self::TYPE_WEB:
  67          return phutil_units('30 days in seconds');
  68        case self::TYPE_CONDUIT:
  69          return phutil_units('24 hours in seconds');
  70        default:
  71          throw new Exception(pht('Unknown session type "%s".', $session_type));
  72      }
  73    }
  74  
  75  /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
  76  
  77  
  78    public function getCapabilities() {
  79      return array(
  80        PhabricatorPolicyCapability::CAN_VIEW,
  81      );
  82    }
  83  
  84    public function getPolicy($capability) {
  85      return PhabricatorPolicies::POLICY_NOONE;
  86    }
  87  
  88    public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
  89      if (!$viewer->getPHID()) {
  90        return false;
  91      }
  92  
  93      $object = $this->getIdentityObject();
  94      if ($object instanceof PhabricatorUser) {
  95        return ($object->getPHID() == $viewer->getPHID());
  96      } else if ($object instanceof PhabricatorExternalAccount) {
  97        return ($object->getUserPHID() == $viewer->getPHID());
  98      }
  99  
 100      return false;
 101    }
 102  
 103    public function describeAutomaticCapability($capability) {
 104      return pht('A session is visible only to its owner.');
 105    }
 106  
 107  }