[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
   4    implements PhabricatorPolicyInterface {
   5  
   6    // TODO: OAuth1 stores a client identifier here, which is not a real PHID.
   7    // At some point, we should rename this column to be a little more generic.
   8    protected $objectPHID;
   9  
  10    protected $tokenType;
  11    protected $tokenExpires;
  12    protected $tokenCode;
  13  
  14    public function getConfiguration() {
  15      return array(
  16        self::CONFIG_TIMESTAMPS => false,
  17        self::CONFIG_COLUMN_SCHEMA => array(
  18          'tokenType' => 'text64',
  19          'tokenExpires' => 'epoch',
  20          'tokenCode' => 'text64',
  21        ),
  22        self::CONFIG_KEY_SCHEMA => array(
  23          'key_token' => array(
  24            'columns' => array('objectPHID', 'tokenType', 'tokenCode'),
  25            'unique' => true,
  26          ),
  27          'key_expires' => array(
  28            'columns' => array('tokenExpires'),
  29          ),
  30        ),
  31      ) + parent::getConfiguration();
  32    }
  33  
  34    public function getTokenReadableTypeName() {
  35      // Eventually, it would be nice to let applications implement token types
  36      // so we can put this in modular subclasses.
  37      switch ($this->tokenType) {
  38        case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
  39          return pht('One-Time Login Token');
  40        case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
  41          return pht('Password Reset Token');
  42      }
  43  
  44      return $this->tokenType;
  45    }
  46  
  47    public function isRevocable() {
  48      if ($this->tokenExpires < time()) {
  49        return false;
  50      }
  51  
  52      switch ($this->tokenType) {
  53        case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
  54        case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
  55          return true;
  56      }
  57  
  58      return false;
  59    }
  60  
  61    public function revokeToken() {
  62      if ($this->isRevocable()) {
  63        $this->setTokenExpires(PhabricatorTime::getNow() - 1)->save();
  64      }
  65      return $this;
  66    }
  67  
  68    public static function revokeTokens(
  69      PhabricatorUser $viewer,
  70      array $object_phids,
  71      array $token_types) {
  72  
  73      $tokens = id(new PhabricatorAuthTemporaryTokenQuery())
  74        ->setViewer($viewer)
  75        ->withObjectPHIDs($object_phids)
  76        ->withTokenTypes($token_types)
  77        ->withExpired(false)
  78        ->execute();
  79  
  80      foreach ($tokens as $token) {
  81        $token->revokeToken();
  82      }
  83    }
  84  
  85  /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
  86  
  87  
  88    public function getCapabilities() {
  89      return array(
  90        PhabricatorPolicyCapability::CAN_VIEW,
  91      );
  92    }
  93  
  94    public function getPolicy($capability) {
  95      // We're just implement this interface to get access to the standard
  96      // query infrastructure.
  97      return PhabricatorPolicies::getMostOpenPolicy();
  98    }
  99  
 100    public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
 101      return false;
 102    }
 103  
 104    public function describeAutomaticCapability($capability) {
 105      return null;
 106    }
 107  
 108  }