[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class ConduitGetCertificateConduitAPIMethod extends ConduitAPIMethod {
   4  
   5    public function getAPIMethodName() {
   6      return 'conduit.getcertificate';
   7    }
   8  
   9    public function shouldRequireAuthentication() {
  10      return false;
  11    }
  12  
  13    public function shouldAllowUnguardedWrites() {
  14      // This method performs logging and is on the authentication pathway.
  15      return true;
  16    }
  17  
  18    public function getMethodDescription() {
  19      return 'Retrieve certificate information for a user.';
  20    }
  21  
  22    public function defineParamTypes() {
  23      return array(
  24        'token' => 'required string',
  25        'host'  => 'required string',
  26      );
  27    }
  28  
  29    public function defineReturnType() {
  30      return 'dict<string, any>';
  31    }
  32  
  33    public function defineErrorTypes() {
  34      return array(
  35        'ERR-BAD-TOKEN' => 'Token does not exist or has expired.',
  36        'ERR-RATE-LIMIT' =>
  37          'You have made too many invalid token requests recently. Wait before '.
  38          'making more.',
  39      );
  40    }
  41  
  42    protected function execute(ConduitAPIRequest $request) {
  43      $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
  44        PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
  45        60 * 5);
  46  
  47      if (count($failed_attempts) > 5) {
  48        $this->logFailure($request);
  49        throw new ConduitException('ERR-RATE-LIMIT');
  50      }
  51  
  52      $token = $request->getValue('token');
  53      $info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
  54        'token = %s',
  55        trim($token));
  56  
  57      if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
  58        $this->logFailure($request, $info);
  59        throw new ConduitException('ERR-BAD-TOKEN');
  60      } else {
  61        $log = PhabricatorUserLog::initializeNewLog(
  62            $request->getUser(),
  63            $info->getUserPHID(),
  64            PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
  65          ->save();
  66      }
  67  
  68      $user = id(new PhabricatorUser())->loadOneWhere(
  69        'phid = %s',
  70        $info->getUserPHID());
  71      if (!$user) {
  72        throw new Exception('Certificate token points to an invalid user!');
  73      }
  74  
  75      return array(
  76        'username'    => $user->getUserName(),
  77        'certificate' => $user->getConduitCertificate(),
  78      );
  79    }
  80  
  81    private function logFailure(
  82      ConduitAPIRequest $request,
  83      PhabricatorConduitCertificateToken $info = null) {
  84  
  85      $log = PhabricatorUserLog::initializeNewLog(
  86          $request->getUser(),
  87          $info ? $info->getUserPHID() : '-',
  88          PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
  89        ->save();
  90    }
  91  
  92  }