[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  final class PhabricatorUserLog extends PhabricatorUserDAO
   4    implements PhabricatorPolicyInterface {
   5  
   6    const ACTION_LOGIN          = 'login';
   7    const ACTION_LOGIN_PARTIAL  = 'login-partial';
   8    const ACTION_LOGIN_FULL     = 'login-full';
   9    const ACTION_LOGOUT         = 'logout';
  10    const ACTION_LOGIN_FAILURE  = 'login-fail';
  11    const ACTION_RESET_PASSWORD = 'reset-pass';
  12  
  13    const ACTION_CREATE         = 'create';
  14    const ACTION_EDIT           = 'edit';
  15  
  16    const ACTION_ADMIN          = 'admin';
  17    const ACTION_SYSTEM_AGENT   = 'system-agent';
  18    const ACTION_DISABLE        = 'disable';
  19    const ACTION_APPROVE        = 'approve';
  20    const ACTION_DELETE         = 'delete';
  21  
  22    const ACTION_CONDUIT_CERTIFICATE = 'conduit-cert';
  23    const ACTION_CONDUIT_CERTIFICATE_FAILURE = 'conduit-cert-fail';
  24  
  25    const ACTION_EMAIL_PRIMARY    = 'email-primary';
  26    const ACTION_EMAIL_REMOVE     = 'email-remove';
  27    const ACTION_EMAIL_ADD        = 'email-add';
  28    const ACTION_EMAIL_VERIFY     = 'email-verify';
  29  
  30    const ACTION_CHANGE_PASSWORD  = 'change-password';
  31    const ACTION_CHANGE_USERNAME  = 'change-username';
  32  
  33    const ACTION_ENTER_HISEC = 'hisec-enter';
  34    const ACTION_EXIT_HISEC = 'hisec-exit';
  35    const ACTION_FAIL_HISEC = 'hisec-fail';
  36  
  37    const ACTION_MULTI_ADD = 'multi-add';
  38    const ACTION_MULTI_REMOVE = 'multi-remove';
  39  
  40    protected $actorPHID;
  41    protected $userPHID;
  42    protected $action;
  43    protected $oldValue;
  44    protected $newValue;
  45    protected $details = array();
  46    protected $remoteAddr;
  47    protected $session;
  48  
  49    public static function getActionTypeMap() {
  50      return array(
  51        self::ACTION_LOGIN => pht('Login'),
  52        self::ACTION_LOGIN_PARTIAL => pht('Login: Partial Login'),
  53        self::ACTION_LOGIN_FULL => pht('Login: Upgrade to Full'),
  54        self::ACTION_LOGIN_FAILURE => pht('Login: Failure'),
  55        self::ACTION_LOGOUT => pht('Logout'),
  56        self::ACTION_RESET_PASSWORD => pht('Reset Password'),
  57        self::ACTION_CREATE => pht('Create Account'),
  58        self::ACTION_EDIT => pht('Edit Account'),
  59        self::ACTION_ADMIN => pht('Add/Remove Administrator'),
  60        self::ACTION_SYSTEM_AGENT => pht('Add/Remove System Agent'),
  61        self::ACTION_DISABLE => pht('Enable/Disable'),
  62        self::ACTION_APPROVE => pht('Approve Registration'),
  63        self::ACTION_DELETE => pht('Delete User'),
  64        self::ACTION_CONDUIT_CERTIFICATE
  65          => pht('Conduit: Read Certificate'),
  66        self::ACTION_CONDUIT_CERTIFICATE_FAILURE
  67          => pht('Conduit: Read Certificate Failure'),
  68        self::ACTION_EMAIL_PRIMARY => pht('Email: Change Primary'),
  69        self::ACTION_EMAIL_ADD => pht('Email: Add Address'),
  70        self::ACTION_EMAIL_REMOVE => pht('Email: Remove Address'),
  71        self::ACTION_EMAIL_VERIFY => pht('Email: Verify'),
  72        self::ACTION_CHANGE_PASSWORD => pht('Change Password'),
  73        self::ACTION_CHANGE_USERNAME => pht('Change Username'),
  74        self::ACTION_ENTER_HISEC => pht('Hisec: Enter'),
  75        self::ACTION_EXIT_HISEC => pht('Hisec: Exit'),
  76        self::ACTION_FAIL_HISEC => pht('Hisec: Failed Attempt'),
  77        self::ACTION_MULTI_ADD => pht('Multi-Factor: Add Factor'),
  78        self::ACTION_MULTI_REMOVE => pht('Multi-Factor: Remove Factor'),
  79      );
  80    }
  81  
  82  
  83    public static function initializeNewLog(
  84      PhabricatorUser $actor = null,
  85      $object_phid,
  86      $action) {
  87  
  88      $log = new PhabricatorUserLog();
  89  
  90      if ($actor) {
  91        $log->setActorPHID($actor->getPHID());
  92        if ($actor->hasSession()) {
  93          $session = $actor->getSession();
  94  
  95          // NOTE: This is a hash of the real session value, so it's safe to
  96          // store it directly in the logs.
  97          $log->setSession($session->getSessionKey());
  98        }
  99      }
 100  
 101      $log->setUserPHID((string)$object_phid);
 102      $log->setAction($action);
 103  
 104      $log->remoteAddr = idx($_SERVER, 'REMOTE_ADDR', '');
 105  
 106      return $log;
 107    }
 108  
 109    public static function loadRecentEventsFromThisIP($action, $timespan) {
 110      return id(new PhabricatorUserLog())->loadAllWhere(
 111        'action = %s AND remoteAddr = %s AND dateCreated > %d
 112          ORDER BY dateCreated DESC',
 113        $action,
 114        idx($_SERVER, 'REMOTE_ADDR'),
 115        time() - $timespan);
 116    }
 117  
 118    public function save() {
 119      $this->details['host'] = php_uname('n');
 120      $this->details['user_agent'] = AphrontRequest::getHTTPHeader('User-Agent');
 121  
 122      return parent::save();
 123    }
 124  
 125    public function getConfiguration() {
 126      return array(
 127        self::CONFIG_SERIALIZATION => array(
 128          'oldValue' => self::SERIALIZATION_JSON,
 129          'newValue' => self::SERIALIZATION_JSON,
 130          'details'  => self::SERIALIZATION_JSON,
 131        ),
 132        self::CONFIG_COLUMN_SCHEMA => array(
 133          'actorPHID' => 'phid?',
 134          'action' => 'text64',
 135          'remoteAddr' => 'text64',
 136          'session' => 'bytes40?',
 137        ),
 138        self::CONFIG_KEY_SCHEMA => array(
 139          'actorPHID' => array(
 140            'columns' => array('actorPHID', 'dateCreated'),
 141          ),
 142          'userPHID' => array(
 143            'columns' => array('userPHID', 'dateCreated'),
 144          ),
 145          'action' => array(
 146            'columns' => array('action', 'dateCreated'),
 147          ),
 148          'dateCreated' => array(
 149            'columns' => array('dateCreated'),
 150          ),
 151          'remoteAddr' => array(
 152            'columns' => array('remoteAddr', 'dateCreated'),
 153          ),
 154          'session' => array(
 155            'columns' => array('session', 'dateCreated'),
 156          ),
 157        ),
 158      ) + parent::getConfiguration();
 159    }
 160  
 161  
 162  /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
 163  
 164  
 165    public function getCapabilities() {
 166      return array(
 167        PhabricatorPolicyCapability::CAN_VIEW,
 168      );
 169    }
 170  
 171    public function getPolicy($capability) {
 172      switch ($capability) {
 173        case PhabricatorPolicyCapability::CAN_VIEW:
 174          return PhabricatorPolicies::POLICY_NOONE;
 175      }
 176    }
 177  
 178    public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
 179      if ($viewer->getIsAdmin()) {
 180        return true;
 181      }
 182  
 183      $viewer_phid = $viewer->getPHID();
 184      if ($viewer_phid) {
 185        $user_phid = $this->getUserPHID();
 186        if ($viewer_phid == $user_phid) {
 187          return true;
 188        }
 189  
 190        $actor_phid = $this->getActorPHID();
 191        if ($viewer_phid == $actor_phid) {
 192          return true;
 193        }
 194      }
 195  
 196      return false;
 197    }
 198  
 199    public function describeAutomaticCapability($capability) {
 200      return array(
 201        pht('Users can view their activity and activity that affects them.'),
 202        pht('Administrators can always view all activity.'),
 203      );
 204    }
 205  
 206  }