No OneTemporary
Actions

Size

58 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	index 98ec8b744a..4ce86e8f97 100644
	--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	@@ -1,856 +1,912 @@
	<?php

	/**
	*
	* @task use Using Sessions
	* @task new Creating Sessions
	* @task hisec High Security
	* @task partial Partial Sessions
	* @task onetime One Time Login URIs
	* @task cache User Cache
	*/
	final class PhabricatorAuthSessionEngine extends Phobject {

	/**
	* Session issued to normal users after they login through a standard channel.
	* Associates the client with a standard user identity.
	*/
	const KIND_USER = 'U';


	/**
	* Session issued to users who login with some sort of credentials but do not
	* have full accounts. These are sometimes called "grey users".
	*
	* TODO: We do not currently issue these sessions, see T4310.
	*/
	const KIND_EXTERNAL = 'X';


	/**
	* Session issued to logged-out users which has no real identity information.
	* Its purpose is to protect logged-out users from CSRF.
	*/
	const KIND_ANONYMOUS = 'A';


	/**
	* Session kind isn't known.
	*/
	const KIND_UNKNOWN = '?';


	const ONETIME_RECOVER = 'recover';
	const ONETIME_RESET = 'reset';
	const ONETIME_WELCOME = 'welcome';
	const ONETIME_USERNAME = 'rename';


	/**
	* Get the session kind (e.g., anonymous, user, external account) from a
	* session token. Returns a `KIND_` constant.
	*
	* @param string Session token.
	* @return const Session kind constant.
	*/
	public static function getSessionKindFromToken($session_token) {
	if (strpos($session_token, '/') === false) {
	// Old-style session, these are all user sessions.
	return self::KIND_USER;
	}

	list($kind, $key) = explode('/', $session_token, 2);

	switch ($kind) {
	case self::KIND_ANONYMOUS:
	case self::KIND_USER:
	case self::KIND_EXTERNAL:
	return $kind;
	default:
	return self::KIND_UNKNOWN;
	}
	}


	/**
	* Load the user identity associated with a session of a given type,
	* identified by token.
	*
	* When the user presents a session token to an API, this method verifies
	* it is of the correct type and loads the corresponding identity if the
	* session exists and is valid.
	*
	* NOTE: `$session_type` is the type of session that is required by the
	* loading context. This prevents use of a Conduit sesssion as a Web
	* session, for example.
	*
	* @param const The type of session to load.
	* @param string The session token.
	* @return PhabricatorUser\|null
	* @task use
	*/
	public function loadUserForSession($session_type, $session_token) {
	$session_kind = self::getSessionKindFromToken($session_token);
	switch ($session_kind) {
	case self::KIND_ANONYMOUS:
	// Don't bother trying to load a user for an anonymous session, since
	// neither the session nor the user exist.
	return null;
	case self::KIND_UNKNOWN:
	// If we don't know what kind of session this is, don't go looking for
	// it.
	return null;
	case self::KIND_USER:
	break;
	case self::KIND_EXTERNAL:
	// TODO: Implement these (T4310).
	return null;
	}

	$session_table = new PhabricatorAuthSession();
	$user_table = new PhabricatorUser();
	$conn_r = $session_table->establishConnection('r');
	$session_key = PhabricatorHash::weakDigest($session_token);

	$cache_parts = $this->getUserCacheQueryParts($conn_r);
	list($cache_selects, $cache_joins, $cache_map, $types_map) = $cache_parts;

	$info = queryfx_one(
	$conn_r,
	'SELECT
	s.id AS s_id,
	s.sessionExpires AS s_sessionExpires,
	s.sessionStart AS s_sessionStart,
	s.highSecurityUntil AS s_highSecurityUntil,
	s.isPartial AS s_isPartial,
	s.signedLegalpadDocuments as s_signedLegalpadDocuments,
	u.*
	%Q
	FROM %T u JOIN %T s ON u.phid = s.userPHID
	AND s.type = %s AND s.sessionKey = %P %Q',
	$cache_selects,
	$user_table->getTableName(),
	$session_table->getTableName(),
	$session_type,
	new PhutilOpaqueEnvelope($session_key),
	$cache_joins);

	if (!$info) {
	return null;
	}

	$session_dict = array(
	'userPHID' => $info['phid'],
	'sessionKey' => $session_key,
	'type' => $session_type,
	);

	$cache_raw = array_fill_keys($cache_map, null);
	foreach ($info as $key => $value) {
	if (strncmp($key, 's_', 2) === 0) {
	unset($info[$key]);
	$session_dict[substr($key, 2)] = $value;
	continue;
	}

	if (isset($cache_map[$key])) {
	unset($info[$key]);
	$cache_raw[$cache_map[$key]] = $value;
	continue;
	}
	}

	$user = $user_table->loadFromArray($info);

	$cache_raw = $this->filterRawCacheData($user, $types_map, $cache_raw);
	$user->attachRawCacheData($cache_raw);

	switch ($session_type) {
	case PhabricatorAuthSession::TYPE_WEB:
	// Explicitly prevent bots and mailing lists from establishing web
	// sessions. It's normally impossible to attach authentication to these
	// accounts, and likewise impossible to generate sessions, but it's
	// technically possible that a session could exist in the database. If
	// one does somehow, refuse to load it.
	if (!$user->canEstablishWebSessions()) {
	return null;
	}
	break;
	}

	$session = id(new PhabricatorAuthSession())->loadFromArray($session_dict);

	$ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	// If more than 20% of the time on this session has been used, refresh the
	// TTL back up to the full duration. The idea here is that sessions are
	// good forever if used regularly, but get GC'd when they fall out of use.

	// NOTE: If we begin rotating session keys when extending sessions, the
	// CSRF code needs to be updated so CSRF tokens survive session rotation.

	if (time() + (0.80 * $ttl) > $session->getSessionExpires()) {
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$conn_w = $session_table->establishConnection('w');
	queryfx(
	$conn_w,
	'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d',
	$session->getTableName(),
	$ttl,
	$session->getID());
	unset($unguarded);
	}

	$user->attachSession($session);
	return $user;
	}


	/**
	* Issue a new session key for a given identity. Phabricator supports
	* different types of sessions (like "web" and "conduit") and each session
	* type may have multiple concurrent sessions (this allows a user to be
	* logged in on multiple browsers at the same time, for instance).
	*
	* Note that this method is transport-agnostic and does not set cookies or
	* issue other types of tokens, it ONLY generates a new session key.
	*
	* You can configure the maximum number of concurrent sessions for various
	* session types in the Phabricator configuration.
	*
	* @param const Session type constant (see
	* @{class:PhabricatorAuthSession}).
	* @param phid\|null Identity to establish a session for, usually a user
	* PHID. With `null`, generates an anonymous session.
	* @param bool True to issue a partial session.
	* @return string Newly generated session key.
	*/
	public function establishSession($session_type, $identity_phid, $partial) {
	// Consume entropy to generate a new session key, forestalling the eventual
	// heat death of the universe.
	$session_key = Filesystem::readRandomCharacters(40);

	if ($identity_phid === null) {
	return self::KIND_ANONYMOUS.'/'.$session_key;
	}

	$session_table = new PhabricatorAuthSession();
	$conn_w = $session_table->establishConnection('w');

	// This has a side effect of validating the session type.
	$session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	$digest_key = PhabricatorHash::weakDigest($session_key);

	// Logging-in users don't have CSRF stuff yet, so we have to unguard this
	// write.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthSession())
	->setUserPHID($identity_phid)
	->setType($session_type)
	->setSessionKey($digest_key)
	->setSessionStart(time())
	->setSessionExpires(time() + $session_ttl)
	->setIsPartial($partial ? 1 : 0)
	->setSignedLegalpadDocuments(0)
	->save();

	$log = PhabricatorUserLog::initializeNewLog(
	null,
	$identity_phid,
	($partial
	? PhabricatorUserLog::ACTION_LOGIN_PARTIAL
	: PhabricatorUserLog::ACTION_LOGIN));

	$log->setDetails(
	array(
	'session_type' => $session_type,
	));
	$log->setSession($digest_key);
	$log->save();
	unset($unguarded);

	$info = id(new PhabricatorAuthSessionInfo())
	->setSessionType($session_type)
	->setIdentityPHID($identity_phid)
	->setIsPartial($partial);

	$extensions = PhabricatorAuthSessionEngineExtension::getAllExtensions();
	foreach ($extensions as $extension) {
	$extension->didEstablishSession($info);
	}

	return $session_key;
	}


	/**
	* Terminate all of a user's login sessions.
	*
	* This is used when users change passwords, linked accounts, or add
	* multifactor authentication.
	*
	* @param PhabricatorUser User whose sessions should be terminated.
	* @param string\|null Optionally, one session to keep. Normally, the current
	* login session.
	*
	* @return void
	*/
	public function terminateLoginSessions(
	PhabricatorUser $user,
	$except_session = null) {

	$sessions = id(new PhabricatorAuthSessionQuery())
	->setViewer($user)
	->withIdentityPHIDs(array($user->getPHID()))
	->execute();

	if ($except_session !== null) {
	$except_session = PhabricatorHash::weakDigest($except_session);
	}

	foreach ($sessions as $key => $session) {
	if ($except_session !== null) {
	$is_except = phutil_hashes_are_identical(
	$session->getSessionKey(),
	$except_session);
	if ($is_except) {
	continue;
	}
	}

	$session->delete();
	}
	}

	public function logoutSession(
	PhabricatorUser $user,
	PhabricatorAuthSession $session) {

	$log = PhabricatorUserLog::initializeNewLog(
	$user,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_LOGOUT);
	$log->save();

	$extensions = PhabricatorAuthSessionEngineExtension::getAllExtensions();
	foreach ($extensions as $extension) {
	$extension->didLogout($user, array($session));
	}

	$session->delete();
	}


	/* -( High Security )------------------------------------------------------ */


	+ /**
	+ * Require the user respond to a high security (MFA) check.
	+ *
	+ * This method differs from @{method:requireHighSecuritySession} in that it
	+ * does not upgrade the user's session as a side effect. This method is
	+ * appropriate for one-time checks.
	+ *
	+ * @param PhabricatorUser User whose session needs to be in high security.
	+ * @param AphrontReqeust Current request.
	+ * @param string URI to return the user to if they cancel.
	+ * @return PhabricatorAuthHighSecurityToken Security token.
	+ * @task hisec
	+ */
	+ public function requireHighSecurityToken(
	+ PhabricatorUser $viewer,
	+ AphrontRequest $request,
	+ $cancel_uri) {
	+
	+ return $this->newHighSecurityToken(
	+ $viewer,
	+ $request,
	+ $cancel_uri,
	+ false,
	+ false);
	+ }
	+
	+
	/**
	* Require high security, or prompt the user to enter high security.
	*
	* If the user's session is in high security, this method will return a
	* token. Otherwise, it will throw an exception which will eventually
	* be converted into a multi-factor authentication workflow.
	*
	+ * This method upgrades the user's session to high security for a short
	+ * period of time, and is appropriate if you anticipate they may need to
	+ * take multiple high security actions. To perform a one-time check instead,
	+ * use @{method:requireHighSecurityToken}.
	+ *
	* @param PhabricatorUser User whose session needs to be in high security.
	* @param AphrontReqeust Current request.
	* @param string URI to return the user to if they cancel.
	* @param bool True to jump partial sessions directly into high
	* security instead of just upgrading them to full
	* sessions.
	* @return PhabricatorAuthHighSecurityToken Security token.
	* @task hisec
	*/
	public function requireHighSecuritySession(
	PhabricatorUser $viewer,
	AphrontRequest $request,
	$cancel_uri,
	$jump_into_hisec = false) {

	+ return $this->newHighSecurityToken(
	+ $viewer,
	+ $request,
	+ $cancel_uri,
	+ false,
	+ true);
	+ }
	+
	+ private function newHighSecurityToken(
	+ PhabricatorUser $viewer,
	+ AphrontRequest $request,
	+ $cancel_uri,
	+ $jump_into_hisec,
	+ $upgrade_session) {
	+
	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Requiring a high-security session from a user with no session!'));
	}

	+ // TODO: If a user answers a "requireHighSecurityToken()" prompt and hits
	+ // a "requireHighSecuritySession()" prompt a short time later, the one-shot
	+ // token should be good enough to upgrade the session.
	+
	$session = $viewer->getSession();

	// Check if the session is already in high security mode.
	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	// Load the multi-factor auth sources attached to this account.
	$factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
	'userPHID = %s',
	$viewer->getPHID());

	// If the account has no associated multi-factor auth, just issue a token
	// without putting the session into high security mode. This is generally
	// easier for users. A minor but desirable side effect is that when a user
	// adds an auth factor, existing sessions won't get a free pass into hisec,
	// since they never actually got marked as hisec.
	if (!$factors) {
	return $this->issueHighSecurityToken($session, true);
	}

	// Check for a rate limit without awarding points, so the user doesn't
	// get partway through the workflow only to get blocked.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	0);

	$validation_results = array();
	if ($request->isHTTPPost()) {
	$request->validateCSRF();
	if ($request->getExists(AphrontRequest::TYPE_HISEC)) {

	// Limit factor verification rates to prevent brute force attacks.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	1);

	$ok = true;
	foreach ($factors as $factor) {
	$id = $factor->getID();
	$impl = $factor->requireImplementation();

	$validation_results[$id] = $impl->processValidateFactorForm(
	$factor,
	$viewer,
	$request);

	if (!$impl->isFactorValid($factor, $validation_results[$id])) {
	$ok = false;
	}
	}

	if ($ok) {
	// Give the user a credit back for a successful factor verification.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	-1);

	if ($session->getIsPartial() && !$jump_into_hisec) {
	// If we have a partial session and are not jumping directly into
	// hisec, just issue a token without putting it in high security
	// mode.
	return $this->issueHighSecurityToken($session, true);
	}

	+ // If we aren't upgrading the session itself, just issue a token.
	+ if (!$upgrade_session) {
	+ return $this->issueHighSecurityToken($session, true);
	+ }
	+
	$until = time() + phutil_units('15 minutes in seconds');
	$session->setHighSecurityUntil($until);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = %d WHERE id = %d',
	$session->getTableName(),
	$until,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_ENTER_HISEC);
	$log->save();
	} else {
	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_FAIL_HISEC);
	$log->save();
	}
	}
	}

	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	throw id(new PhabricatorAuthHighSecurityRequiredException())
	->setCancelURI($cancel_uri)
	->setFactors($factors)
	->setFactorValidationResults($validation_results);
	}


	/**
	* Issue a high security token for a session, if authorized.
	*
	* @param PhabricatorAuthSession Session to issue a token for.
	* @param bool Force token issue.
	* @return PhabricatorAuthHighSecurityToken\|null Token, if authorized.
	* @task hisec
	*/
	private function issueHighSecurityToken(
	PhabricatorAuthSession $session,
	$force = false) {

	if ($session->isHighSecuritySession() \|\| $force) {
	return new PhabricatorAuthHighSecurityToken();
	}

	return null;
	}


	/**
	* Render a form for providing relevant multi-factor credentials.
	*
	* @param PhabricatorUser Viewing user.
	* @param AphrontRequest Current request.
	* @return AphrontFormView Renderable form.
	* @task hisec
	*/
	public function renderHighSecurityForm(
	array $factors,
	array $validation_results,
	PhabricatorUser $viewer,
	AphrontRequest $request) {

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendRemarkupInstructions('');

	foreach ($factors as $factor) {
	$factor->requireImplementation()->renderValidateFactorForm(
	$factor,
	$form,
	$viewer,
	idx($validation_results, $factor->getID()));
	}

	$form->appendRemarkupInstructions('');

	return $form;
	}


	/**
	* Strip the high security flag from a session.
	*
	* Kicks a session out of high security and logs the exit.
	*
	* @param PhabricatorUser Acting user.
	* @param PhabricatorAuthSession Session to return to normal security.
	* @return void
	* @task hisec
	*/
	public function exitHighSecurity(
	PhabricatorUser $viewer,
	PhabricatorAuthSession $session) {

	if (!$session->getHighSecurityUntil()) {
	return;
	}

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',
	$session->getTableName(),
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_EXIT_HISEC);
	$log->save();
	}


	/* -( Partial Sessions )--------------------------------------------------- */


	/**
	* Upgrade a partial session to a full session.
	*
	* @param PhabricatorAuthSession Session to upgrade.
	* @return void
	* @task partial
	*/
	public function upgradePartialSession(PhabricatorUser $viewer) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Upgrading partial session of user with no session!'));
	}

	$session = $viewer->getSession();

	if (!$session->getIsPartial()) {
	throw new Exception(pht('Session is not partial!'));
	}

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$session->setIsPartial(0);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET isPartial = %d WHERE id = %d',
	$session->getTableName(),
	0,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_LOGIN_FULL);
	$log->save();
	unset($unguarded);
	}


	/* -( Legalpad Documents )-------------------------------------------------- */


	/**
	* Upgrade a session to have all legalpad documents signed.
	*
	* @param PhabricatorUser User whose session should upgrade.
	* @param array LegalpadDocument objects
	* @return void
	* @task partial
	*/
	public function signLegalpadDocuments(PhabricatorUser $viewer, array $docs) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Signing session legalpad documents of user with no session!'));
	}

	$session = $viewer->getSession();

	if ($session->getSignedLegalpadDocuments()) {
	throw new Exception(pht(
	'Session has already signed required legalpad documents!'));
	}

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$session->setSignedLegalpadDocuments(1);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET signedLegalpadDocuments = %d WHERE id = %d',
	$session->getTableName(),
	1,
	$session->getID());

	if (!empty($docs)) {
	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_LOGIN_LEGALPAD);
	$log->save();
	}
	unset($unguarded);
	}


	/* -( One Time Login URIs )------------------------------------------------ */


	/**
	* Retrieve a temporary, one-time URI which can log in to an account.
	*
	* These URIs are used for password recovery and to regain access to accounts
	* which users have been locked out of.
	*
	* @param PhabricatorUser User to generate a URI for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Optional context string for the URI. This is purely cosmetic
	* and used only to customize workflow and error messages.
	* @return string Login URI.
	* @task onetime
	*/
	public function getOneTimeLoginURI(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$type = self::ONETIME_RESET) {

	$key = Filesystem::readRandomCharacters(32);
	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);
	$onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE;

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthTemporaryToken())
	->setTokenResource($user->getPHID())
	->setTokenType($onetime_type)
	->setTokenExpires(time() + phutil_units('1 day in seconds'))
	->setTokenCode($key_hash)
	->save();
	unset($unguarded);

	$uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/';
	if ($email) {
	$uri = $uri.$email->getID().'/';
	}

	try {
	$uri = PhabricatorEnv::getProductionURI($uri);
	} catch (Exception $ex) {
	// If a user runs `bin/auth recover` before configuring the base URI,
	// just show the path. We don't have any way to figure out the domain.
	// See T4132.
	}

	return $uri;
	}


	/**
	* Load the temporary token associated with a given one-time login key.
	*
	* @param PhabricatorUser User to load the token for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Key user is presenting as a valid one-time login key.
	* @return PhabricatorAuthTemporaryToken\|null Token, if one exists.
	* @task onetime
	*/
	public function loadOneTimeLoginKey(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);
	$onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE;

	return id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($user)
	->withTokenResources(array($user->getPHID()))
	->withTokenTypes(array($onetime_type))
	->withTokenCodes(array($key_hash))
	->withExpired(false)
	->executeOne();
	}


	/**
	* Hash a one-time login key for storage as a temporary token.
	*
	* @param PhabricatorUser User this key is for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string The one time login key.
	* @return string Hash of the key.
	* task onetime
	*/
	private function getOneTimeLoginKeyHash(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$parts = array(
	$key,
	$user->getAccountSecret(),
	);

	if ($email) {
	$parts[] = $email->getVerificationCode();
	}

	return PhabricatorHash::weakDigest(implode(':', $parts));
	}


	/* -( User Cache )--------------------------------------------------------- */


	/**
	* @task cache
	*/
	private function getUserCacheQueryParts(AphrontDatabaseConnection $conn) {
	$cache_selects = array();
	$cache_joins = array();
	$cache_map = array();

	$keys = array();
	$types_map = array();

	$cache_types = PhabricatorUserCacheType::getAllCacheTypes();
	foreach ($cache_types as $cache_type) {
	foreach ($cache_type->getAutoloadKeys() as $autoload_key) {
	$keys[] = $autoload_key;
	$types_map[$autoload_key] = $cache_type;
	}
	}

	$cache_table = id(new PhabricatorUserCache())->getTableName();

	$cache_idx = 1;
	foreach ($keys as $key) {
	$join_as = 'ucache_'.$cache_idx;
	$select_as = 'ucache_'.$cache_idx.'_v';

	$cache_selects[] = qsprintf(
	$conn,
	'%T.cacheData %T',
	$join_as,
	$select_as);

	$cache_joins[] = qsprintf(
	$conn,
	'LEFT JOIN %T AS %T ON u.phid = %T.userPHID
	AND %T.cacheIndex = %s',
	$cache_table,
	$join_as,
	$join_as,
	$join_as,
	PhabricatorHash::digestForIndex($key));

	$cache_map[$select_as] = $key;

	$cache_idx++;
	}

	if ($cache_selects) {
	$cache_selects = qsprintf($conn, ', %LQ', $cache_selects);
	} else {
	$cache_selects = qsprintf($conn, '');
	}

	if ($cache_joins) {
	$cache_joins = qsprintf($conn, '%LJ', $cache_joins);
	} else {
	$cache_joins = qsprintf($conn, '');
	}

	return array($cache_selects, $cache_joins, $cache_map, $types_map);
	}

	private function filterRawCacheData(
	PhabricatorUser $user,
	array $types_map,
	array $cache_raw) {

	foreach ($cache_raw as $cache_key => $cache_data) {
	$type = $types_map[$cache_key];
	if ($type->shouldValidateRawCacheData()) {
	if (!$type->isRawCacheDataValid($user, $cache_key, $cache_data)) {
	unset($cache_raw[$cache_key]);
	}
	}
	}

	return $cache_raw;
	}

	public function willServeRequestForUser(PhabricatorUser $user) {
	// We allow the login user to generate any missing cache data inline.
	$user->setAllowInlineCacheGeneration(true);

	// Switch to the user's translation.
	PhabricatorEnv::setLocaleCode($user->getTranslation());

	$extensions = PhabricatorAuthSessionEngineExtension::getAllExtensions();
	foreach ($extensions as $extension) {
	$extension->willServeRequestForUser($user);
	}
	}

	}
	diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	index 1748dba452..8ef35e3493 100644
	--- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	+++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php
	@@ -1,701 +1,702 @@
	<?php

	final class LegalpadDocumentSignController extends LegalpadController {

	public function shouldAllowPublic() {
	return true;
	}

	public function shouldAllowLegallyNonCompliantUsers() {
	return true;
	}

	public function handleRequest(AphrontRequest $request) {
	$viewer = $request->getUser();

	$document = id(new LegalpadDocumentQuery())
	->setViewer($viewer)
	->withIDs(array($request->getURIData('id')))
	->needDocumentBodies(true)
	->executeOne();
	if (!$document) {
	return new Aphront404Response();
	}

	$information = $this->readSignerInformation(
	$document,
	$request);
	if ($information instanceof AphrontResponse) {
	return $information;
	}
	list($signer_phid, $signature_data) = $information;

	$signature = null;

	$type_individual = LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL;
	$is_individual = ($document->getSignatureType() == $type_individual);
	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// nothing to sign means this should be true
	$has_signed = true;
	// this is a status UI element
	$signed_status = null;
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($signer_phid) {
	// TODO: This is odd and should probably be adjusted after
	// grey/external accounts work better, but use the omnipotent
	// viewer to check for a signature so we can pick up
	// anonymous/grey signatures.

	$signature = id(new LegalpadDocumentSignatureQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withDocumentPHIDs(array($document->getPHID()))
	->withSignerPHIDs(array($signer_phid))
	->executeOne();

	if ($signature && !$viewer->isLoggedIn()) {
	return $this->newDialog()
	->setTitle(pht('Already Signed'))
	->appendParagraph(pht('You have already signed this document!'))
	->addCancelButton('/'.$document->getMonogram(), pht('Okay'));
	}
	}

	$signed_status = null;
	if (!$signature) {
	$has_signed = false;
	$signature = id(new LegalpadDocumentSignature())
	->setSignerPHID($signer_phid)
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	// If the user is logged in, show a notice that they haven't signed.
	// If they aren't logged in, we can't be as sure, so don't show
	// anything.
	if ($viewer->isLoggedIn()) {
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(
	array(
	pht('You have not signed this document yet.'),
	));
	}
	} else {
	$has_signed = true;
	$signature_data = $signature->getSignatureData();

	// In this case, we know they've signed.
	$signed_at = $signature->getDateCreated();

	if ($signature->getIsExemption()) {
	$exemption_phid = $signature->getExemptionPHID();
	$handles = $this->loadViewerHandles(array($exemption_phid));
	$exemption_handle = $handles[$exemption_phid];

	$signed_text = pht(
	'You do not need to sign this document. '.
	'%s added a signature exemption for you on %s.',
	$exemption_handle->renderLink(),
	phabricator_datetime($signed_at, $viewer));
	} else {
	$signed_text = pht(
	'You signed this document on %s.',
	phabricator_datetime($signed_at, $viewer));
	}

	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_NOTICE)
	->setErrors(array($signed_text));
	}

	$field_errors = array(
	'name' => true,
	'email' => true,
	'agree' => true,
	);
	$signature->setSignatureData($signature_data);
	break;

	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signature = id(new LegalpadDocumentSignature())
	->setDocumentPHID($document->getPHID())
	->setDocumentVersion($document->getVersions());

	if ($viewer->isLoggedIn()) {
	$has_signed = false;

	$signed_status = null;
	} else {
	// This just hides the form.
	$has_signed = true;

	$login_text = pht(
	'This document requires a corporate signatory. You must log in to '.
	'accept this document on behalf of a company you represent.');
	$signed_status = id(new PHUIInfoView())
	->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	->setErrors(array($login_text));
	}

	$field_errors = array(
	'name' => true,
	'address' => true,
	'contact.name' => true,
	'email' => true,
	);
	$signature->setSignatureData($signature_data);
	break;
	}

	$errors = array();
	+ $hisec_token = null;
	if ($request->isFormOrHisecPost() && !$has_signed) {

	// Require two-factor auth to sign legal documents.
	if ($viewer->isLoggedIn()) {
	- $engine = new PhabricatorAuthSessionEngine();
	- $engine->requireHighSecuritySession(
	- $viewer,
	- $request,
	- '/'.$document->getMonogram());
	+ $hisec_token = id(new PhabricatorAuthSessionEngine())
	+ ->requireHighSecurityToken(
	+ $viewer,
	+ $request,
	+ $document->getURI());
	}

	list($form_data, $errors, $field_errors) = $this->readSignatureForm(
	$document,
	$request);

	$signature_data = $form_data + $signature_data;

	$signature->setSignatureData($signature_data);
	$signature->setSignatureType($document->getSignatureType());
	$signature->setSignerName((string)idx($signature_data, 'name'));
	$signature->setSignerEmail((string)idx($signature_data, 'email'));

	$agree = $request->getExists('agree');
	if (!$agree) {
	$errors[] = pht(
	'You must check "I agree to the terms laid forth above."');
	$field_errors['agree'] = pht('Required');
	}

	if ($viewer->isLoggedIn() && $is_individual) {
	$verified = LegalpadDocumentSignature::VERIFIED;
	} else {
	$verified = LegalpadDocumentSignature::UNVERIFIED;
	}
	$signature->setVerified($verified);

	if (!$errors) {
	$signature->save();

	// If the viewer is logged in, signing for themselves, send them to
	// the document page, which will show that they have signed the
	// document. Unless of course they were required to sign the
	// document to use Phabricator; in that case try really hard to
	// re-direct them to where they wanted to go.
	//
	// Otherwise, send them to a completion page.
	if ($viewer->isLoggedIn() && $is_individual) {
	$next_uri = '/'.$document->getMonogram();
	if ($document->getRequireSignature()) {
	$request_uri = $request->getRequestURI();
	$next_uri = (string)$request_uri;
	}
	} else {
	$this->sendVerifySignatureEmail(
	$document,
	$signature);

	$next_uri = $this->getApplicationURI('done/');
	}

	return id(new AphrontRedirectResponse())->setURI($next_uri);
	}
	}

	$document_body = $document->getDocumentBody();
	$engine = id(new PhabricatorMarkupEngine())
	->setViewer($viewer);
	$engine->addObject(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);
	$engine->process();

	$document_markup = $engine->getOutput(
	$document_body,
	LegalpadDocumentBody::MARKUP_FIELD_TEXT);

	$title = $document_body->getTitle();

	$manage_uri = $this->getApplicationURI('view/'.$document->getID().'/');

	$can_edit = PhabricatorPolicyFilter::hasCapability(
	$viewer,
	$document,
	PhabricatorPolicyCapability::CAN_EDIT);

	// Use the last content update as the modified date. We don't want to
	// show that a document like a TOS was "updated" by an incidental change
	// to a field like the preamble or privacy settings which does not actually
	// affect the content of the agreement.
	$content_updated = $document_body->getDateCreated();

	// NOTE: We're avoiding `setPolicyObject()` here so we don't pick up
	// extra UI elements that are unnecessary and clutter the signature page.
	// These details are available on the "Manage" page.
	$header = id(new PHUIHeaderView())
	->setHeader($title)
	->setUser($viewer)
	->setEpoch($content_updated)
	->addActionLink(
	id(new PHUIButtonView())
	->setTag('a')
	->setIcon('fa-pencil')
	->setText(pht('Manage'))
	->setHref($manage_uri)
	->setDisabled(!$can_edit)
	->setWorkflow(!$can_edit));

	$preamble_box = null;
	if (strlen($document->getPreamble())) {
	$preamble_text = new PHUIRemarkupView($viewer, $document->getPreamble());

	// NOTE: We're avoiding `setObject()` here so we don't pick up extra UI
	// elements like "Subscribers". This information is available on the
	// "Manage" page, but just clutters up the "Signature" page.
	$preamble = id(new PHUIPropertyListView())
	->setUser($viewer)
	->addSectionHeader(pht('Preamble'))
	->addTextContent($preamble_text);

	$preamble_box = new PHUIPropertyGroupView();
	$preamble_box->addPropertyList($preamble);
	}

	$content = id(new PHUIDocumentView())
	->addClass('legalpad')
	->setHeader($header)
	->appendChild(
	array(
	$signed_status,
	$preamble_box,
	$document_markup,
	));

	$signature_box = null;
	if (!$has_signed) {
	$error_view = null;
	if ($errors) {
	$error_view = id(new PHUIInfoView())
	->setErrors($errors);
	}

	$signature_form = $this->buildSignatureForm(
	$document,
	$signature,
	$field_errors);

	switch ($document->getSignatureType()) {
	default:
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$box = id(new PHUIObjectBoxView())
	->addClass('document-sign-box')
	->setHeaderText(pht('Agree and Sign Document'))
	->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
	->setForm($signature_form);
	if ($error_view) {
	$box->setInfoView($error_view);
	}
	$signature_box = phutil_tag_div(
	'phui-document-view-pro-box plt', $box);
	break;
	}


	}

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->setBorder(true);
	$crumbs->addTextCrumb($document->getMonogram());

	$box = id(new PHUITwoColumnView())
	->setFooter($signature_box);

	return $this->newPage()
	->setTitle($title)
	->setCrumbs($crumbs)
	->setPageObjectPHIDs(array($document->getPHID()))
	->appendChild(array(
	$content,
	$box,
	));
	}

	private function readSignerInformation(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	$signer_phid = null;
	$signature_data = array();

	switch ($document->getSignatureType()) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	break;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	if ($viewer->isLoggedIn()) {
	$signer_phid = $viewer->getPHID();
	$signature_data = array(
	'name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	);
	} else if ($request->isFormPost()) {
	$email = new PhutilEmailAddress($request->getStr('email'));
	if (strlen($email->getDomainName())) {
	$email_obj = id(new PhabricatorUserEmail())
	->loadOneWhere('address = %s', $email->getAddress());
	if ($email_obj) {
	return $this->signInResponse();
	}
	$external_account = id(new PhabricatorExternalAccountQuery())
	->setViewer($viewer)
	->withAccountTypes(array('email'))
	->withAccountDomains(array($email->getDomainName()))
	->withAccountIDs(array($email->getAddress()))
	->loadOneOrCreate();
	if ($external_account->getUserPHID()) {
	return $this->signInResponse();
	}
	$signer_phid = $external_account->getPHID();
	}
	}
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$signer_phid = $viewer->getPHID();
	if ($signer_phid) {
	$signature_data = array(
	'contact.name' => $viewer->getRealName(),
	'email' => $viewer->loadPrimaryEmailAddress(),
	'actorPHID' => $viewer->getPHID(),
	);
	}
	break;
	}

	return array($signer_phid, $signature_data);
	}

	private function buildSignatureForm(
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$viewer = $this->getRequest()->getUser();
	$data = $signature->getSignatureData();

	$form = id(new AphrontFormView())
	->setUser($viewer);

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_NONE:
	// bail out of here quick
	return;
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$this->buildIndividualSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$this->buildCorporateSignatureForm(
	$form,
	$document,
	$signature,
	$errors);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	$form
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->setError(idx($errors, 'agree', null))
	->addCheckbox(
	'agree',
	'agree',
	pht('I agree to the terms laid forth above.'),
	false));
	if ($document->getRequireSignature()) {
	$cancel_uri = '/logout/';
	$cancel_text = pht('Log Out');
	} else {
	$cancel_uri = $this->getApplicationURI();
	$cancel_text = pht('Cancel');
	}
	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Sign Document'))
	->addCancelButton($cancel_uri, $cancel_text));

	return $form;
	}

	private function buildIndividualSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)));

	$viewer = $this->getRequest()->getUser();
	if (!$viewer->isLoggedIn()) {
	$form->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));
	}

	return $form;
	}

	private function buildCorporateSignatureForm(
	AphrontFormView $form,
	LegalpadDocument $document,
	LegalpadDocumentSignature $signature,
	array $errors) {

	$data = $signature->getSignatureData();

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Company Name'))
	->setValue(idx($data, 'name', ''))
	->setName('name')
	->setError(idx($errors, 'name', null)))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Company Address'))
	->setValue(idx($data, 'address', ''))
	->setName('address')
	->setError(idx($errors, 'address', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Name'))
	->setValue(idx($data, 'contact.name', ''))
	->setName('contact.name')
	->setError(idx($errors, 'contact.name', null)))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Contact Email'))
	->setValue(idx($data, 'email', ''))
	->setName('email')
	->setError(idx($errors, 'email', null)));

	return $form;
	}

	private function readSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_type = $document->getSignatureType();
	switch ($signature_type) {
	case LegalpadDocument::SIGNATURE_TYPE_INDIVIDUAL:
	$result = $this->readIndividualSignatureForm(
	$document,
	$request);
	break;
	case LegalpadDocument::SIGNATURE_TYPE_CORPORATION:
	$result = $this->readCorporateSignatureForm(
	$document,
	$request);
	break;
	default:
	throw new Exception(
	pht(
	'This document has an unknown signature type ("%s").',
	$signature_type));
	}

	return $result;
	}

	private function readIndividualSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$signature_data = array();
	$errors = array();
	$field_errors = array();


	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Name field is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$viewer = $request->getUser();
	if ($viewer->isLoggedIn()) {
	$email = $viewer->loadPrimaryEmailAddress();
	} else {
	$email = $request->getStr('email');

	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Email field is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function readCorporateSignatureForm(
	LegalpadDocument $document,
	AphrontRequest $request) {

	$viewer = $request->getUser();
	if (!$viewer->isLoggedIn()) {
	throw new Exception(
	pht(
	'You can not sign a document on behalf of a corporation unless '.
	'you are logged in.'));
	}

	$signature_data = array();
	$errors = array();
	$field_errors = array();

	$name = $request->getStr('name');

	if (!strlen($name)) {
	$field_errors['name'] = pht('Required');
	$errors[] = pht('Company name is required.');
	} else {
	$field_errors['name'] = null;
	}
	$signature_data['name'] = $name;

	$address = $request->getStr('address');
	if (!strlen($address)) {
	$field_errors['address'] = pht('Required');
	$errors[] = pht('Company address is required.');
	} else {
	$field_errors['address'] = null;
	}
	$signature_data['address'] = $address;

	$contact_name = $request->getStr('contact.name');
	if (!strlen($contact_name)) {
	$field_errors['contact.name'] = pht('Required');
	$errors[] = pht('Contact name is required.');
	} else {
	$field_errors['contact.name'] = null;
	}
	$signature_data['contact.name'] = $contact_name;

	$email = $request->getStr('email');
	$addr_obj = null;
	if (!strlen($email)) {
	$field_errors['email'] = pht('Required');
	$errors[] = pht('Contact email is required.');
	} else {
	$addr_obj = new PhutilEmailAddress($email);
	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	$field_errors['email'] = pht('Invalid');
	$errors[] = pht('A valid email is required.');
	} else {
	$field_errors['email'] = null;
	}
	}
	$signature_data['email'] = $email;

	return array($signature_data, $errors, $field_errors);
	}

	private function sendVerifySignatureEmail(
	LegalpadDocument $doc,
	LegalpadDocumentSignature $signature) {

	$signature_data = $signature->getSignatureData();
	$email = new PhutilEmailAddress($signature_data['email']);
	$doc_name = $doc->getTitle();
	$doc_link = PhabricatorEnv::getProductionURI('/'.$doc->getMonogram());
	$path = $this->getApplicationURI(sprintf(
	'/verify/%s/',
	$signature->getSecretKey()));
	$link = PhabricatorEnv::getProductionURI($path);

	$name = idx($signature_data, 'name');

	$body = pht(
	"%s:\n\n".
	"This email address was used to sign a Legalpad document ".
	"in Phabricator:\n\n".
	" %s\n\n".
	"Please verify you own this email address and accept the ".
	"agreement by clicking this link:\n\n".
	" %s\n\n".
	"Your signature is not valid until you complete this ".
	"verification step.\n\nYou can review the document here:\n\n".
	" %s\n",
	$name,
	$doc_name,
	$link,
	$doc_link);

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($email->getAddress()))
	->setSubject(pht('[Legalpad] Signature Verification'))
	->setForceDelivery(true)
	->setBody($body)
	->setRelatedPHID($signature->getDocumentPHID())
	->saveAndSend();
	}

	private function signInResponse() {
	return id(new Aphront403Response())
	->setForbiddenText(
	pht(
	'The email address specified is associated with an account. '.
	'Please login to that account and sign this document again.'));
	}

	}
	diff --git a/src/applications/legalpad/storage/LegalpadDocument.php b/src/applications/legalpad/storage/LegalpadDocument.php
	index 55d1ef9fa9..004802de39 100644
	--- a/src/applications/legalpad/storage/LegalpadDocument.php
	+++ b/src/applications/legalpad/storage/LegalpadDocument.php
	@@ -1,254 +1,254 @@
	<?php

	final class LegalpadDocument extends LegalpadDAO
	implements
	PhabricatorPolicyInterface,
	PhabricatorSubscribableInterface,
	PhabricatorApplicationTransactionInterface,
	PhabricatorDestructibleInterface {

	protected $title;
	protected $contributorCount;
	protected $recentContributorPHIDs = array();
	protected $creatorPHID;
	protected $versions;
	protected $documentBodyPHID;
	protected $viewPolicy;
	protected $editPolicy;
	protected $mailKey;
	protected $signatureType;
	protected $preamble;
	protected $requireSignature;

	const SIGNATURE_TYPE_NONE = 'none';
	const SIGNATURE_TYPE_INDIVIDUAL = 'user';
	const SIGNATURE_TYPE_CORPORATION = 'corp';

	private $documentBody = self::ATTACHABLE;
	private $contributors = self::ATTACHABLE;
	private $signatures = self::ATTACHABLE;
	private $userSignatures = array();

	public static function initializeNewDocument(PhabricatorUser $actor) {
	$app = id(new PhabricatorApplicationQuery())
	->setViewer($actor)
	->withClasses(array('PhabricatorLegalpadApplication'))
	->executeOne();

	$view_policy = $app->getPolicy(LegalpadDefaultViewCapability::CAPABILITY);
	$edit_policy = $app->getPolicy(LegalpadDefaultEditCapability::CAPABILITY);

	return id(new LegalpadDocument())
	->setVersions(0)
	->setCreatorPHID($actor->getPHID())
	->setContributorCount(0)
	->setRecentContributorPHIDs(array())
	->attachSignatures(array())
	->setSignatureType(self::SIGNATURE_TYPE_INDIVIDUAL)
	->setPreamble('')
	->setRequireSignature(0)
	->setViewPolicy($view_policy)
	->setEditPolicy($edit_policy);
	}

	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	self::CONFIG_SERIALIZATION => array(
	'recentContributorPHIDs' => self::SERIALIZATION_JSON,
	),
	self::CONFIG_COLUMN_SCHEMA => array(
	'title' => 'text255',
	'contributorCount' => 'uint32',
	'versions' => 'uint32',
	'mailKey' => 'bytes20',
	'signatureType' => 'text4',
	'preamble' => 'text',
	'requireSignature' => 'bool',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'key_creator' => array(
	'columns' => array('creatorPHID', 'dateModified'),
	),
	'key_required' => array(
	'columns' => array('requireSignature', 'dateModified'),
	),
	),
	) + parent::getConfiguration();
	}

	public function generatePHID() {
	return PhabricatorPHID::generateNewPHID(
	PhabricatorLegalpadDocumentPHIDType::TYPECONST);
	}

	public function getDocumentBody() {
	return $this->assertAttached($this->documentBody);
	}

	public function attachDocumentBody(LegalpadDocumentBody $body) {
	$this->documentBody = $body;
	return $this;
	}

	public function getContributors() {
	return $this->assertAttached($this->contributors);
	}

	public function attachContributors(array $contributors) {
	$this->contributors = $contributors;
	return $this;
	}

	public function getSignatures() {
	return $this->assertAttached($this->signatures);
	}

	public function attachSignatures(array $signatures) {
	$this->signatures = $signatures;
	return $this;
	}

	public function save() {
	if (!$this->getMailKey()) {
	$this->setMailKey(Filesystem::readRandomCharacters(20));
	}
	return parent::save();
	}

	public function getMonogram() {
	return 'L'.$this->getID();
	}

	- public function getViewURI() {
	+ public function getURI() {
	return '/'.$this->getMonogram();
	}

	public function getUserSignature($phid) {
	return $this->assertAttachedKey($this->userSignatures, $phid);
	}

	public function attachUserSignature(
	$user_phid,
	LegalpadDocumentSignature $signature = null) {
	$this->userSignatures[$user_phid] = $signature;
	return $this;
	}

	public static function getSignatureTypeMap() {
	return array(
	self::SIGNATURE_TYPE_INDIVIDUAL => pht('Individuals'),
	self::SIGNATURE_TYPE_CORPORATION => pht('Corporations'),
	self::SIGNATURE_TYPE_NONE => pht('No One'),
	);
	}

	public function getSignatureTypeName() {
	$type = $this->getSignatureType();
	return idx(self::getSignatureTypeMap(), $type, $type);
	}

	public function getSignatureTypeIcon() {
	$type = $this->getSignatureType();
	$map = array(
	self::SIGNATURE_TYPE_NONE => '',
	self::SIGNATURE_TYPE_INDIVIDUAL => 'fa-user grey',
	self::SIGNATURE_TYPE_CORPORATION => 'fa-building-o grey',
	);

	return idx($map, $type, 'fa-user grey');
	}


	/* -( PhabricatorSubscribableInterface )----------------------------------- */


	public function isAutomaticallySubscribed($phid) {
	return ($this->creatorPHID == $phid);
	}


	/* -( PhabricatorPolicyInterface )----------------------------------------- */


	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	);
	}

	public function getPolicy($capability) {
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	$policy = $this->viewPolicy;
	break;
	case PhabricatorPolicyCapability::CAN_EDIT:
	$policy = $this->editPolicy;
	break;
	default:
	$policy = PhabricatorPolicies::POLICY_NOONE;
	break;
	}
	return $policy;
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $user) {
	return ($user->getPHID() == $this->getCreatorPHID());
	}

	public function describeAutomaticCapability($capability) {
	return pht('The author of a document can always view and edit it.');
	}


	/* -( PhabricatorApplicationTransactionInterface )------------------------- */


	public function getApplicationTransactionEditor() {
	return new LegalpadDocumentEditor();
	}

	public function getApplicationTransactionObject() {
	return $this;
	}

	public function getApplicationTransactionTemplate() {
	return new LegalpadTransaction();
	}

	public function willRenderTimeline(
	PhabricatorApplicationTransactionView $timeline,
	AphrontRequest $request) {

	return $timeline;
	}


	/* -( PhabricatorDestructibleInterface )----------------------------------- */


	public function destroyObjectPermanently(
	PhabricatorDestructionEngine $engine) {

	$this->openTransaction();
	$this->delete();

	$bodies = id(new LegalpadDocumentBody())->loadAllWhere(
	'documentPHID = %s',
	$this->getPHID());
	foreach ($bodies as $body) {
	$body->delete();
	}

	$signatures = id(new LegalpadDocumentSignature())->loadAllWhere(
	'documentPHID = %s',
	$this->getPHID());
	foreach ($signatures as $signature) {
	$signature->delete();
	}

	$this->saveTransaction();
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Fri, Aug 15, 7:08 AM (6 d, 6 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 202411
Default Alt Text: (58 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions