Page MenuHomestyx hydra
Files F233280

No OneTemporary
Actions

View Options

diff --git a/src/applications/conduit/method/ConduitAPI_conduit_getcertificate_Method.php b/src/applications/conduit/method/ConduitAPI_conduit_getcertificate_Method.php
index af31ac40c0..45115795cd 100644
--- a/src/applications/conduit/method/ConduitAPI_conduit_getcertificate_Method.php
+++ b/src/applications/conduit/method/ConduitAPI_conduit_getcertificate_Method.php
@@ -1,90 +1,93 @@
<?php
/**
* @group conduit
*/
final class ConduitAPI_conduit_getcertificate_Method extends ConduitAPIMethod {
public function shouldRequireAuthentication() {
return false;
}
public function shouldAllowUnguardedWrites() {
// This method performs logging and is on the authentication pathway.
return true;
}
public function getMethodDescription() {
return "Retrieve certificate information for a user.";
}
public function defineParamTypes() {
return array(
'token' => 'required string',
'host' => 'required string',
);
}
public function defineReturnType() {
return 'dict<string, any>';
}
public function defineErrorTypes() {
return array(
"ERR-BAD-TOKEN" => "Token does not exist or has expired.",
"ERR-RATE-LIMIT" =>
"You have made too many invalid token requests recently. Wait before ".
"making more.",
);
}
protected function execute(ConduitAPIRequest $request) {
$this->validateHost($request->getValue('host'));
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE,
60 * 5);
if (count($failed_attempts) > 5) {
- $this->logFailure();
+ $this->logFailure($request);
throw new ConduitException('ERR-RATE-LIMIT');
}
$token = $request->getValue('token');
$info = id(new PhabricatorConduitCertificateToken())->loadOneWhere(
'token = %s',
trim($token));
if (!$info || $info->getDateCreated() < time() - (60 * 15)) {
- $this->logFailure();
+ $this->logFailure($request, $info);
throw new ConduitException('ERR-BAD-TOKEN');
} else {
- $log = id(new PhabricatorUserLog())
- ->setActorPHID($info->getUserPHID())
- ->setUserPHID($info->getUserPHID())
- ->setAction(PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
+ $log = PhabricatorUserLog::initializeNewLog(
+ $request->getUser(),
+ $info->getUserPHID(),
+ PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)
->save();
}
$user = id(new PhabricatorUser())->loadOneWhere(
'phid = %s',
$info->getUserPHID());
if (!$user) {
throw new Exception("Certificate token points to an invalid user!");
}
return array(
'username' => $user->getUserName(),
'certificate' => $user->getConduitCertificate(),
);
}
- private function logFailure() {
+ private function logFailure(
+ ConduitAPIRequest $request,
+ PhabricatorConduitCertificateToken $info = null) {
- $log = id(new PhabricatorUserLog())
- ->setUserPHID('-')
- ->setAction(PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
+ $log = PhabricatorUserLog::initializeNewLog(
+ $request->getUser(),
+ $info ? $info->getUserPHID() : '-',
+ PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)
->save();
}
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Jul 28, 1:20 AM (1 w, 20 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
186318
Default Alt Text
(3 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)