public function setWorkflowKey($workflow_key)
$workflow_key |
wild |
public function getWorkflowKey()
wild |
public function getRequest()
wild |
public static function getSessionKindFromToken($session_token)
Get the session kind (e.g., anonymous, user, external account) from a session token. Returns a KIND_ constant.
string | $session_token | Session token. |
const | Session kind constant. |
public function loadUserForSession($session_type, $session_token)
Load the user identity associated with a session of a given type, identified by token.
When the user presents a session token to an API, this method verifies it is of the correct type and loads the corresponding identity if the session exists and is valid.
const | $session_type | The type of session to load. |
string | $session_token | The session token. |
PhabricatorUser|null |
public function establishSession($session_type, $identity_phid, $partial)
Issue a new session key for a given identity. Phabricator supports different types of sessions (like "web" and "conduit") and each session type may have multiple concurrent sessions (this allows a user to be logged in on multiple browsers at the same time, for instance).
Note that this method is transport-agnostic and does not set cookies or issue other types of tokens, it ONLY generates a new session key.
You can configure the maximum number of concurrent sessions for various session types in the Phabricator configuration.
const | $session_type | Session type constant (see @{class:PhabricatorAuthSession}). |
phid|null | $identity_phid | Identity to establish a session for, usually a user PHID. With `null`, generates an anonymous session. |
bool | $partial | True to issue a partial session. |
string | Newly generated session key. |
public function terminateLoginSessions($user, $except_session)
Terminate all of a user's login sessions.
This is used when users change passwords, linked accounts, or add multifactor authentication.
PhabricatorUser | $user | User whose sessions should be terminated. |
string|null | $except_session | Optionally, one session to keep. Normally, the current login session. |
void |
public function logoutSession($user, $session)
PhabricatorUser | $user | |
PhabricatorAuthSession | $session |
wild |
public function requireHighSecurityToken($viewer, $request, $cancel_uri)
Require the user respond to a high security (MFA) check.
This method differs from requireHighSecuritySession() in that it does not upgrade the user's session as a side effect. This method is appropriate for one-time checks.
PhabricatorUser | $viewer | User whose session needs to be in high security. |
AphrontRequest | $request | Current request. |
string | $cancel_uri | URI to return the user to if they cancel. |
PhabricatorAuthHighSecurityToken | Security token. |
public function requireHighSecuritySession($viewer, $request, $cancel_uri, $jump_into_hisec)
Require high security, or prompt the user to enter high security.
If the user's session is in high security, this method will return a token. Otherwise, it will throw an exception which will eventually be converted into a multi-factor authentication workflow.
This method upgrades the user's session to high security for a short period of time, and is appropriate if you anticipate they may need to take multiple high security actions. To perform a one-time check instead, use requireHighSecurityToken().
PhabricatorUser | $viewer | User whose session needs to be in high security. |
AphrontRequest | $request | Current request. |
string | $cancel_uri | URI to return the user to if they cancel. |
bool | $jump_into_hisec | True to jump partial sessions directly into high security instead of just upgrading them to full sessions. |
PhabricatorAuthHighSecurityToken | Security token. |
private function newHighSecurityToken($viewer, $request, $cancel_uri, $jump_into_hisec, $upgrade_session)
PhabricatorUser | $viewer | |
AphrontRequest | $request | |
$cancel_uri | ||
$jump_into_hisec | ||
$upgrade_session |
wild |
private function issueHighSecurityToken($session, $force)
Issue a high security token for a session, if authorized.
PhabricatorAuthSession | $session | Session to issue a token for. |
bool | $force | Force token issue. |
PhabricatorAuthHighSecurityToken|null | Token, if authorized. |
public function renderHighSecurityForm($factors, $validation_results, $viewer, $request)
Render a form for providing relevant multi-factor credentials.
PhabricatorUser | $factors | Viewing user. |
AphrontRequest | $validation_results | Current request. |
PhabricatorUser | $viewer | |
AphrontRequest | $request |
AphrontFormView | Renderable form. |
public function exitHighSecurity($viewer, $session)
Strip the high security flag from a session.
Kicks a session out of high security and logs the exit.
PhabricatorUser | $viewer | Acting user. |
PhabricatorAuthSession | $session | Session to return to normal security. |
void |
public function upgradePartialSession($viewer)
Upgrade a partial session to a full session.
PhabricatorAuthSession | $viewer | Session to upgrade. |
void |
public function signLegalpadDocuments($viewer, $docs)
Upgrade a session to have all legalpad documents signed.
PhabricatorUser | $viewer | User whose session should upgrade. |
array | $docs | LegalpadDocument objects |
void |
public function getOneTimeLoginURI($user, $email, $type, $force_full_session)
Retrieve a temporary, one-time URI which can log in to an account.
These URIs are used for password recovery and to regain access to accounts which users have been locked out of.
PhabricatorUser | $user | User to generate a URI for. |
PhabricatorUserEmail | Optionally, email to verify when link is used. | |
string | $type | Optional context string for the URI. This is purely cosmetic and used only to customize workflow and error messages. |
bool | $force_full_session | True to generate a URI which forces an immediate upgrade to a full session, bypassing MFA and other login checks. |
string | Login URI. |
public function loadOneTimeLoginKey($user, $email, $key)
Load the temporary token associated with a given one-time login key.
PhabricatorUser | $user | User to load the token for. |
PhabricatorUserEmail | Optionally, email to verify when link is used. | |
string | $key | Key user is presenting as a valid one-time login key. |
PhabricatorAuthTemporaryToken|null | Token, if one exists. |
private function getOneTimeLoginKeyHash($user, $email, $key)
Hash a one-time login key for storage as a temporary token.
PhabricatorUser | $user | User this key is for. |
PhabricatorUserEmail | Optionally, email to verify when link is used. | |
string | $key | The one time login key. |
string | Hash of the key. task onetime |
private function getUserCacheQueryParts($conn)
AphrontDatabaseConnection | $conn |
wild |
private function filterRawCacheData($user, $types_map, $cache_raw)
PhabricatorUser | $user | |
array | $types_map | |
array | $cache_raw |
wild |
public function willServeRequestForUser($user)
PhabricatorUser | $user |
wild |
private function extendSession($session)
PhabricatorAuthSession | $session |
wild |