Page MenuHomePhabricator
Diviner Phabricator Tech Docs PhabricatorAuthSessionEngine

final class PhabricatorAuthSessionEngine
Phabricator Technical Documentation (Auth)

This class is not documented.

Tasks

Using Sessions

  • public function loadUserForSession($session_type, $session_token) — Load the user identity associated with a session of a given type, identified by token.

Creating Sessions

No methods for this task.

High Security

  • public function requireHighSecuritySession($viewer, $request, $cancel_uri, $jump_into_hisec) — Require high security, or prompt the user to enter high security.
  • private function issueHighSecurityToken($session, $force) — Issue a high security token for a session, if authorized.
  • public function renderHighSecurityForm($factors, $validation_results, $viewer, $request) — Render a form for providing relevant multi-factor credentials.
  • public function exitHighSecurity($viewer, $session) — Strip the high security flag from a session.

Partial Sessions

One Time Login URIs

  • public function getOneTimeLoginURI($user, $email, $type) — Retrieve a temporary, one-time URI which can log in to an account.
  • public function loadOneTimeLoginKey($user, $email, $key) — Load the temporary token associated with a given one-time login key.

Other Methods

  • public static function getSessionKindFromToken($session_token) — Get the session kind (e.g., anonymous, user, external account) from a session token. Returns a `KIND_` constant.
  • public function establishSession($session_type, $identity_phid, $partial) — Issue a new session key for a given identity. Phabricator supports different types of sessions (like "web" and "conduit") and each session type may have multiple concurrent sessions (this allows a user to be logged in on multiple browsers at the same time, for instance).
  • public function terminateLoginSessions($user, $except_session) — Terminate all of a user's login sessions.
  • public function logoutSession($user, $session)
  • private function getOneTimeLoginKeyHash($user, $email, $key) — Hash a one-time login key for storage as a temporary token.

Methods

public static function getSessionKindFromToken($session_token)

Get the session kind (e.g., anonymous, user, external account) from a session token. Returns a KIND_ constant.

Parameters
string$session_tokenSession token.
Return
constSession kind constant.

public function loadUserForSession($session_type, $session_token)

Load the user identity associated with a session of a given type, identified by token.

When the user presents a session token to an API, this method verifies it is of the correct type and loads the corresponding identity if the session exists and is valid.

NOTE: $session_type is the type of session that is required by the loading context. This prevents use of a Conduit sesssion as a Web session, for example.
Parameters
const$session_typeThe type of session to load.
string$session_tokenThe session token.
Return
PhabricatorUser|null

public function establishSession($session_type, $identity_phid, $partial)

Issue a new session key for a given identity. Phabricator supports different types of sessions (like "web" and "conduit") and each session type may have multiple concurrent sessions (this allows a user to be logged in on multiple browsers at the same time, for instance).

Note that this method is transport-agnostic and does not set cookies or issue other types of tokens, it ONLY generates a new session key.

You can configure the maximum number of concurrent sessions for various session types in the Phabricator configuration.

Parameters
const$session_typeSession type constant (see @{class:PhabricatorAuthSession}).
phid|null$identity_phidIdentity to establish a session for, usually a user PHID. With `null`, generates an anonymous session.
bool$partialTrue to issue a partial session.
Return
stringNewly generated session key.

public function terminateLoginSessions($user, $except_session)

Terminate all of a user's login sessions.

This is used when users change passwords, linked accounts, or add multifactor authentication.

Parameters
PhabricatorUser$userUser whose sessions should be terminated.
string|null$except_sessionOptionally, one session to keep. Normally, the current login session.
Return
void

public function logoutSession($user, $session)

This method is not documented.
Parameters
PhabricatorUser$user
PhabricatorAuthSession$session
Return
wild

public function requireHighSecuritySession($viewer, $request, $cancel_uri, $jump_into_hisec)

Require high security, or prompt the user to enter high security.

If the user's session is in high security, this method will return a token. Otherwise, it will throw an exception which will eventually be converted into a multi-factor authentication workflow.

Parameters
PhabricatorUser$viewerUser whose session needs to be in high security.
AphrontReqeust$requestCurrent request.
string$cancel_uriURI to return the user to if they cancel.
bool$jump_into_hisecTrue to jump partial sessions directly into high security instead of just upgrading them to full sessions.
Return
PhabricatorAuthHighSecurityTokenSecurity token.

private function issueHighSecurityToken($session, $force)

Issue a high security token for a session, if authorized.

Parameters
PhabricatorAuthSession$sessionSession to issue a token for.
bool$forceForce token issue.
Return
PhabricatorAuthHighSecurityToken|nullToken, if authorized.

public function renderHighSecurityForm($factors, $validation_results, $viewer, $request)

Render a form for providing relevant multi-factor credentials.

Parameters
PhabricatorUser$factorsViewing user.
AphrontRequest$validation_resultsCurrent request.
PhabricatorUser$viewer
AphrontRequest$request
Return
AphrontFormViewRenderable form.

public function exitHighSecurity($viewer, $session)

Strip the high security flag from a session.

Kicks a session out of high security and logs the exit.

Parameters
PhabricatorUser$viewerActing user.
PhabricatorAuthSession$sessionSession to return to normal security.
Return
void

public function upgradePartialSession($viewer)

Upgrade a partial session to a full session.

Parameters
PhabricatorAuthSession$viewerSession to upgrade.
Return
void

public function signLegalpadDocuments($viewer, $docs)

Upgrade a session to have all legalpad documents signed.

Parameters
PhabricatorUser$viewerUser whose session should upgrade.
array$docsLegalpadDocument objects
Return
void

public function getOneTimeLoginURI($user, $email, $type)

Retrieve a temporary, one-time URI which can log in to an account.

These URIs are used for password recovery and to regain access to accounts which users have been locked out of.

Parameters
PhabricatorUser$userUser to generate a URI for.
PhabricatorUserEmail$emailOptionally, email to verify when link is used.
string$typeOptional context string for the URI. This is purely cosmetic and used only to customize workflow and error messages.
Return
stringLogin URI.

public function loadOneTimeLoginKey($user, $email, $key)

Load the temporary token associated with a given one-time login key.

Parameters
PhabricatorUser$userUser to load the token for.
PhabricatorUserEmail$emailOptionally, email to verify when link is used.
string$keyKey user is presenting as a valid one-time login key.
Return
PhabricatorAuthTemporaryToken|nullToken, if one exists.

private function getOneTimeLoginKeyHash($user, $email, $key)

Hash a one-time login key for storage as a temporary token.

Parameters
PhabricatorUser$userUser this key is for.
PhabricatorUserEmail$emailOptionally, email to verify when link is used.
string$keyThe one time login key.
Return
stringHash of the key. task onetime
Defined
src/applications/auth/engine/PhabricatorAuthSessionEngine.php:11
Copyright © LEAD Solutions B.V.