src/applications/auth/controller/PhabricatorAuthTerminateSessionController.php at upstream/main

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork atom

phorge / src / applications / auth / controller / PhabricatorAuthTerminateSessionController.php

at upstream/main 78 lines 2.2 kB view raw

wrap content

epriestley Upgrade sessions digests to HMAC256, retaining compatibility with old digests 7y ago

1d34238d

 1<?php
 2
 3final class PhabricatorAuthTerminateSessionController
 4  extends PhabricatorAuthController {
 5
 6  public function handleRequest(AphrontRequest $request) {
 7    $viewer = $this->getViewer();
 8    $id = $request->getURIData('id');
 9
10    $is_all = ($id === 'all');
11
12    $query = id(new PhabricatorAuthSessionQuery())
13      ->setViewer($viewer)
14      ->withIdentityPHIDs(array($viewer->getPHID()));
15    if (!$is_all) {
16      $query->withIDs(array($id));
17    }
18
19    $current_key = PhabricatorAuthSession::newSessionDigest(
20      new PhutilOpaqueEnvelope(
21        $request->getCookie(PhabricatorCookies::COOKIE_SESSION)));
22
23    $sessions = $query->execute();
24    foreach ($sessions as $key => $session) {
25      $is_current = phutil_hashes_are_identical(
26        $session->getSessionKey(),
27        $current_key);
28      if ($is_current) {
29        // Don't terminate the current login session.
30        unset($sessions[$key]);
31      }
32    }
33
34    $panel_uri = '/settings/panel/sessions/';
35
36    if (!$sessions) {
37      return $this->newDialog()
38        ->setTitle(pht('No Matching Sessions'))
39        ->appendParagraph(
40          pht('There are no matching sessions to terminate.'))
41        ->appendParagraph(
42          pht(
43            '(You can not terminate your current login session. To '.
44            'terminate it, log out.)'))
45        ->addCancelButton($panel_uri);
46    }
47
48    if ($request->isDialogFormPost()) {
49      foreach ($sessions as $session) {
50        $session->delete();
51      }
52      return id(new AphrontRedirectResponse())->setURI($panel_uri);
53    }
54
55    if ($is_all) {
56      $title = pht('Terminate Sessions?');
57      $short = pht('Terminate Sessions');
58      $body = pht(
59        'Really terminate all sessions? (Your current login session will '.
60        'not be terminated.)');
61    } else {
62      $title = pht('Terminate Session?');
63      $short = pht('Terminate Session');
64      $body = pht(
65        'Really terminate session %s?',
66        phutil_tag('strong', array(), substr($session->getSessionKey(), 0, 6)));
67    }
68
69    return $this->newDialog()
70      ->setTitle($title)
71      ->setShortTitle($short)
72      ->appendParagraph($body)
73      ->addSubmitButton(pht('Terminate'))
74      ->addCancelButton($panel_uri);
75  }
76
77
78}