public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, '/');
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$token = PhabricatorConduitToken::initializeNewToken($viewer->getPHID(), PhabricatorConduitToken::TYPE_COMMANDLINE);
$token->save();
unset($unguarded);
$form = id(new AphrontFormView())->setUser($viewer)->appendRemarkupInstructions(pht('Copy-paste the API Token below to grant access to your account.'))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('API Token'))->setValue($token->getToken()))->appendRemarkupInstructions(pht('This will authorize the requesting script to act on your behalf ' . 'permanently, like giving the script your account password.'))->appendRemarkupInstructions(pht('If you change your mind, you can revoke this token later in ' . '{nav icon=wrench,name=Settings > Conduit API Tokens}.'));
return $this->newDialog()->setTitle(pht('Grant Account Access'))->setWidth(AphrontDialogView::WIDTH_FULL)->appendForm($form)->addCancelButton('/');
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$id = $request->getURIData('id');
if ($id) {
$token = id(new PhabricatorConduitTokenQuery())->setViewer($viewer)->withIDs(array($id))->withExpired(false)->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne();
if (!$token) {
return new Aphront404Response();
}
$object = $token->getObject();
$is_new = false;
$title = pht('View API Token');
} else {
$object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withPHIDs(array($request->getStr('objectPHID')))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne();
if (!$object) {
return new Aphront404Response();
}
$token = PhabricatorConduitToken::initializeNewToken($object->getPHID(), PhabricatorConduitToken::TYPE_STANDARD);
$is_new = true;
$title = pht('Generate API Token');
$submit_button = pht('Generate Token');
}
if ($viewer->getPHID() == $object->getPHID()) {
$panel_uri = '/settings/panel/apitokens/';
} else {
$panel_uri = '/settings/' . $object->getID() . '/panel/apitokens/';
}
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $panel_uri);
if ($request->isFormPost()) {
$token->save();
if ($is_new) {
$token_uri = '/conduit/token/edit/' . $token->getID() . '/';
} else {
$token_uri = $panel_uri;
}
return id(new AphrontRedirectResponse())->setURI($token_uri);
}
$dialog = $this->newDialog()->setTitle($title)->addHiddenInput('objectPHID', $object->getPHID());
if ($is_new) {
$dialog->appendParagraph(pht('Generate a new API token?'))->addSubmitButton($submit_button)->addCancelButton($panel_uri);
} else {
$form = id(new AphrontFormView())->setUser($viewer);
if ($token->getTokenType() === PhabricatorConduitToken::TYPE_CLUSTER) {
$dialog->appendChild(pht('This token is automatically generated by Phabricator, and used ' . 'to make requests between nodes in a Phabricator cluster. You ' . 'can not use this token in external applications.'));
} else {
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Token'))->setValue($token->getToken()));
}
$dialog->appendForm($form)->addCancelButton($panel_uri, pht('Done'));
}
return $dialog;
}
