public function handleRequest(AphrontRequest $request) { $viewer = $request->getViewer(); id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, '/'); $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $token = PhabricatorConduitToken::initializeNewToken($viewer->getPHID(), PhabricatorConduitToken::TYPE_COMMANDLINE); $token->save(); unset($unguarded); $form = id(new AphrontFormView())->setUser($viewer)->appendRemarkupInstructions(pht('Copy-paste the API Token below to grant access to your account.'))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('API Token'))->setValue($token->getToken()))->appendRemarkupInstructions(pht('This will authorize the requesting script to act on your behalf ' . 'permanently, like giving the script your account password.'))->appendRemarkupInstructions(pht('If you change your mind, you can revoke this token later in ' . '{nav icon=wrench,name=Settings > Conduit API Tokens}.')); return $this->newDialog()->setTitle(pht('Grant Account Access'))->setWidth(AphrontDialogView::WIDTH_FULL)->appendForm($form)->addCancelButton('/'); }
public function handleRequest(AphrontRequest $request) { $viewer = $request->getViewer(); $id = $request->getURIData('id'); if ($id) { $token = id(new PhabricatorConduitTokenQuery())->setViewer($viewer)->withIDs(array($id))->withExpired(false)->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne(); if (!$token) { return new Aphront404Response(); } $object = $token->getObject(); $is_new = false; $title = pht('View API Token'); } else { $object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withPHIDs(array($request->getStr('objectPHID')))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne(); if (!$object) { return new Aphront404Response(); } $token = PhabricatorConduitToken::initializeNewToken($object->getPHID(), PhabricatorConduitToken::TYPE_STANDARD); $is_new = true; $title = pht('Generate API Token'); $submit_button = pht('Generate Token'); } if ($viewer->getPHID() == $object->getPHID()) { $panel_uri = '/settings/panel/apitokens/'; } else { $panel_uri = '/settings/' . $object->getID() . '/panel/apitokens/'; } id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $panel_uri); if ($request->isFormPost()) { $token->save(); if ($is_new) { $token_uri = '/conduit/token/edit/' . $token->getID() . '/'; } else { $token_uri = $panel_uri; } return id(new AphrontRedirectResponse())->setURI($token_uri); } $dialog = $this->newDialog()->setTitle($title)->addHiddenInput('objectPHID', $object->getPHID()); if ($is_new) { $dialog->appendParagraph(pht('Generate a new API token?'))->addSubmitButton($submit_button)->addCancelButton($panel_uri); } else { $form = id(new AphrontFormView())->setUser($viewer); if ($token->getTokenType() === PhabricatorConduitToken::TYPE_CLUSTER) { $dialog->appendChild(pht('This token is automatically generated by Phabricator, and used ' . 'to make requests between nodes in a Phabricator cluster. You ' . 'can not use this token in external applications.')); } else { $form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Token'))->setValue($token->getToken())); } $dialog->appendForm($form)->addCancelButton($panel_uri, pht('Done')); } return $dialog; }