Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F83514720
PhabricatorAuthFinishController.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Tue, Sep 17, 13:47
Size
2 KB
Mime Type
text/x-php
Expires
Thu, Sep 19, 13:47 (2 d)
Engine
blob
Format
Raw Data
Handle
20850729
Attached To
rPH Phabricator
PhabricatorAuthFinishController.php
View Options
<?php
final
class
PhabricatorAuthFinishController
extends
PhabricatorAuthController
{
public
function
shouldRequireLogin
()
{
return
false
;
}
public
function
shouldAllowPartialSessions
()
{
return
true
;
}
public
function
processRequest
()
{
$request
=
$this
->
getRequest
();
$viewer
=
$request
->
getUser
();
// If the user already has a full session, just kick them out of here.
$has_partial_session
=
$viewer
->
hasSession
()
&&
$viewer
->
getSession
()->
getIsPartial
();
if
(!
$has_partial_session
)
{
return
id
(
new
AphrontRedirectResponse
())->
setURI
(
'/'
);
}
$engine
=
new
PhabricatorAuthSessionEngine
();
// If this cookie is set, the user is headed into a high security area
// after login (normally because of a password reset) so if they are
// able to pass the checkpoint we just want to put their account directly
// into high security mode, rather than prompt them again for the same
// set of credentials.
$jump_into_hisec
=
$request
->
getCookie
(
PhabricatorCookies
::
COOKIE_HISEC
);
try
{
$token
=
$engine
->
requireHighSecuritySession
(
$viewer
,
$request
,
'/logout/'
,
$jump_into_hisec
);
}
catch
(
PhabricatorAuthHighSecurityRequiredException
$ex
)
{
$form
=
id
(
new
PhabricatorAuthSessionEngine
())->
renderHighSecurityForm
(
$ex
->
getFactors
(),
$ex
->
getFactorValidationResults
(),
$viewer
,
$request
);
return
$this
->
newDialog
()
->
setTitle
(
pht
(
'Provide Multi-Factor Credentials'
))
->
setShortTitle
(
pht
(
'Multi-Factor Login'
))
->
setWidth
(
AphrontDialogView
::
WIDTH_FORM
)
->
addHiddenInput
(
AphrontRequest
::
TYPE_HISEC
,
true
)
->
appendParagraph
(
pht
(
'Welcome, %s. To complete the login process, provide your '
.
'multi-factor credentials.'
,
phutil_tag
(
'strong'
,
array
(),
$viewer
->
getUsername
())))
->
appendChild
(
$form
->
buildLayoutView
())
->
setSubmitURI
(
$request
->
getPath
())
->
addCancelButton
(
$ex
->
getCancelURI
())
->
addSubmitButton
(
pht
(
'Continue'
));
}
// Upgrade the partial session to a full session.
$engine
->
upgradePartialSession
(
$viewer
);
// TODO: It might be nice to add options like "bind this session to my IP"
// here, even for accounts without multi-factor auth attached to them.
$next
=
PhabricatorCookies
::
getNextURICookie
(
$request
);
$request
->
clearCookie
(
PhabricatorCookies
::
COOKIE_NEXTURI
);
$request
->
clearCookie
(
PhabricatorCookies
::
COOKIE_HISEC
);
if
(!
PhabricatorEnv
::
isValidLocalWebResource
(
$next
))
{
$next
=
'/'
;
}
return
id
(
new
AphrontRedirectResponse
())->
setURI
(
$next
);
}
}
Event Timeline
Log In to Comment