Page Menu
Home
c4science
Search
Configure Global Search
Log In
Files
F93053903
PhabricatorAuthFactorProviderStatusTransaction.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Subscribers
None
File Metadata
Details
File Info
Storage
Attached
Created
Mon, Nov 25, 20:42
Size
3 KB
Mime Type
text/x-php
Expires
Wed, Nov 27, 20:42 (2 d)
Engine
blob
Format
Raw Data
Handle
22563359
Attached To
rPH Phabricator
PhabricatorAuthFactorProviderStatusTransaction.php
View Options
<?php
final
class
PhabricatorAuthFactorProviderStatusTransaction
extends
PhabricatorAuthFactorProviderTransactionType
{
const
TRANSACTIONTYPE
=
'status'
;
public
function
generateOldValue
(
$object
)
{
return
$object
->
getStatus
();
}
public
function
applyInternalEffects
(
$object
,
$value
)
{
$object
->
setStatus
(
$value
);
}
public
function
getTitle
()
{
$old
=
$this
->
getOldValue
();
$new
=
$this
->
getNewValue
();
$old_display
=
PhabricatorAuthFactorProviderStatus
::
newForStatus
(
$old
)
->
getName
();
$new_display
=
PhabricatorAuthFactorProviderStatus
::
newForStatus
(
$new
)
->
getName
();
return
pht
(
'%s changed the status of this provider from %s to %s.'
,
$this
->
renderAuthor
(),
$this
->
renderValue
(
$old_display
),
$this
->
renderValue
(
$new_display
));
}
public
function
validateTransactions
(
$object
,
array
$xactions
)
{
$errors
=
array
();
$actor
=
$this
->
getActor
();
$map
=
PhabricatorAuthFactorProviderStatus
::
getMap
();
foreach
(
$xactions
as
$xaction
)
{
$new_value
=
$xaction
->
getNewValue
();
if
(!
isset
(
$map
[
$new_value
]))
{
$errors
[]
=
$this
->
newInvalidError
(
pht
(
'Status "%s" is invalid. Valid statuses are: %s.'
,
$new_value
,
implode
(
', '
,
array_keys
(
$map
))),
$xaction
);
continue
;
}
$require_key
=
'security.require-multi-factor-auth'
;
$require_mfa
=
PhabricatorEnv
::
getEnvConfig
(
$require_key
);
if
(
$require_mfa
)
{
$status_active
=
PhabricatorAuthFactorProviderStatus
::
STATUS_ACTIVE
;
if
(
$new_value
!==
$status_active
)
{
$active_providers
=
id
(
new
PhabricatorAuthFactorProviderQuery
())
->
setViewer
(
$actor
)
->
withStatuses
(
array
(
$status_active
,
))
->
execute
();
$active_providers
=
mpull
(
$active_providers
,
null
,
'getID'
);
unset
(
$active_providers
[
$object
->
getID
()]);
if
(!
$active_providers
)
{
$errors
[]
=
$this
->
newInvalidError
(
pht
(
'You can not deprecate or disable the last active MFA '
.
'provider while "%s" is enabled, because new users would '
.
'be unable to enroll in MFA. Disable the MFA requirement '
.
'in Config, or create or enable another MFA provider first.'
,
$require_key
));
continue
;
}
}
}
}
return
$errors
;
}
public
function
didCommitTransaction
(
$object
,
$value
)
{
$status
=
PhabricatorAuthFactorProviderStatus
::
newForStatus
(
$value
);
// If a provider has undergone a status change, reset the MFA enrollment
// cache for all users. This may immediately force a lot of users to redo
// MFA enrollment.
// We could be more surgical about this: we only really need to affect
// users who had a factor under the provider, and only really need to
// do anything if a provider was disabled. This is just a little simpler.
$table
=
new
PhabricatorUser
();
$conn
=
$table
->
establishConnection
(
'w'
);
queryfx
(
$conn
,
'UPDATE %R SET isEnrolledInMultiFactor = 0'
,
$table
);
}
}
Event Timeline
Log In to Comment