Page MenuHomec4science

No OneTemporary

File Metadata

Mon, Mar 17, 19:29


final class DiffusionSetPasswordSettingsPanel extends PhabricatorSettingsPanel {
public function isManagementPanel() {
if ($this->getUser()->getIsMailingList()) {
return false;
return true;
public function getPanelKey() {
return 'vcspassword';
public function getPanelName() {
return pht('VCS Password');
public function getPanelGroupKey() {
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
public function isEnabled() {
return PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth');
public function processRequest(AphrontRequest $request) {
$viewer = $request->getUser();
$user = $this->getUser();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$vcs_type = PhabricatorAuthPassword::PASSWORD_TYPE_VCS;
$vcspasswords = id(new PhabricatorAuthPasswordQuery())
if ($vcspasswords) {
$vcspassword = head($vcspasswords);
} else {
$vcspassword = PhabricatorAuthPassword::initializeNewPassword(
$panel_uri = $this->getPanelURI('?saved=true');
$errors = array();
$e_password = true;
$e_confirm = true;
$content_source = PhabricatorContentSource::newFromRequest($request);
// NOTE: This test is against $viewer (not $user), so that the error
// message below makes sense in the case that the two are different,
// and because an admin reusing their own password is bad, while
// system agents generally do not have passwords anyway.
$engine = id(new PhabricatorAuthPasswordEngine())
if ($request->isFormPost()) {
if ($request->getBool('remove')) {
if ($vcspassword->getID()) {
return id(new AphrontRedirectResponse())->setURI($panel_uri);
$new_password = $request->getStr('password');
$confirm = $request->getStr('confirm');
$envelope = new PhutilOpaqueEnvelope($new_password);
$confirm_envelope = new PhutilOpaqueEnvelope($confirm);
try {
$engine->checkNewPassword($envelope, $confirm_envelope);
$e_password = null;
$e_confirm = null;
} catch (PhabricatorAuthPasswordException $ex) {
$errors[] = $ex->getMessage();
$e_password = $ex->getPasswordError();
$e_confirm = $ex->getConfirmError();
if (!$errors) {
->setPassword($envelope, $user)
return id(new AphrontRedirectResponse())->setURI($panel_uri);
$title = pht('Set VCS Password');
$form = id(new AphrontFormView())
'To access repositories hosted by Phabricator over HTTP, you must '.
'set a version control password. This password should be unique.'.
"This password applies to all repositories available over ".
if ($vcspassword->getID()) {
id(new AphrontFormPasswordControl())
->setLabel(pht('Current Password'))
} else {
id(new AphrontFormMarkupControl())
->setLabel(pht('Current Password'))
->setValue(phutil_tag('em', array(), pht('No Password Set'))));
id(new AphrontFormPasswordControl())
->setLabel(pht('New VCS Password'))
id(new AphrontFormPasswordControl())
->setLabel(pht('Confirm VCS Password'))
id(new AphrontFormSubmitControl())
->setValue(pht('Change Password')));
if (!$vcspassword->getID()) {
$is_serious = PhabricatorEnv::getEnvConfig(
$suggest = Filesystem::readRandomBytes(128);
$suggest = preg_replace('([^A-Za-z0-9/!().,;{}^&*%~])', '', $suggest);
$suggest = substr($suggest, 0, 20);
if ($is_serious) {
'Having trouble coming up with a good password? Try this randomly '.
'generated one, made by a computer:'.
} else {
'Having trouble coming up with a good password? Try this '.
'artisanal password, hand made in small batches by our expert '.
'craftspeople: '.
$hash_envelope = new PhutilOpaqueEnvelope($vcspassword->getPasswordHash());
id(new AphrontFormStaticControl())
->setLabel(pht('Current Algorithm'))
id(new AphrontFormStaticControl())
->setLabel(pht('Best Available Algorithm'))
if (strlen($hash_envelope->openEnvelope())) {
try {
$can_upgrade = PhabricatorPasswordHasher::canUpgradeHash(
} catch (PhabricatorPasswordHasherUnavailableException $ex) {
$can_upgrade = false;
$errors[] = pht(
'Your VCS password is currently hashed using an algorithm which is '.
'no longer available on this install.');
$errors[] = pht(
'Because the algorithm implementation is missing, your password '.
'can not be used.');
$errors[] = pht(
'You can set a new password to replace the old password.');
if ($can_upgrade) {
$errors[] = pht(
'The strength of your stored VCS password hash can be upgraded. '.
'To upgrade, either: use the password to authenticate with a '.
'repository; or change your password.');
$object_box = id(new PHUIObjectBoxView())
$remove_form = id(new AphrontFormView())
if ($vcspassword->getID()) {
->addHiddenInput('remove', true)
'You can remove your VCS password, which will prevent your '.
'account from accessing repositories.'))
id(new AphrontFormSubmitControl())
->setValue(pht('Remove Password')));
} else {
'You do not currently have a VCS password set. If you set one, you '.
'can remove it here later.'));
$remove_box = id(new PHUIObjectBoxView())
->setHeaderText(pht('Remove VCS Password'))
$saved = null;
if ($request->getBool('saved')) {
$saved = id(new PHUIInfoView())
->setTitle(pht('Password Updated'))
->appendChild(pht('Your VCS password has been updated.'));
return array(

Event Timeline