diff --git a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php --- a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php +++ b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php @@ -84,6 +84,22 @@ ->addCancelButton('/login/email/', pht('Send Another Email')); } + if (!$target_user->canEstablishWebSessions()) { + return $this->newDialog() + ->setTitle(pht('Unable to Establish Web Session')) + ->setShortTitle(pht('Login Failure')) + ->appendParagraph( + pht( + 'You are trying to gain access to an account ("%s") that can not '. + 'establish a web session.', + $target_user->getUsername())) + ->appendParagraph( + pht( + 'Special users like daemons and mailing lists are not permitted '. + 'to log in via the web. Log in as a normal user instead.')) + ->addCancelButton('/'); + } + if ($request->isFormPost()) { // If we have an email bound into this URI, verify email so that clicking // the link in the "Welcome" email is good enough, without requiring users diff --git a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php --- a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php +++ b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php @@ -71,6 +71,16 @@ $can_recover)); } + if (!$user->canEstablishWebSessions()) { + throw new PhutilArgumentUsageException( + pht( + 'This account ("%s") can not establish web sessions, so it is '. + 'not possible to generate a functional recovery link. Special '. + 'accounts like daemons and mailing lists can not log in via the '. + 'web UI.', + $username)); + } + $engine = new PhabricatorAuthSessionEngine(); $onetime_uri = $engine->getOneTimeLoginURI( $user,