Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthFinishController.php
- This file was added.
| <?php | |||||
| final class PhabricatorAuthFinishController | |||||
| extends PhabricatorAuthController { | |||||
| public function shouldRequireLogin() { | |||||
| return false; | |||||
| } | |||||
| public function shouldAllowPartialSessions() { | |||||
| return true; | |||||
| } | |||||
| public function processRequest() { | |||||
| $request = $this->getRequest(); | |||||
| $viewer = $request->getUser(); | |||||
| // If the user already has a full session, just kick them out of here. | |||||
| $has_partial_session = $viewer->hasSession() && | |||||
| $viewer->getSession()->getIsPartial(); | |||||
| if (!$has_partial_session) { | |||||
| return id(new AphrontRedirectResponse())->setURI('/'); | |||||
| } | |||||
| $engine = new PhabricatorAuthSessionEngine(); | |||||
| try { | |||||
| $token = $engine->requireHighSecuritySession( | |||||
| $viewer, | |||||
| $request, | |||||
| '/logout/'); | |||||
| } catch (PhabricatorAuthHighSecurityRequiredException $ex) { | |||||
| $form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm( | |||||
| $ex->getFactors(), | |||||
| $ex->getFactorValidationResults(), | |||||
| $viewer, | |||||
| $request); | |||||
| return $this->newDialog() | |||||
| ->setTitle(pht('Provide Multi-Factor Credentials')) | |||||
| ->setShortTitle(pht('Multi-Factor Login')) | |||||
| ->setWidth(AphrontDialogView::WIDTH_FORM) | |||||
| ->addHiddenInput(AphrontRequest::TYPE_HISEC, true) | |||||
| ->appendParagraph( | |||||
| pht( | |||||
| 'Welcome, %s. To complete the login process, provide your '. | |||||
| 'multi-factor credentials.', | |||||
| phutil_tag('strong', array(), $viewer->getUsername()))) | |||||
| ->appendChild($form->buildLayoutView()) | |||||
| ->setSubmitURI($request->getPath()) | |||||
| ->addCancelButton($ex->getCancelURI()) | |||||
| ->addSubmitButton(pht('Continue')); | |||||
| } | |||||
| // Upgrade the partial session to a full session. | |||||
| $engine->upgradePartialSession($viewer); | |||||
| // TODO: It might be nice to add options like "bind this session to my IP" | |||||
| // here, even for accounts without multi-factor auth attached to them. | |||||
| $next = PhabricatorCookies::getNextURICookie($request); | |||||
| $request->clearCookie(PhabricatorCookies::COOKIE_NEXTURI); | |||||
| if (!PhabricatorEnv::isValidLocalWebResource($next)) { | |||||
| $next = '/'; | |||||
| } | |||||
| return id(new AphrontRedirectResponse())->setURI($next); | |||||
| } | |||||
| } | |||||