Differential D14325 Diff 34578 src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
| Show First 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | if (!$token) { | ||||
| 'Make sure you are copy-and-pasting the entire link into '. | 'Make sure you are copy-and-pasting the entire link into '. | ||||
| 'your browser. Login links are only valid for 24 hours, and '. | 'your browser. Login links are only valid for 24 hours, and '. | ||||
| 'can only be used once.')) | 'can only be used once.')) | ||||
| ->appendParagraph( | ->appendParagraph( | ||||
| pht('You can try again, or request a new link via email.')) | pht('You can try again, or request a new link via email.')) | ||||
| ->addCancelButton('/login/email/', pht('Send Another Email')); | ->addCancelButton('/login/email/', pht('Send Another Email')); | ||||
| } | } | ||||
| if (!$target_user->canEstablishWebSessions()) { | |||||
| return $this->newDialog() | |||||
| ->setTitle(pht('Unable to Establish Web Session')) | |||||
| ->setShortTitle(pht('Login Failure')) | |||||
| ->appendParagraph( | |||||
| pht( | |||||
| 'You are trying to gain access to an account ("%s") that can not '. | |||||
| 'establish a web session.', | |||||
| $target_user->getUsername())) | |||||
| ->appendParagraph( | |||||
| pht( | |||||
| 'Special users like daemons and mailing lists are not permitted '. | |||||
| 'to log in via the web. Log in as a normal user instead.')) | |||||
| ->addCancelButton('/'); | |||||
| } | |||||
| if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
| // If we have an email bound into this URI, verify email so that clicking | // If we have an email bound into this URI, verify email so that clicking | ||||
| // the link in the "Welcome" email is good enough, without requiring users | // the link in the "Welcome" email is good enough, without requiring users | ||||
| // to go through a second round of email verification. | // to go through a second round of email verification. | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| // Nuke the token and all other outstanding password reset tokens. | // Nuke the token and all other outstanding password reset tokens. | ||||
| // There is no particular security benefit to destroying them all, but | // There is no particular security benefit to destroying them all, but | ||||
| ▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines | |||||