Differential D14325 Diff 34578 src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Show First 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | if (!$token) { | ||||
'Make sure you are copy-and-pasting the entire link into '. | 'Make sure you are copy-and-pasting the entire link into '. | ||||
'your browser. Login links are only valid for 24 hours, and '. | 'your browser. Login links are only valid for 24 hours, and '. | ||||
'can only be used once.')) | 'can only be used once.')) | ||||
->appendParagraph( | ->appendParagraph( | ||||
pht('You can try again, or request a new link via email.')) | pht('You can try again, or request a new link via email.')) | ||||
->addCancelButton('/login/email/', pht('Send Another Email')); | ->addCancelButton('/login/email/', pht('Send Another Email')); | ||||
} | } | ||||
if (!$target_user->canEstablishWebSessions()) { | |||||
return $this->newDialog() | |||||
->setTitle(pht('Unable to Establish Web Session')) | |||||
->setShortTitle(pht('Login Failure')) | |||||
->appendParagraph( | |||||
pht( | |||||
'You are trying to gain access to an account ("%s") that can not '. | |||||
'establish a web session.', | |||||
$target_user->getUsername())) | |||||
->appendParagraph( | |||||
pht( | |||||
'Special users like daemons and mailing lists are not permitted '. | |||||
'to log in via the web. Log in as a normal user instead.')) | |||||
->addCancelButton('/'); | |||||
} | |||||
if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
// If we have an email bound into this URI, verify email so that clicking | // If we have an email bound into this URI, verify email so that clicking | ||||
// the link in the "Welcome" email is good enough, without requiring users | // the link in the "Welcome" email is good enough, without requiring users | ||||
// to go through a second round of email verification. | // to go through a second round of email verification. | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
// Nuke the token and all other outstanding password reset tokens. | // Nuke the token and all other outstanding password reset tokens. | ||||
// There is no particular security benefit to destroying them all, but | // There is no particular security benefit to destroying them all, but | ||||
▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines |