Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
Show All 30 Lines | if (strlen($key)) { | ||||
// provide a known key (such attacks are already prevented by CSRF, but | // provide a known key (such attacks are already prevented by CSRF, but | ||||
// this is a second barrier to overcome). | // this is a second barrier to overcome). | ||||
// (We store and verify the hash of the key, not the key itself, to limit | // (We store and verify the hash of the key, not the key itself, to limit | ||||
// how useful the data in the table is to an attacker.) | // how useful the data in the table is to an attacker.) | ||||
$temporary_token = id(new PhabricatorAuthTemporaryTokenQuery()) | $temporary_token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
->setViewer($user) | ->setViewer($user) | ||||
->withObjectPHIDs(array($user->getPHID())) | ->withTokenResources(array($user->getPHID())) | ||||
->withTokenTypes(array(self::TEMPORARY_TOKEN_TYPE)) | ->withTokenTypes(array(self::TEMPORARY_TOKEN_TYPE)) | ||||
->withExpired(false) | ->withExpired(false) | ||||
->withTokenCodes(array(PhabricatorHash::digest($key))) | ->withTokenCodes(array(PhabricatorHash::digest($key))) | ||||
->executeOne(); | ->executeOne(); | ||||
if (!$temporary_token) { | if (!$temporary_token) { | ||||
// If we don't have a matching token, regenerate the key below. | // If we don't have a matching token, regenerate the key below. | ||||
$key = null; | $key = null; | ||||
} | } | ||||
} | } | ||||
if (!strlen($key)) { | if (!strlen($key)) { | ||||
$key = self::generateNewTOTPKey(); | $key = self::generateNewTOTPKey(); | ||||
// Mark this key as one we generated, so the user is allowed to submit | // Mark this key as one we generated, so the user is allowed to submit | ||||
// a response for it. | // a response for it. | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
id(new PhabricatorAuthTemporaryToken()) | id(new PhabricatorAuthTemporaryToken()) | ||||
->setObjectPHID($user->getPHID()) | ->setTokenResource($user->getPHID()) | ||||
->setTokenType(self::TEMPORARY_TOKEN_TYPE) | ->setTokenType(self::TEMPORARY_TOKEN_TYPE) | ||||
->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ||||
->setTokenCode(PhabricatorHash::digest($key)) | ->setTokenCode(PhabricatorHash::digest($key)) | ||||
->save(); | ->save(); | ||||
unset($unguarded); | unset($unguarded); | ||||
} | } | ||||
$code = $request->getStr('totpcode'); | $code = $request->getStr('totpcode'); | ||||
▲ Show 20 Lines • Show All 239 Lines • Show Last 20 Lines |