Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
| Show All 30 Lines | if (strlen($key)) { | ||||
| // provide a known key (such attacks are already prevented by CSRF, but | // provide a known key (such attacks are already prevented by CSRF, but | ||||
| // this is a second barrier to overcome). | // this is a second barrier to overcome). | ||||
| // (We store and verify the hash of the key, not the key itself, to limit | // (We store and verify the hash of the key, not the key itself, to limit | ||||
| // how useful the data in the table is to an attacker.) | // how useful the data in the table is to an attacker.) | ||||
| $temporary_token = id(new PhabricatorAuthTemporaryTokenQuery()) | $temporary_token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
| ->setViewer($user) | ->setViewer($user) | ||||
| ->withObjectPHIDs(array($user->getPHID())) | ->withTokenResources(array($user->getPHID())) | ||||
| ->withTokenTypes(array(self::TEMPORARY_TOKEN_TYPE)) | ->withTokenTypes(array(self::TEMPORARY_TOKEN_TYPE)) | ||||
| ->withExpired(false) | ->withExpired(false) | ||||
| ->withTokenCodes(array(PhabricatorHash::digest($key))) | ->withTokenCodes(array(PhabricatorHash::digest($key))) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if (!$temporary_token) { | if (!$temporary_token) { | ||||
| // If we don't have a matching token, regenerate the key below. | // If we don't have a matching token, regenerate the key below. | ||||
| $key = null; | $key = null; | ||||
| } | } | ||||
| } | } | ||||
| if (!strlen($key)) { | if (!strlen($key)) { | ||||
| $key = self::generateNewTOTPKey(); | $key = self::generateNewTOTPKey(); | ||||
| // Mark this key as one we generated, so the user is allowed to submit | // Mark this key as one we generated, so the user is allowed to submit | ||||
| // a response for it. | // a response for it. | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| id(new PhabricatorAuthTemporaryToken()) | id(new PhabricatorAuthTemporaryToken()) | ||||
| ->setObjectPHID($user->getPHID()) | ->setTokenResource($user->getPHID()) | ||||
| ->setTokenType(self::TEMPORARY_TOKEN_TYPE) | ->setTokenType(self::TEMPORARY_TOKEN_TYPE) | ||||
| ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | ||||
| ->setTokenCode(PhabricatorHash::digest($key)) | ->setTokenCode(PhabricatorHash::digest($key)) | ||||
| ->save(); | ->save(); | ||||
| unset($unguarded); | unset($unguarded); | ||||
| } | } | ||||
| $code = $request->getStr('totpcode'); | $code = $request->getStr('totpcode'); | ||||
| ▲ Show 20 Lines • Show All 239 Lines • Show Last 20 Lines | |||||