Differential D18903 Diff 45363 src/applications/auth/controller/PhabricatorAuthSetPasswordController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthSetPasswordController.php
| Show All 34 Lines | $auth_token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
| ->withTokenTypes(array($password_type)) | ->withTokenTypes(array($password_type)) | ||||
| ->withTokenCodes(array(PhabricatorHash::weakDigest($key))) | ->withTokenCodes(array(PhabricatorHash::weakDigest($key))) | ||||
| ->withExpired(false) | ->withExpired(false) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if (!$auth_token) { | if (!$auth_token) { | ||||
| return new Aphront404Response(); | return new Aphront404Response(); | ||||
| } | } | ||||
| $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $content_source = PhabricatorContentSource::newFromRequest($request); | ||||
| $min_len = (int)$min_len; | $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | ||||
| $password_objects = id(new PhabricatorAuthPasswordQuery()) | |||||
| ->setViewer($viewer) | |||||
| ->withObjectPHIDs(array($viewer->getPHID())) | |||||
| ->withPasswordTypes(array($account_type)) | |||||
| ->withIsRevoked(false) | |||||
| ->execute(); | |||||
| if ($password_objects) { | |||||
| $password_object = head($password_objects); | |||||
| $has_password = true; | |||||
| } else { | |||||
| $password_object = PhabricatorAuthPassword::initializeNewPassword( | |||||
| $viewer, | |||||
| $account_type); | |||||
| $has_password = false; | |||||
| } | |||||
| $engine = id(new PhabricatorAuthPasswordEngine()) | |||||
| ->setViewer($viewer) | |||||
| ->setContentSource($content_source) | |||||
| ->setPasswordType($account_type) | |||||
| ->setObject($viewer); | |||||
| $e_password = true; | $e_password = true; | ||||
| $e_confirm = true; | $e_confirm = true; | ||||
| $errors = array(); | $errors = array(); | ||||
| if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
| $password = $request->getStr('password'); | $password = $request->getStr('password'); | ||||
| $confirm = $request->getStr('confirm'); | $confirm = $request->getStr('confirm'); | ||||
| $password_envelope = new PhutilOpaqueEnvelope($password); | |||||
| $confirm_envelope = new PhutilOpaqueEnvelope($confirm); | |||||
| try { | |||||
| $engine->checkNewPassword($password_envelope, $confirm_envelope, true); | |||||
| $e_password = null; | $e_password = null; | ||||
| $e_confirm = null; | $e_confirm = null; | ||||
| } catch (PhabricatorAuthPasswordException $ex) { | |||||
| if (!strlen($password)) { | $errors[] = $ex->getMessage(); | ||||
| $errors[] = pht('You must choose a password or skip this step.'); | $e_password = $ex->getPasswordError(); | ||||
| $e_password = pht('Required'); | $e_confirm = $ex->getConfirmError(); | ||||
| } else if (strlen($password) < $min_len) { | |||||
| $errors[] = pht( | |||||
| 'The selected password is too short. Passwords must be a minimum '. | |||||
| 'of %s characters.', | |||||
| new PhutilNumber($min_len)); | |||||
| $e_password = pht('Too Short'); | |||||
| } else if (!strlen($confirm)) { | |||||
| $errors[] = pht('You must confirm the selecetd password.'); | |||||
| $e_confirm = pht('Required'); | |||||
| } else if ($password !== $confirm) { | |||||
| $errors[] = pht('The password and confirmation do not match.'); | |||||
| $e_password = pht('Invalid'); | |||||
| $e_confirm = pht('Invalid'); | |||||
| } else if (PhabricatorCommonPasswords::isCommonPassword($password)) { | |||||
| $e_password = pht('Very Weak'); | |||||
| $errors[] = pht( | |||||
| 'The selected password is very weak: it is one of the most common '. | |||||
| 'passwords in use. Choose a stronger password.'); | |||||
| } | } | ||||
| if (!$errors) { | if (!$errors) { | ||||
| $envelope = new PhutilOpaqueEnvelope($password); | $password_object | ||||
| ->setPassword($password_envelope, $viewer) | |||||
| // This write is unguarded because the CSRF token has already | ->save(); | ||||
| // been checked in the call to $request->isFormPost() and | |||||
| // the CSRF token depends on the password hash, so when it | |||||
| // is changed here the CSRF token check will fail. | |||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | |||||
| id(new PhabricatorUserEditor()) | |||||
| ->setActor($viewer) | |||||
| ->changePassword($viewer, $envelope); | |||||
| unset($unguarded); | |||||
| // Destroy the token. | // Destroy the token. | ||||
| $auth_token->delete(); | $auth_token->delete(); | ||||
| return id(new AphrontRedirectResponse())->setURI('/'); | return id(new AphrontRedirectResponse())->setURI('/'); | ||||
| } | } | ||||
| } | } | ||||
| $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | |||||
| $min_len = (int)$min_len; | |||||
| $len_caption = null; | $len_caption = null; | ||||
| if ($min_len) { | if ($min_len) { | ||||
| $len_caption = pht('Minimum password length: %d characters.', $min_len); | $len_caption = pht('Minimum password length: %d characters.', $min_len); | ||||
| } | } | ||||
| if ($viewer->hasPassword()) { | if ($has_password) { | ||||
| $title = pht('Reset Password'); | $title = pht('Reset Password'); | ||||
| $crumb = pht('Reset Password'); | $crumb = pht('Reset Password'); | ||||
| $submit = pht('Reset Password'); | $submit = pht('Reset Password'); | ||||
| } else { | } else { | ||||
| $title = pht('Set Password'); | $title = pht('Set Password'); | ||||
| $crumb = pht('Set Password'); | $crumb = pht('Set Password'); | ||||
| $submit = pht('Set Account Password'); | $submit = pht('Set Account Password'); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines | |||||