Differential D18903 Diff 45363 src/applications/auth/controller/PhabricatorAuthSetPasswordController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthSetPasswordController.php
Show All 34 Lines | $auth_token = id(new PhabricatorAuthTemporaryTokenQuery()) | ||||
->withTokenTypes(array($password_type)) | ->withTokenTypes(array($password_type)) | ||||
->withTokenCodes(array(PhabricatorHash::weakDigest($key))) | ->withTokenCodes(array(PhabricatorHash::weakDigest($key))) | ||||
->withExpired(false) | ->withExpired(false) | ||||
->executeOne(); | ->executeOne(); | ||||
if (!$auth_token) { | if (!$auth_token) { | ||||
return new Aphront404Response(); | return new Aphront404Response(); | ||||
} | } | ||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $content_source = PhabricatorContentSource::newFromRequest($request); | ||||
$min_len = (int)$min_len; | $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | ||||
$password_objects = id(new PhabricatorAuthPasswordQuery()) | |||||
->setViewer($viewer) | |||||
->withObjectPHIDs(array($viewer->getPHID())) | |||||
->withPasswordTypes(array($account_type)) | |||||
->withIsRevoked(false) | |||||
->execute(); | |||||
if ($password_objects) { | |||||
$password_object = head($password_objects); | |||||
$has_password = true; | |||||
} else { | |||||
$password_object = PhabricatorAuthPassword::initializeNewPassword( | |||||
$viewer, | |||||
$account_type); | |||||
$has_password = false; | |||||
} | |||||
$engine = id(new PhabricatorAuthPasswordEngine()) | |||||
->setViewer($viewer) | |||||
->setContentSource($content_source) | |||||
->setPasswordType($account_type) | |||||
->setObject($viewer); | |||||
$e_password = true; | $e_password = true; | ||||
$e_confirm = true; | $e_confirm = true; | ||||
$errors = array(); | $errors = array(); | ||||
if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
$password = $request->getStr('password'); | $password = $request->getStr('password'); | ||||
$confirm = $request->getStr('confirm'); | $confirm = $request->getStr('confirm'); | ||||
$password_envelope = new PhutilOpaqueEnvelope($password); | |||||
$confirm_envelope = new PhutilOpaqueEnvelope($confirm); | |||||
try { | |||||
$engine->checkNewPassword($password_envelope, $confirm_envelope, true); | |||||
$e_password = null; | $e_password = null; | ||||
$e_confirm = null; | $e_confirm = null; | ||||
} catch (PhabricatorAuthPasswordException $ex) { | |||||
if (!strlen($password)) { | $errors[] = $ex->getMessage(); | ||||
$errors[] = pht('You must choose a password or skip this step.'); | $e_password = $ex->getPasswordError(); | ||||
$e_password = pht('Required'); | $e_confirm = $ex->getConfirmError(); | ||||
} else if (strlen($password) < $min_len) { | |||||
$errors[] = pht( | |||||
'The selected password is too short. Passwords must be a minimum '. | |||||
'of %s characters.', | |||||
new PhutilNumber($min_len)); | |||||
$e_password = pht('Too Short'); | |||||
} else if (!strlen($confirm)) { | |||||
$errors[] = pht('You must confirm the selecetd password.'); | |||||
$e_confirm = pht('Required'); | |||||
} else if ($password !== $confirm) { | |||||
$errors[] = pht('The password and confirmation do not match.'); | |||||
$e_password = pht('Invalid'); | |||||
$e_confirm = pht('Invalid'); | |||||
} else if (PhabricatorCommonPasswords::isCommonPassword($password)) { | |||||
$e_password = pht('Very Weak'); | |||||
$errors[] = pht( | |||||
'The selected password is very weak: it is one of the most common '. | |||||
'passwords in use. Choose a stronger password.'); | |||||
} | } | ||||
if (!$errors) { | if (!$errors) { | ||||
$envelope = new PhutilOpaqueEnvelope($password); | $password_object | ||||
->setPassword($password_envelope, $viewer) | |||||
// This write is unguarded because the CSRF token has already | ->save(); | ||||
// been checked in the call to $request->isFormPost() and | |||||
// the CSRF token depends on the password hash, so when it | |||||
// is changed here the CSRF token check will fail. | |||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | |||||
id(new PhabricatorUserEditor()) | |||||
->setActor($viewer) | |||||
->changePassword($viewer, $envelope); | |||||
unset($unguarded); | |||||
// Destroy the token. | // Destroy the token. | ||||
$auth_token->delete(); | $auth_token->delete(); | ||||
return id(new AphrontRedirectResponse())->setURI('/'); | return id(new AphrontRedirectResponse())->setURI('/'); | ||||
} | } | ||||
} | } | ||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | |||||
$min_len = (int)$min_len; | |||||
$len_caption = null; | $len_caption = null; | ||||
if ($min_len) { | if ($min_len) { | ||||
$len_caption = pht('Minimum password length: %d characters.', $min_len); | $len_caption = pht('Minimum password length: %d characters.', $min_len); | ||||
} | } | ||||
if ($viewer->hasPassword()) { | if ($has_password) { | ||||
$title = pht('Reset Password'); | $title = pht('Reset Password'); | ||||
$crumb = pht('Reset Password'); | $crumb = pht('Reset Password'); | ||||
$submit = pht('Reset Password'); | $submit = pht('Reset Password'); | ||||
} else { | } else { | ||||
$title = pht('Set Password'); | $title = pht('Set Password'); | ||||
$crumb = pht('Set Password'); | $crumb = pht('Set Password'); | ||||
$submit = pht('Set Account Password'); | $submit = pht('Set Account Password'); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines |