Page MenuHomePhabricator
Differential D18906 Diff 45367 src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php

Changeset View

Standalone View

View Options

src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php

Show All 19 Lines public function isEnabled() {
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
return false; return false;
} }
return true; return true;
} }
public function processRequest(AphrontRequest $request) { public function processRequest(AphrontRequest $request) {
$user = $request->getUser(); $viewer = $request->getUser();
$user = $this->getUser();
$content_source = PhabricatorContentSource::newFromRequest($request); $content_source = PhabricatorContentSource::newFromRequest($request);
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$user, $viewer,
$request, $request,
'/settings/'); '/settings/');
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length');
$min_len = (int)$min_len; $min_len = (int)$min_len;
// NOTE: Users can also change passwords through the separate "set/reset" // NOTE: Users can also change passwords through the separate "set/reset"
// interface which is reached by logging in with a one-time token after // interface which is reached by logging in with a one-time token after
// registration or password reset. If this flow changes, that flow may // registration or password reset. If this flow changes, that flow may
// also need to change. // also need to change.
$account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT;
$password_objects = id(new PhabricatorAuthPasswordQuery()) $password_objects = id(new PhabricatorAuthPasswordQuery())
->setViewer($user) ->setViewer($viewer)
->withObjectPHIDs(array($user->getPHID())) ->withObjectPHIDs(array($user->getPHID()))
->withPasswordTypes(array($account_type)) ->withPasswordTypes(array($account_type))
->withIsRevoked(false) ->withIsRevoked(false)
->execute(); ->execute();
if ($password_objects) { if ($password_objects) {
$password_object = head($password_objects); $password_object = head($password_objects);
} else { } else {
$password_object = PhabricatorAuthPassword::initializeNewPassword( $password_object = PhabricatorAuthPassword::initializeNewPassword(
$user, $user,
$account_type); $account_type);
} }
$e_old = true; $e_old = true;
$e_new = true; $e_new = true;
$e_conf = true; $e_conf = true;
$errors = array(); $errors = array();
if ($request->isFormPost()) { if ($request->isFormPost()) {
// Rate limit guesses about the old password. This page requires MFA and
// session compromise already, so this is mostly just to stop researchers
// from reporting this as a vulnerability.
PhabricatorSystemActionEngine::willTakeAction(
array($viewer->getPHID()),
new PhabricatorAuthChangePasswordAction(),
1);
$envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw')); $envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw'));
$engine = id(new PhabricatorAuthPasswordEngine()) $engine = id(new PhabricatorAuthPasswordEngine())
->setViewer($user) ->setViewer($viewer)
->setContentSource($content_source) ->setContentSource($content_source)
->setPasswordType($account_type) ->setPasswordType($account_type)
->setObject($user); ->setObject($user);
if (!strlen($envelope->openEnvelope())) { if (!strlen($envelope->openEnvelope())) {
$errors[] = pht('You must enter your current password.'); $errors[] = pht('You must enter your current password.');
$e_old = pht('Required'); $e_old = pht('Required');
} else if (!$engine->isValidPassword($envelope)) { } else if (!$engine->isValidPassword($envelope)) {
$errors[] = pht('The old password you entered is incorrect.'); $errors[] = pht('The old password you entered is incorrect.');
$e_old = pht('Invalid'); $e_old = pht('Invalid');
} else { } else {
$e_old = null; $e_old = null;
// Refund the user an action credit for getting the password right.
PhabricatorSystemActionEngine::willTakeAction(
array($viewer->getPHID()),
new PhabricatorAuthChangePasswordAction(),
-1);
} }
$pass = $request->getStr('new_pw'); $pass = $request->getStr('new_pw');
$conf = $request->getStr('conf_pw'); $conf = $request->getStr('conf_pw');
$password_envelope = new PhutilOpaqueEnvelope($pass); $password_envelope = new PhutilOpaqueEnvelope($pass);
$confirm_envelope = new PhutilOpaqueEnvelope($conf); $confirm_envelope = new PhutilOpaqueEnvelope($conf);
try { try {
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines public function processRequest(AphrontRequest $request) {
} }
$len_caption = null; $len_caption = null;
if ($min_len) { if ($min_len) {
$len_caption = pht('Minimum password length: %d characters.', $min_len); $len_caption = pht('Minimum password length: %d characters.', $min_len);
} }
$form = id(new AphrontFormView()) $form = id(new AphrontFormView())
->setViewer($user) ->setViewer($viewer)
->appendChild( ->appendChild(
id(new AphrontFormPasswordControl()) id(new AphrontFormPasswordControl())
->setLabel(pht('Old Password')) ->setLabel(pht('Old Password'))
->setError($e_old) ->setError($e_old)
->setName('old_pw')) ->setName('old_pw'))
->appendChild( ->appendChild(
id(new AphrontFormPasswordControl()) id(new AphrontFormPasswordControl())
->setDisableAutocomplete(true) ->setDisableAutocomplete(true)
▲ Show 20 LinesShow All 48 LinesShow Last 20 Lines
Phabricator · Built by Phacility