Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
Show All 19 Lines | public function isEnabled() { | ||||
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { | if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { | ||||
return false; | return false; | ||||
} | } | ||||
return true; | return true; | ||||
} | } | ||||
public function processRequest(AphrontRequest $request) { | public function processRequest(AphrontRequest $request) { | ||||
$user = $request->getUser(); | $viewer = $request->getUser(); | ||||
$user = $this->getUser(); | |||||
$content_source = PhabricatorContentSource::newFromRequest($request); | $content_source = PhabricatorContentSource::newFromRequest($request); | ||||
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | ||||
$user, | $viewer, | ||||
$request, | $request, | ||||
'/settings/'); | '/settings/'); | ||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | ||||
$min_len = (int)$min_len; | $min_len = (int)$min_len; | ||||
// NOTE: Users can also change passwords through the separate "set/reset" | // NOTE: Users can also change passwords through the separate "set/reset" | ||||
// interface which is reached by logging in with a one-time token after | // interface which is reached by logging in with a one-time token after | ||||
// registration or password reset. If this flow changes, that flow may | // registration or password reset. If this flow changes, that flow may | ||||
// also need to change. | // also need to change. | ||||
$account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | ||||
$password_objects = id(new PhabricatorAuthPasswordQuery()) | $password_objects = id(new PhabricatorAuthPasswordQuery()) | ||||
->setViewer($user) | ->setViewer($viewer) | ||||
->withObjectPHIDs(array($user->getPHID())) | ->withObjectPHIDs(array($user->getPHID())) | ||||
->withPasswordTypes(array($account_type)) | ->withPasswordTypes(array($account_type)) | ||||
->withIsRevoked(false) | ->withIsRevoked(false) | ||||
->execute(); | ->execute(); | ||||
if ($password_objects) { | if ($password_objects) { | ||||
$password_object = head($password_objects); | $password_object = head($password_objects); | ||||
} else { | } else { | ||||
$password_object = PhabricatorAuthPassword::initializeNewPassword( | $password_object = PhabricatorAuthPassword::initializeNewPassword( | ||||
$user, | $user, | ||||
$account_type); | $account_type); | ||||
} | } | ||||
$e_old = true; | $e_old = true; | ||||
$e_new = true; | $e_new = true; | ||||
$e_conf = true; | $e_conf = true; | ||||
$errors = array(); | $errors = array(); | ||||
if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
// Rate limit guesses about the old password. This page requires MFA and | |||||
// session compromise already, so this is mostly just to stop researchers | |||||
// from reporting this as a vulnerability. | |||||
PhabricatorSystemActionEngine::willTakeAction( | |||||
array($viewer->getPHID()), | |||||
new PhabricatorAuthChangePasswordAction(), | |||||
1); | |||||
$envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw')); | $envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw')); | ||||
$engine = id(new PhabricatorAuthPasswordEngine()) | $engine = id(new PhabricatorAuthPasswordEngine()) | ||||
->setViewer($user) | ->setViewer($viewer) | ||||
->setContentSource($content_source) | ->setContentSource($content_source) | ||||
->setPasswordType($account_type) | ->setPasswordType($account_type) | ||||
->setObject($user); | ->setObject($user); | ||||
if (!strlen($envelope->openEnvelope())) { | if (!strlen($envelope->openEnvelope())) { | ||||
$errors[] = pht('You must enter your current password.'); | $errors[] = pht('You must enter your current password.'); | ||||
$e_old = pht('Required'); | $e_old = pht('Required'); | ||||
} else if (!$engine->isValidPassword($envelope)) { | } else if (!$engine->isValidPassword($envelope)) { | ||||
$errors[] = pht('The old password you entered is incorrect.'); | $errors[] = pht('The old password you entered is incorrect.'); | ||||
$e_old = pht('Invalid'); | $e_old = pht('Invalid'); | ||||
} else { | } else { | ||||
$e_old = null; | $e_old = null; | ||||
// Refund the user an action credit for getting the password right. | |||||
PhabricatorSystemActionEngine::willTakeAction( | |||||
array($viewer->getPHID()), | |||||
new PhabricatorAuthChangePasswordAction(), | |||||
-1); | |||||
} | } | ||||
$pass = $request->getStr('new_pw'); | $pass = $request->getStr('new_pw'); | ||||
$conf = $request->getStr('conf_pw'); | $conf = $request->getStr('conf_pw'); | ||||
$password_envelope = new PhutilOpaqueEnvelope($pass); | $password_envelope = new PhutilOpaqueEnvelope($pass); | ||||
$confirm_envelope = new PhutilOpaqueEnvelope($conf); | $confirm_envelope = new PhutilOpaqueEnvelope($conf); | ||||
try { | try { | ||||
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | public function processRequest(AphrontRequest $request) { | ||||
} | } | ||||
$len_caption = null; | $len_caption = null; | ||||
if ($min_len) { | if ($min_len) { | ||||
$len_caption = pht('Minimum password length: %d characters.', $min_len); | $len_caption = pht('Minimum password length: %d characters.', $min_len); | ||||
} | } | ||||
$form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
->setViewer($user) | ->setViewer($viewer) | ||||
->appendChild( | ->appendChild( | ||||
id(new AphrontFormPasswordControl()) | id(new AphrontFormPasswordControl()) | ||||
->setLabel(pht('Old Password')) | ->setLabel(pht('Old Password')) | ||||
->setError($e_old) | ->setError($e_old) | ||||
->setName('old_pw')) | ->setName('old_pw')) | ||||
->appendChild( | ->appendChild( | ||||
id(new AphrontFormPasswordControl()) | id(new AphrontFormPasswordControl()) | ||||
->setDisableAutocomplete(true) | ->setDisableAutocomplete(true) | ||||
▲ Show 20 Lines • Show All 48 Lines • Show Last 20 Lines |