Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
Show All 40 Lines | final class PhabricatorAuthSessionEngine extends Phobject { | ||||
const ONETIME_RECOVER = 'recover'; | const ONETIME_RECOVER = 'recover'; | ||||
const ONETIME_RESET = 'reset'; | const ONETIME_RESET = 'reset'; | ||||
const ONETIME_WELCOME = 'welcome'; | const ONETIME_WELCOME = 'welcome'; | ||||
const ONETIME_USERNAME = 'rename'; | const ONETIME_USERNAME = 'rename'; | ||||
private $workflowKey; | |||||
public function setWorkflowKey($workflow_key) { | |||||
$this->workflowKey = $workflow_key; | |||||
return $this; | |||||
} | |||||
public function getWorkflowKey() { | |||||
// TODO: A workflow key should become required in order to issue an MFA | |||||
Lint: TODO Comment: This comment has a TODO. | |||||
// challenge, but allow things to keep working for now until we can update | |||||
// callsites. | |||||
if ($this->workflowKey === null) { | |||||
return 'legacy'; | |||||
} | |||||
return $this->workflowKey; | |||||
} | |||||
/** | /** | ||||
* Get the session kind (e.g., anonymous, user, external account) from a | * Get the session kind (e.g., anonymous, user, external account) from a | ||||
* session token. Returns a `KIND_` constant. | * session token. Returns a `KIND_` constant. | ||||
* | * | ||||
* @param string Session token. | * @param string Session token. | ||||
* @return const Session kind constant. | * @return const Session kind constant. | ||||
*/ | */ | ||||
public static function getSessionKindFromToken($session_token) { | public static function getSessionKindFromToken($session_token) { | ||||
▲ Show 20 Lines • Show All 411 Lines • ▼ Show 20 Lines | private function newHighSecurityToken( | ||||
// without putting the session into high security mode. This is generally | // without putting the session into high security mode. This is generally | ||||
// easier for users. A minor but desirable side effect is that when a user | // easier for users. A minor but desirable side effect is that when a user | ||||
// adds an auth factor, existing sessions won't get a free pass into hisec, | // adds an auth factor, existing sessions won't get a free pass into hisec, | ||||
// since they never actually got marked as hisec. | // since they never actually got marked as hisec. | ||||
if (!$factors) { | if (!$factors) { | ||||
return $this->issueHighSecurityToken($session, true); | return $this->issueHighSecurityToken($session, true); | ||||
} | } | ||||
foreach ($factors as $factor) { | |||||
$factor->setSessionEngine($this); | |||||
} | |||||
// Check for a rate limit without awarding points, so the user doesn't | // Check for a rate limit without awarding points, so the user doesn't | ||||
// get partway through the workflow only to get blocked. | // get partway through the workflow only to get blocked. | ||||
PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
new PhabricatorAuthTryFactorAction(), | new PhabricatorAuthTryFactorAction(), | ||||
0); | 0); | ||||
$now = PhabricatorTime::getNow(); | $now = PhabricatorTime::getNow(); | ||||
▲ Show 20 Lines • Show All 533 Lines • Show Last 20 Lines |
This comment has a TODO.