Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
| Show First 20 Lines • Show All 490 Lines • ▼ Show 20 Lines | if ($request->isHTTPPost()) { | ||||
| new PhabricatorAuthTryFactorAction(), | new PhabricatorAuthTryFactorAction(), | ||||
| 1); | 1); | ||||
| $ok = true; | $ok = true; | ||||
| foreach ($factors as $factor) { | foreach ($factors as $factor) { | ||||
| $id = $factor->getID(); | $id = $factor->getID(); | ||||
| $impl = $factor->requireImplementation(); | $impl = $factor->requireImplementation(); | ||||
| $validation_results[$id] = $impl->processValidateFactorForm( | $validation_result = $impl->processValidateFactorForm( | ||||
| $factor, | $factor, | ||||
| $viewer, | $viewer, | ||||
| $request); | $request); | ||||
| if (!$impl->isFactorValid($factor, $validation_results[$id])) { | if (!($validation_result instanceof PhabricatorAuthFactorResult)) { | ||||
| throw new Exception( | |||||
| pht( | |||||
| 'Expected "processValidateFactorForm()" to return an object '. | |||||
| 'of class "%s"; got something else (from "%s").', | |||||
| 'PhabricatorAuthFactorResult', | |||||
| get_class($impl))); | |||||
| } | |||||
| if (!$validation_result->getIsValid()) { | |||||
| $ok = false; | $ok = false; | ||||
amckinley: Does this type checking live here because someone might have added their own implementation of… | |||||
Done Inline ActionsYeah, this is just a guard rail in case someone has another MFA implementation somewhere that's expecting it can return a string or a picture of a dog or something. epriestley: Yeah, this is just a guard rail in case someone has another MFA implementation somewhere that's… | |||||
| } | } | ||||
| $validation_results[$id] = $validation_result; | |||||
| } | } | ||||
| if ($ok) { | if ($ok) { | ||||
| // Give the user a credit back for a successful factor verification. | // Give the user a credit back for a successful factor verification. | ||||
| PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
| array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
| new PhabricatorAuthTryFactorAction(), | new PhabricatorAuthTryFactorAction(), | ||||
| -1); | -1); | ||||
| ▲ Show 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | /* -( High Security )------------------------------------------------------ */ | ||||
| * @return AphrontFormView Renderable form. | * @return AphrontFormView Renderable form. | ||||
| * @task hisec | * @task hisec | ||||
| */ | */ | ||||
| public function renderHighSecurityForm( | public function renderHighSecurityForm( | ||||
| array $factors, | array $factors, | ||||
| array $validation_results, | array $validation_results, | ||||
| PhabricatorUser $viewer, | PhabricatorUser $viewer, | ||||
| AphrontRequest $request) { | AphrontRequest $request) { | ||||
| assert_instances_of($validation_results, 'PhabricatorAuthFactorResult'); | |||||
| $form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
| ->setUser($viewer) | ->setUser($viewer) | ||||
| ->appendRemarkupInstructions(''); | ->appendRemarkupInstructions(''); | ||||
| foreach ($factors as $factor) { | foreach ($factors as $factor) { | ||||
| $result = idx($validation_results, $factor->getID()); | |||||
| $factor->requireImplementation()->renderValidateFactorForm( | $factor->requireImplementation()->renderValidateFactorForm( | ||||
| $factor, | $factor, | ||||
| $form, | $form, | ||||
| $viewer, | $viewer, | ||||
| idx($validation_results, $factor->getID())); | $result); | ||||
| } | } | ||||
| $form->appendRemarkupInstructions(''); | $form->appendRemarkupInstructions(''); | ||||
| return $form; | return $form; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 324 Lines • Show Last 20 Lines | |||||
Does this type checking live here because someone might have added their own implementation of PhabricatorAuthFactor?