Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
Show First 20 Lines • Show All 148 Lines • ▼ Show 20 Lines | $form->appendChild( | ||||
->setError($e_code)); | ->setError($e_code)); | ||||
} | } | ||||
public function renderValidateFactorForm( | public function renderValidateFactorForm( | ||||
PhabricatorAuthFactorConfig $config, | PhabricatorAuthFactorConfig $config, | ||||
AphrontFormView $form, | AphrontFormView $form, | ||||
PhabricatorUser $viewer, | PhabricatorUser $viewer, | ||||
$validation_result) { | PhabricatorAuthFactorResult $validation_result = null) { | ||||
if (!$validation_result) { | if ($validation_result) { | ||||
$validation_result = array(); | $value = $validation_result->getValue(); | ||||
$hint = $validation_result->getHint(); | |||||
} else { | |||||
$value = null; | |||||
$hint = true; | |||||
} | } | ||||
$form->appendChild( | $form->appendChild( | ||||
id(new PHUIFormNumberControl()) | id(new PHUIFormNumberControl()) | ||||
->setName($this->getParameterName($config, 'totpcode')) | ->setName($this->getParameterName($config, 'totpcode')) | ||||
->setLabel(pht('App Code')) | ->setLabel(pht('App Code')) | ||||
->setDisableAutocomplete(true) | ->setDisableAutocomplete(true) | ||||
->setCaption(pht('Factor Name: %s', $config->getFactorName())) | ->setCaption(pht('Factor Name: %s', $config->getFactorName())) | ||||
->setValue(idx($validation_result, 'value')) | ->setValue($value) | ||||
->setError(idx($validation_result, 'error', true))); | ->setError($hint)); | ||||
amckinley: I'm assuming this was intentional, and that `PhabricatorAuthFactorResult.hint` is really more… | |||||
Done Inline Actions"Hint" may not be the best name, but I'm trying to distinguish between "hint next to the input about what's wrong with the thing you input" and "big error message in a banner". Not 100% sure where things are headed yet so this might change. If I don't need both, I'll likely change this to setError(...). epriestley: "Hint" may not be the best name, but I'm trying to distinguish between "hint next to the input… | |||||
} | } | ||||
public function processValidateFactorForm( | public function processValidateFactorForm( | ||||
PhabricatorAuthFactorConfig $config, | PhabricatorAuthFactorConfig $config, | ||||
PhabricatorUser $viewer, | PhabricatorUser $viewer, | ||||
AphrontRequest $request) { | AphrontRequest $request) { | ||||
$code = $request->getStr($this->getParameterName($config, 'totpcode')); | $code = $request->getStr($this->getParameterName($config, 'totpcode')); | ||||
$key = new PhutilOpaqueEnvelope($config->getFactorSecret()); | $key = new PhutilOpaqueEnvelope($config->getFactorSecret()); | ||||
$result = id(new PhabricatorAuthFactorResult()) | |||||
->setValue($code); | |||||
if (self::verifyTOTPCode($viewer, $key, $code)) { | if (self::verifyTOTPCode($viewer, $key, $code)) { | ||||
return array( | $result->setIsValid(true); | ||||
'error' => null, | |||||
'value' => $code, | |||||
'valid' => true, | |||||
); | |||||
} else { | } else { | ||||
return array( | if (strlen($code)) { | ||||
'error' => strlen($code) ? pht('Invalid') : pht('Required'), | $hint = pht('Invalid'); | ||||
'value' => $code, | } else { | ||||
'valid' => false, | $hint = pht('Required'); | ||||
); | |||||
} | } | ||||
$result->setHint($hint); | |||||
} | } | ||||
return $result; | |||||
} | |||||
public static function generateNewTOTPKey() { | public static function generateNewTOTPKey() { | ||||
return strtoupper(Filesystem::readRandomCharacters(32)); | return strtoupper(Filesystem::readRandomCharacters(32)); | ||||
} | } | ||||
public static function verifyTOTPCode( | public static function verifyTOTPCode( | ||||
PhabricatorUser $user, | PhabricatorUser $user, | ||||
PhutilOpaqueEnvelope $key, | PhutilOpaqueEnvelope $key, | ||||
▲ Show 20 Lines • Show All 113 Lines • Show Last 20 Lines |
I'm assuming this was intentional, and that PhabricatorAuthFactorResult.hint is really more of an error-hint.