Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
Show First 20 Lines • Show All 561 Lines • ▼ Show 20 Lines | foreach ($factors as $factor) { | ||||
$validation_results[$factor_phid] = $result; | $validation_results[$factor_phid] = $result; | ||||
} | } | ||||
if ($request->isHTTPPost()) { | if ($request->isHTTPPost()) { | ||||
$request->validateCSRF(); | $request->validateCSRF(); | ||||
if ($request->getExists(AphrontRequest::TYPE_HISEC)) { | if ($request->getExists(AphrontRequest::TYPE_HISEC)) { | ||||
// Limit factor verification rates to prevent brute force attacks. | // Limit factor verification rates to prevent brute force attacks. | ||||
$any_attempt = false; | |||||
foreach ($factors as $factor) { | |||||
$impl = $factor->requireImplementation(); | |||||
if ($impl->getRequestHasChallengeResponse($factor, $request)) { | |||||
$any_attempt = true; | |||||
break; | |||||
} | |||||
} | |||||
if ($any_attempt) { | |||||
PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
new PhabricatorAuthTryFactorAction(), | new PhabricatorAuthTryFactorAction(), | ||||
1); | 1); | ||||
} | |||||
foreach ($factors as $factor) { | foreach ($factors as $factor) { | ||||
$factor_phid = $factor->getPHID(); | $factor_phid = $factor->getPHID(); | ||||
// If we already have a validation result from previously issued | // If we already have a validation result from previously issued | ||||
// challenges, skip validating this factor. | // challenges, skip validating this factor. | ||||
if (isset($validation_results[$factor_phid])) { | if (isset($validation_results[$factor_phid])) { | ||||
continue; | continue; | ||||
Show All 23 Lines | if ($request->isHTTPPost()) { | ||||
// same response to take two different actions, even if those actions | // same response to take two different actions, even if those actions | ||||
// are of the same type. | // are of the same type. | ||||
foreach ($validation_results as $validation_result) { | foreach ($validation_results as $validation_result) { | ||||
$challenge = $validation_result->getAnsweredChallenge() | $challenge = $validation_result->getAnsweredChallenge() | ||||
->markChallengeAsCompleted(); | ->markChallengeAsCompleted(); | ||||
} | } | ||||
// Give the user a credit back for a successful factor verification. | // Give the user a credit back for a successful factor verification. | ||||
if ($any_attempt) { | |||||
PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
new PhabricatorAuthTryFactorAction(), | new PhabricatorAuthTryFactorAction(), | ||||
-1); | -1); | ||||
} | |||||
if ($session->getIsPartial() && !$jump_into_hisec) { | if ($session->getIsPartial() && !$jump_into_hisec) { | ||||
// If we have a partial session and are not jumping directly into | // If we have a partial session and are not jumping directly into | ||||
// hisec, just issue a token without putting it in high security | // hisec, just issue a token without putting it in high security | ||||
// mode. | // mode. | ||||
return $this->issueHighSecurityToken($session, true); | return $this->issueHighSecurityToken($session, true); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 447 Lines • Show Last 20 Lines |