Differential D19899 Diff 47587 src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
Show First 20 Lines • Show All 947 Lines • ▼ Show 20 Lines | final public function applyTransactions( | ||||
PhabricatorLiskDAO $object, | PhabricatorLiskDAO $object, | ||||
array $xactions) { | array $xactions) { | ||||
$this->object = $object; | $this->object = $object; | ||||
$this->xactions = $xactions; | $this->xactions = $xactions; | ||||
$this->isNewObject = ($object->getPHID() === null); | $this->isNewObject = ($object->getPHID() === null); | ||||
$this->validateEditParameters($object, $xactions); | $this->validateEditParameters($object, $xactions); | ||||
$xactions = $this->newMFATransactions($object, $xactions); | |||||
$actor = $this->requireActor(); | $actor = $this->requireActor(); | ||||
// NOTE: Some transaction expansion requires that the edited object be | // NOTE: Some transaction expansion requires that the edited object be | ||||
// attached. | // attached. | ||||
foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
$xaction->attachObject($object); | $xaction->attachObject($object); | ||||
$xaction->attachViewer($actor); | $xaction->attachViewer($actor); | ||||
▲ Show 20 Lines • Show All 3,856 Lines • ▼ Show 20 Lines | if ($object_phid) { | ||||
'editor(%s).new()', | 'editor(%s).new()', | ||||
$editor_class); | $editor_class); | ||||
} | } | ||||
$actor = $this->getActor(); | $actor = $this->getActor(); | ||||
$request = $this->getRequest(); | $request = $this->getRequest(); | ||||
if ($request === null) { | if ($request === null) { | ||||
$source_type = $this->getContentSource()->getSourceTypeConstant(); | |||||
$conduit_type = PhabricatorConduitContentSource::SOURCECONST; | |||||
$is_conduit = ($source_type === $conduit_type); | |||||
if ($is_conduit) { | |||||
throw new Exception( | |||||
pht( | |||||
'This transaction group requires MFA to apply, but you can not '. | |||||
'provide an MFA response via Conduit. Edit this object via the '. | |||||
'web UI.')); | |||||
} else { | |||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'This transaction group requires MFA to apply, but the Editor was '. | 'This transaction group requires MFA to apply, but the Editor was '. | ||||
'not configured with a Request. This workflow can not perform an '. | 'not configured with a Request. This workflow can not perform an '. | ||||
'MFA check.')); | 'MFA check.')); | ||||
} | } | ||||
} | |||||
$cancel_uri = $this->getCancelURI(); | $cancel_uri = $this->getCancelURI(); | ||||
if ($cancel_uri === null) { | if ($cancel_uri === null) { | ||||
throw new Exception( | throw new Exception( | ||||
pht( | pht( | ||||
'This transaction group requires MFA to apply, but the Editor was '. | 'This transaction group requires MFA to apply, but the Editor was '. | ||||
'not configured with a Cancel URI. This workflow can not perform '. | 'not configured with a Cancel URI. This workflow can not perform '. | ||||
'an MFA check.')); | 'an MFA check.')); | ||||
} | } | ||||
id(new PhabricatorAuthSessionEngine()) | id(new PhabricatorAuthSessionEngine()) | ||||
->setWorkflowKey($workflow_key) | ->setWorkflowKey($workflow_key) | ||||
->requireHighSecurityToken($actor, $request, $cancel_uri); | ->requireHighSecurityToken($actor, $request, $cancel_uri); | ||||
foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
$xaction->setIsMFATransaction(true); | $xaction->setIsMFATransaction(true); | ||||
} | } | ||||
} | } | ||||
private function newMFATransactions( | |||||
PhabricatorLiskDAO $object, | |||||
array $xactions) { | |||||
$is_mfa = ($object instanceof PhabricatorEditEngineMFAInterface); | |||||
if (!$is_mfa) { | |||||
return $xactions; | |||||
} | |||||
$engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) | |||||
->setViewer($this->getActor()); | |||||
$require_mfa = $engine->shouldRequireMFA(); | |||||
if (!$require_mfa) { | |||||
return $xactions; | |||||
} | |||||
$type_mfa = PhabricatorTransactions::TYPE_MFA; | |||||
$has_mfa = false; | |||||
foreach ($xactions as $xaction) { | |||||
if ($xaction->getTransactionType() === $type_mfa) { | |||||
$has_mfa = true; | |||||
break; | |||||
} | |||||
} | |||||
if ($has_mfa) { | |||||
return $xactions; | |||||
} | |||||
$template = $object->getApplicationTransactionTemplate(); | |||||
$mfa_xaction = id(clone $template) | |||||
->setTransactionType($type_mfa) | |||||
->setNewValue(true); | |||||
array_unshift($xactions, $mfa_xaction); | |||||
return $xactions; | |||||
} | |||||
} | } |