Differential D19900 Diff 47588 src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
Show All 39 Lines | public function handleRequestThrowable( | ||||
$is_wait = false; | $is_wait = false; | ||||
foreach ($results as $result) { | foreach ($results as $result) { | ||||
if ($result->getIsWait()) { | if ($result->getIsWait()) { | ||||
$is_wait = true; | $is_wait = true; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
$is_upgrade = $throwable->getIsSessionUpgrade(); | |||||
if ($is_upgrade) { | |||||
$title = pht('Enter High Security'); | |||||
} else { | |||||
$title = pht('Provide MFA Credentials'); | |||||
} | |||||
if ($is_wait) { | if ($is_wait) { | ||||
$submit = pht('Wait Patiently'); | $submit = pht('Wait Patiently'); | ||||
} else { | } else if ($is_upgrade) { | ||||
$submit = pht('Enter High Security'); | $submit = pht('Enter High Security'); | ||||
} else { | |||||
$submit = pht('Continue'); | |||||
} | } | ||||
$dialog = id(new AphrontDialogView()) | $dialog = id(new AphrontDialogView()) | ||||
->setUser($viewer) | ->setUser($viewer) | ||||
->setTitle(pht('Entering High Security')) | ->setTitle($title) | ||||
->setShortTitle(pht('Security Checkpoint')) | ->setShortTitle(pht('Security Checkpoint')) | ||||
->setWidth(AphrontDialogView::WIDTH_FORM) | ->setWidth(AphrontDialogView::WIDTH_FORM) | ||||
->addHiddenInput(AphrontRequest::TYPE_HISEC, true) | ->addHiddenInput(AphrontRequest::TYPE_HISEC, true) | ||||
->setSubmitURI($request->getPath()) | |||||
->addCancelButton($throwable->getCancelURI()) | |||||
->addSubmitButton($submit); | |||||
$form_layout = $form->buildLayoutView(); | |||||
if ($is_upgrade) { | |||||
$dialog | |||||
->setErrors( | ->setErrors( | ||||
array( | array( | ||||
pht( | pht( | ||||
'You are taking an action which requires you to enter '. | 'You are taking an action which requires you to enter '. | ||||
'high security.'), | 'high security.'), | ||||
)) | )) | ||||
->appendParagraph( | ->appendParagraph( | ||||
pht( | pht( | ||||
'High security mode helps protect your account from security '. | 'High security mode helps protect your account from security '. | ||||
'threats, like session theft or someone messing with your stuff '. | 'threats, like session theft or someone messing with your stuff '. | ||||
'while you\'re grabbing a coffee. To enter high security mode, '. | 'while you\'re grabbing a coffee. To enter high security mode, '. | ||||
'confirm your credentials.')) | 'confirm your credentials.')) | ||||
->appendChild($form->buildLayoutView()) | ->appendChild($form_layout) | ||||
->appendParagraph( | ->appendParagraph( | ||||
pht( | pht( | ||||
'Your account will remain in high security mode for a short '. | 'Your account will remain in high security mode for a short '. | ||||
'period of time. When you are finished taking sensitive '. | 'period of time. When you are finished taking sensitive '. | ||||
'actions, you should leave high security.')) | 'actions, you should leave high security.')); | ||||
->setSubmitURI($request->getPath()) | } else { | ||||
->addCancelButton($throwable->getCancelURI()) | $dialog | ||||
->addSubmitButton($submit); | ->setErrors( | ||||
array( | |||||
pht( | |||||
'You are taking an action which requires you to provide '. | |||||
'multi-factor credentials.'), | |||||
amckinley: This is minor, but the code/dialogues/comments seem to mix and match "MFA", "high security… | |||||
)) | |||||
->appendChild($form_layout); | |||||
} | |||||
$request_parameters = $request->getPassthroughRequestParameters( | $request_parameters = $request->getPassthroughRequestParameters( | ||||
$respect_quicksand = true); | $respect_quicksand = true); | ||||
foreach ($request_parameters as $key => $value) { | foreach ($request_parameters as $key => $value) { | ||||
$dialog->addHiddenInput($key, $value); | $dialog->addHiddenInput($key, $value); | ||||
} | } | ||||
return $dialog; | return $dialog; | ||||
} | } | ||||
} | } |
This is minor, but the code/dialogues/comments seem to mix and match "MFA", "high security mode", "two-factor authentication", "2FA", etc pretty much at random. Just commenting now because I think this is the first usage of "multi-factor credentials" so far.
https://xkcd.com/927/