Page MenuHomePhabricator
Differential D19900 Diff 47588 src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php

Changeset View

Standalone View

View Options

src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php

Show All 39 Lines public function handleRequestThrowable(
$is_wait = false; $is_wait = false;
foreach ($results as $result) { foreach ($results as $result) {
if ($result->getIsWait()) { if ($result->getIsWait()) {
$is_wait = true; $is_wait = true;
break; break;
} }
} }
$is_upgrade = $throwable->getIsSessionUpgrade();
if ($is_upgrade) {
$title = pht('Enter High Security');
} else {
$title = pht('Provide MFA Credentials');
}
if ($is_wait) { if ($is_wait) {
$submit = pht('Wait Patiently'); $submit = pht('Wait Patiently');
} else { } else if ($is_upgrade) {
$submit = pht('Enter High Security'); $submit = pht('Enter High Security');
} else {
$submit = pht('Continue');
} }
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($viewer) ->setUser($viewer)
->setTitle(pht('Entering High Security')) ->setTitle($title)
->setShortTitle(pht('Security Checkpoint')) ->setShortTitle(pht('Security Checkpoint'))
->setWidth(AphrontDialogView::WIDTH_FORM) ->setWidth(AphrontDialogView::WIDTH_FORM)
->addHiddenInput(AphrontRequest::TYPE_HISEC, true) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
->setSubmitURI($request->getPath())
->addCancelButton($throwable->getCancelURI())
->addSubmitButton($submit);
$form_layout = $form->buildLayoutView();
if ($is_upgrade) {
$dialog
->setErrors( ->setErrors(
array( array(
pht( pht(
'You are taking an action which requires you to enter '. 'You are taking an action which requires you to enter '.
'high security.'), 'high security.'),
)) ))
->appendParagraph( ->appendParagraph(
pht( pht(
'High security mode helps protect your account from security '. 'High security mode helps protect your account from security '.
'threats, like session theft or someone messing with your stuff '. 'threats, like session theft or someone messing with your stuff '.
'while you\'re grabbing a coffee. To enter high security mode, '. 'while you\'re grabbing a coffee. To enter high security mode, '.
'confirm your credentials.')) 'confirm your credentials.'))
->appendChild($form->buildLayoutView()) ->appendChild($form_layout)
->appendParagraph( ->appendParagraph(
pht( pht(
'Your account will remain in high security mode for a short '. 'Your account will remain in high security mode for a short '.
'period of time. When you are finished taking sensitive '. 'period of time. When you are finished taking sensitive '.
'actions, you should leave high security.')) 'actions, you should leave high security.'));
->setSubmitURI($request->getPath()) } else {
->addCancelButton($throwable->getCancelURI()) $dialog
->addSubmitButton($submit); ->setErrors(
array(
pht(
'You are taking an action which requires you to provide '.
'multi-factor credentials.'),
amckinleyUnsubmitted
Not Done
Inline Actions

This is minor, but the code/dialogues/comments seem to mix and match "MFA", "high security mode", "two-factor authentication", "2FA", etc pretty much at random. Just commenting now because I think this is the first usage of "multi-factor credentials" so far.

https://xkcd.com/927/

amckinley: This is minor, but the code/dialogues/comments seem to mix and match "MFA", "high security…
))
->appendChild($form_layout);
}
$request_parameters = $request->getPassthroughRequestParameters( $request_parameters = $request->getPassthroughRequestParameters(
$respect_quicksand = true); $respect_quicksand = true);
foreach ($request_parameters as $key => $value) { foreach ($request_parameters as $key => $value) {
$dialog->addHiddenInput($key, $value); $dialog->addHiddenInput($key, $value);
} }
return $dialog; return $dialog;
} }
} }
Phabricator · Built by Phacility