Differential D19903 Diff 47591 src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
| Show First 20 Lines • Show All 146 Lines • ▼ Show 20 Lines | if ($request->isFormPost()) { | ||||
| 'key' => $key, | 'key' => $key, | ||||
| )); | )); | ||||
| $request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | $request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | ||||
| } | } | ||||
| PhabricatorCookies::setNextURICookie($request, $next, $force = true); | PhabricatorCookies::setNextURICookie($request, $next, $force = true); | ||||
| return $this->loginUser($target_user); | $force_full_session = false; | ||||
| if ($link_type === PhabricatorAuthSessionEngine::ONETIME_RECOVER) { | |||||
| $force_full_session = $token->getShouldForceFullSession(); | |||||
| } | |||||
| return $this->loginUser($target_user, $force_full_session); | |||||
| } | } | ||||
| // NOTE: We need to CSRF here so attackers can't generate an email link, | // NOTE: We need to CSRF here so attackers can't generate an email link, | ||||
| // then log a user in to an account they control via sneaky invisible | // then log a user in to an account they control via sneaky invisible | ||||
| // form submissions. | // form submissions. | ||||
| switch ($link_type) { | switch ($link_type) { | ||||
| case PhabricatorAuthSessionEngine::ONETIME_WELCOME: | case PhabricatorAuthSessionEngine::ONETIME_WELCOME: | ||||
| ▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines | |||||