Differential D19903 Diff 47591 src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Show First 20 Lines • Show All 146 Lines • ▼ Show 20 Lines | if ($request->isFormPost()) { | ||||
'key' => $key, | 'key' => $key, | ||||
)); | )); | ||||
$request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | $request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | ||||
} | } | ||||
PhabricatorCookies::setNextURICookie($request, $next, $force = true); | PhabricatorCookies::setNextURICookie($request, $next, $force = true); | ||||
return $this->loginUser($target_user); | $force_full_session = false; | ||||
if ($link_type === PhabricatorAuthSessionEngine::ONETIME_RECOVER) { | |||||
$force_full_session = $token->getShouldForceFullSession(); | |||||
} | |||||
return $this->loginUser($target_user, $force_full_session); | |||||
} | } | ||||
// NOTE: We need to CSRF here so attackers can't generate an email link, | // NOTE: We need to CSRF here so attackers can't generate an email link, | ||||
// then log a user in to an account they control via sneaky invisible | // then log a user in to an account they control via sneaky invisible | ||||
// form submissions. | // form submissions. | ||||
switch ($link_type) { | switch ($link_type) { | ||||
case PhabricatorAuthSessionEngine::ONETIME_WELCOME: | case PhabricatorAuthSessionEngine::ONETIME_WELCOME: | ||||
▲ Show 20 Lines • Show All 41 Lines • Show Last 20 Lines |