Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
Show First 20 Lines • Show All 887 Lines • ▼ Show 20 Lines | /* -( One Time Login URIs )------------------------------------------------ */ | ||||
* These URIs are used for password recovery and to regain access to accounts | * These URIs are used for password recovery and to regain access to accounts | ||||
* which users have been locked out of. | * which users have been locked out of. | ||||
* | * | ||||
* @param PhabricatorUser User to generate a URI for. | * @param PhabricatorUser User to generate a URI for. | ||||
* @param PhabricatorUserEmail Optionally, email to verify when | * @param PhabricatorUserEmail Optionally, email to verify when | ||||
* link is used. | * link is used. | ||||
* @param string Optional context string for the URI. This is purely cosmetic | * @param string Optional context string for the URI. This is purely cosmetic | ||||
* and used only to customize workflow and error messages. | * and used only to customize workflow and error messages. | ||||
* @param bool True to generate a URI which forces an immediate upgrade to | |||||
* a full session, bypassing MFA and other login checks. | |||||
* @return string Login URI. | * @return string Login URI. | ||||
* @task onetime | * @task onetime | ||||
*/ | */ | ||||
public function getOneTimeLoginURI( | public function getOneTimeLoginURI( | ||||
PhabricatorUser $user, | PhabricatorUser $user, | ||||
PhabricatorUserEmail $email = null, | PhabricatorUserEmail $email = null, | ||||
$type = self::ONETIME_RESET) { | $type = self::ONETIME_RESET, | ||||
$force_full_session = false) { | |||||
$key = Filesystem::readRandomCharacters(32); | $key = Filesystem::readRandomCharacters(32); | ||||
$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | ||||
$onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | ||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
id(new PhabricatorAuthTemporaryToken()) | $token = id(new PhabricatorAuthTemporaryToken()) | ||||
->setTokenResource($user->getPHID()) | ->setTokenResource($user->getPHID()) | ||||
->setTokenType($onetime_type) | ->setTokenType($onetime_type) | ||||
->setTokenExpires(time() + phutil_units('1 day in seconds')) | ->setTokenExpires(time() + phutil_units('1 day in seconds')) | ||||
->setTokenCode($key_hash) | ->setTokenCode($key_hash) | ||||
->setShouldForceFullSession($force_full_session) | |||||
->save(); | ->save(); | ||||
unset($unguarded); | unset($unguarded); | ||||
$uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | $uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | ||||
if ($email) { | if ($email) { | ||||
$uri = $uri.$email->getID().'/'; | $uri = $uri.$email->getID().'/'; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 164 Lines • Show Last 20 Lines |