Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
| Show First 20 Lines • Show All 887 Lines • ▼ Show 20 Lines | /* -( One Time Login URIs )------------------------------------------------ */ | ||||
| * These URIs are used for password recovery and to regain access to accounts | * These URIs are used for password recovery and to regain access to accounts | ||||
| * which users have been locked out of. | * which users have been locked out of. | ||||
| * | * | ||||
| * @param PhabricatorUser User to generate a URI for. | * @param PhabricatorUser User to generate a URI for. | ||||
| * @param PhabricatorUserEmail Optionally, email to verify when | * @param PhabricatorUserEmail Optionally, email to verify when | ||||
| * link is used. | * link is used. | ||||
| * @param string Optional context string for the URI. This is purely cosmetic | * @param string Optional context string for the URI. This is purely cosmetic | ||||
| * and used only to customize workflow and error messages. | * and used only to customize workflow and error messages. | ||||
| * @param bool True to generate a URI which forces an immediate upgrade to | |||||
| * a full session, bypassing MFA and other login checks. | |||||
| * @return string Login URI. | * @return string Login URI. | ||||
| * @task onetime | * @task onetime | ||||
| */ | */ | ||||
| public function getOneTimeLoginURI( | public function getOneTimeLoginURI( | ||||
| PhabricatorUser $user, | PhabricatorUser $user, | ||||
| PhabricatorUserEmail $email = null, | PhabricatorUserEmail $email = null, | ||||
| $type = self::ONETIME_RESET) { | $type = self::ONETIME_RESET, | ||||
| $force_full_session = false) { | |||||
| $key = Filesystem::readRandomCharacters(32); | $key = Filesystem::readRandomCharacters(32); | ||||
| $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); | ||||
| $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; | ||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | ||||
| id(new PhabricatorAuthTemporaryToken()) | $token = id(new PhabricatorAuthTemporaryToken()) | ||||
| ->setTokenResource($user->getPHID()) | ->setTokenResource($user->getPHID()) | ||||
| ->setTokenType($onetime_type) | ->setTokenType($onetime_type) | ||||
| ->setTokenExpires(time() + phutil_units('1 day in seconds')) | ->setTokenExpires(time() + phutil_units('1 day in seconds')) | ||||
| ->setTokenCode($key_hash) | ->setTokenCode($key_hash) | ||||
| ->setShouldForceFullSession($force_full_session) | |||||
| ->save(); | ->save(); | ||||
| unset($unguarded); | unset($unguarded); | ||||
| $uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | $uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/'; | ||||
| if ($email) { | if ($email) { | ||||
| $uri = $uri.$email->getID().'/'; | $uri = $uri.$email->getID().'/'; | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 164 Lines • Show Last 20 Lines | |||||