Differential D20019 Diff 47816 src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php

Changeset View

Standalone View

src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php

Show First 20 Lines • Show All 228 Lines • ▼ Show 20 Lines	if (!$selected_provider) {
->setTitle(pht('Choose Factor Type'))		->setTitle(pht('Choose Factor Type'))
->appendChild($menu)		->appendChild($menu)
->addCancelButton($cancel_uri);		->addCancelButton($cancel_uri);
}		}

$form = id(new AphrontFormView())		$form = id(new AphrontFormView())
->setViewer($viewer);		->setViewer($viewer);

		if ($request->isFormPost()) {
		// Subject users to rate limiting so that it's difficult to add factors
		// by pure brute force. This is normally not much of an attack, but push
		// factor types may have side effects.
		PhabricatorSystemActionEngine::willTakeAction(
		array($viewer->getPHID()),
		new PhabricatorAuthNewFactorAction(),
		1);
		} else {
		// Test the limit before showing the user a form, so we don't give them
		// a form which can never possibly work because it will always hit rate
		// limiting.
		PhabricatorSystemActionEngine::willTakeAction(
		array($viewer->getPHID()),
		new PhabricatorAuthNewFactorAction(),
		0);
		}

$config = $selected_provider->processAddFactorForm(		$config = $selected_provider->processAddFactorForm(
$form,		$form,
$request,		$request,
$user);		$user);

if ($config) {		if ($config) {
		// If the user added a factor, give them a rate limiting point back.
		PhabricatorSystemActionEngine::willTakeAction(
		array($viewer->getPHID()),
		new PhabricatorAuthNewFactorAction(),
		-1);

$config->save();		$config->save();

$log = PhabricatorUserLog::initializeNewLog(		$log = PhabricatorUserLog::initializeNewLog(
$viewer,		$viewer,
$user->getPHID(),		$user->getPHID(),
PhabricatorUserLog::ACTION_MULTI_ADD);		PhabricatorUserLog::ACTION_MULTI_ADD);
$log->save();		$log->save();

▲ Show 20 Lines • Show All 129 Lines • Show Last 20 Lines