Differential D20019 Diff 47816 src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Show First 20 Lines • Show All 228 Lines • ▼ Show 20 Lines | if (!$selected_provider) { | ||||
->setTitle(pht('Choose Factor Type')) | ->setTitle(pht('Choose Factor Type')) | ||||
->appendChild($menu) | ->appendChild($menu) | ||||
->addCancelButton($cancel_uri); | ->addCancelButton($cancel_uri); | ||||
} | } | ||||
$form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
->setViewer($viewer); | ->setViewer($viewer); | ||||
if ($request->isFormPost()) { | |||||
// Subject users to rate limiting so that it's difficult to add factors | |||||
// by pure brute force. This is normally not much of an attack, but push | |||||
// factor types may have side effects. | |||||
PhabricatorSystemActionEngine::willTakeAction( | |||||
array($viewer->getPHID()), | |||||
new PhabricatorAuthNewFactorAction(), | |||||
1); | |||||
} else { | |||||
// Test the limit before showing the user a form, so we don't give them | |||||
// a form which can never possibly work because it will always hit rate | |||||
// limiting. | |||||
PhabricatorSystemActionEngine::willTakeAction( | |||||
array($viewer->getPHID()), | |||||
new PhabricatorAuthNewFactorAction(), | |||||
0); | |||||
} | |||||
$config = $selected_provider->processAddFactorForm( | $config = $selected_provider->processAddFactorForm( | ||||
$form, | $form, | ||||
$request, | $request, | ||||
$user); | $user); | ||||
if ($config) { | if ($config) { | ||||
// If the user added a factor, give them a rate limiting point back. | |||||
PhabricatorSystemActionEngine::willTakeAction( | |||||
array($viewer->getPHID()), | |||||
new PhabricatorAuthNewFactorAction(), | |||||
-1); | |||||
$config->save(); | $config->save(); | ||||
$log = PhabricatorUserLog::initializeNewLog( | $log = PhabricatorUserLog::initializeNewLog( | ||||
$viewer, | $viewer, | ||||
$user->getPHID(), | $user->getPHID(), | ||||
PhabricatorUserLog::ACTION_MULTI_ADD); | PhabricatorUserLog::ACTION_MULTI_ADD); | ||||
$log->save(); | $log->save(); | ||||
▲ Show 20 Lines • Show All 129 Lines • Show Last 20 Lines |