Differential D20021 Diff 47818 src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Show First 20 Lines • Show All 225 Lines • ▼ Show 20 Lines | if (!$selected_provider) { | ||||
} | } | ||||
return $this->newDialog() | return $this->newDialog() | ||||
->setTitle(pht('Choose Factor Type')) | ->setTitle(pht('Choose Factor Type')) | ||||
->appendChild($menu) | ->appendChild($menu) | ||||
->addCancelButton($cancel_uri); | ->addCancelButton($cancel_uri); | ||||
} | } | ||||
// NOTE: Beyond providing guidance, this step is also providing a CSRF gate | |||||
// on this endpoint, since prompting the user to respond to a challenge | |||||
// sometimes requires us to push a challenge to them as a side effect (for | |||||
// example, with SMS). | |||||
if (!$request->isFormPost() || !$request->getBool('mfa.start')) { | |||||
$description = $selected_provider->getEnrollDescription($viewer); | |||||
return $this->newDialog() | |||||
->addHiddenInput('providerPHID', $selected_provider->getPHID()) | |||||
->addHiddenInput('mfa.start', 1) | |||||
->setTitle(pht('Add Authentication Factor')) | |||||
->appendChild(new PHUIRemarkupView($viewer, $description)) | |||||
->addCancelButton($cancel_uri) | |||||
->addSubmitButton($selected_provider->getEnrollButtonText($viewer)); | |||||
} | |||||
$form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
->setViewer($viewer); | ->setViewer($viewer); | ||||
if ($request->isFormPost()) { | if ($request->getBool('mfa.enroll')) { | ||||
// Subject users to rate limiting so that it's difficult to add factors | // Subject users to rate limiting so that it's difficult to add factors | ||||
// by pure brute force. This is normally not much of an attack, but push | // by pure brute force. This is normally not much of an attack, but push | ||||
// factor types may have side effects. | // factor types may have side effects. | ||||
PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
new PhabricatorAuthNewFactorAction(), | new PhabricatorAuthNewFactorAction(), | ||||
1); | 1); | ||||
} else { | } else { | ||||
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines | if ($config) { | ||||
$request->getCookie(PhabricatorCookies::COOKIE_SESSION))); | $request->getCookie(PhabricatorCookies::COOKIE_SESSION))); | ||||
return id(new AphrontRedirectResponse()) | return id(new AphrontRedirectResponse()) | ||||
->setURI($this->getPanelURI('?id='.$config->getID())); | ->setURI($this->getPanelURI('?id='.$config->getID())); | ||||
} | } | ||||
return $this->newDialog() | return $this->newDialog() | ||||
->addHiddenInput('providerPHID', $selected_provider->getPHID()) | ->addHiddenInput('providerPHID', $selected_provider->getPHID()) | ||||
->addHiddenInput('mfa.start', 1) | |||||
->addHiddenInput('mfa.enroll', 1) | |||||
->setWidth(AphrontDialogView::WIDTH_FORM) | ->setWidth(AphrontDialogView::WIDTH_FORM) | ||||
->setTitle(pht('Add Authentication Factor')) | ->setTitle(pht('Add Authentication Factor')) | ||||
->appendChild($form->buildLayoutView()) | ->appendChild($form->buildLayoutView()) | ||||
->addSubmitButton(pht('Continue')) | ->addSubmitButton(pht('Continue')) | ||||
->addCancelButton($cancel_uri); | ->addCancelButton($cancel_uri); | ||||
} | } | ||||
private function processEdit(AphrontRequest $request) { | private function processEdit(AphrontRequest $request) { | ||||
▲ Show 20 Lines • Show All 105 Lines • Show Last 20 Lines |