Differential D20021 Diff 47818 src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorMultiFactorSettingsPanel.php
| Show First 20 Lines • Show All 225 Lines • ▼ Show 20 Lines | if (!$selected_provider) { | ||||
| } | } | ||||
| return $this->newDialog() | return $this->newDialog() | ||||
| ->setTitle(pht('Choose Factor Type')) | ->setTitle(pht('Choose Factor Type')) | ||||
| ->appendChild($menu) | ->appendChild($menu) | ||||
| ->addCancelButton($cancel_uri); | ->addCancelButton($cancel_uri); | ||||
| } | } | ||||
| // NOTE: Beyond providing guidance, this step is also providing a CSRF gate | |||||
| // on this endpoint, since prompting the user to respond to a challenge | |||||
| // sometimes requires us to push a challenge to them as a side effect (for | |||||
| // example, with SMS). | |||||
| if (!$request->isFormPost() || !$request->getBool('mfa.start')) { | |||||
| $description = $selected_provider->getEnrollDescription($viewer); | |||||
| return $this->newDialog() | |||||
| ->addHiddenInput('providerPHID', $selected_provider->getPHID()) | |||||
| ->addHiddenInput('mfa.start', 1) | |||||
| ->setTitle(pht('Add Authentication Factor')) | |||||
| ->appendChild(new PHUIRemarkupView($viewer, $description)) | |||||
| ->addCancelButton($cancel_uri) | |||||
| ->addSubmitButton($selected_provider->getEnrollButtonText($viewer)); | |||||
| } | |||||
| $form = id(new AphrontFormView()) | $form = id(new AphrontFormView()) | ||||
| ->setViewer($viewer); | ->setViewer($viewer); | ||||
| if ($request->isFormPost()) { | if ($request->getBool('mfa.enroll')) { | ||||
| // Subject users to rate limiting so that it's difficult to add factors | // Subject users to rate limiting so that it's difficult to add factors | ||||
| // by pure brute force. This is normally not much of an attack, but push | // by pure brute force. This is normally not much of an attack, but push | ||||
| // factor types may have side effects. | // factor types may have side effects. | ||||
| PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
| array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
| new PhabricatorAuthNewFactorAction(), | new PhabricatorAuthNewFactorAction(), | ||||
| 1); | 1); | ||||
| } else { | } else { | ||||
| ▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines | if ($config) { | ||||
| $request->getCookie(PhabricatorCookies::COOKIE_SESSION))); | $request->getCookie(PhabricatorCookies::COOKIE_SESSION))); | ||||
| return id(new AphrontRedirectResponse()) | return id(new AphrontRedirectResponse()) | ||||
| ->setURI($this->getPanelURI('?id='.$config->getID())); | ->setURI($this->getPanelURI('?id='.$config->getID())); | ||||
| } | } | ||||
| return $this->newDialog() | return $this->newDialog() | ||||
| ->addHiddenInput('providerPHID', $selected_provider->getPHID()) | ->addHiddenInput('providerPHID', $selected_provider->getPHID()) | ||||
| ->addHiddenInput('mfa.start', 1) | |||||
| ->addHiddenInput('mfa.enroll', 1) | |||||
| ->setWidth(AphrontDialogView::WIDTH_FORM) | ->setWidth(AphrontDialogView::WIDTH_FORM) | ||||
| ->setTitle(pht('Add Authentication Factor')) | ->setTitle(pht('Add Authentication Factor')) | ||||
| ->appendChild($form->buildLayoutView()) | ->appendChild($form->buildLayoutView()) | ||||
| ->addSubmitButton(pht('Continue')) | ->addSubmitButton(pht('Continue')) | ||||
| ->addCancelButton($cancel_uri); | ->addCancelButton($cancel_uri); | ||||
| } | } | ||||
| private function processEdit(AphrontRequest $request) { | private function processEdit(AphrontRequest $request) { | ||||
| ▲ Show 20 Lines • Show All 105 Lines • Show Last 20 Lines | |||||