Page MenuHomePhabricator
Differential D20028 Diff 47835 src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php

Changeset View

Standalone View

View Options

src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php

Show All 32 Lines public function handleRequestThrowable(
$form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm( $form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm(
$throwable->getFactors(), $throwable->getFactors(),
$results, $results,
$viewer, $viewer,
$request); $request);
$is_wait = false; $is_wait = false;
$is_continue = false;
foreach ($results as $result) { foreach ($results as $result) {
if ($result->getIsWait()) { if ($result->getIsWait()) {
$is_wait = true; $is_wait = true;
break; }
if ($result->getIsContinue()) {
epriestleyAuthorUnsubmitted
Done
Inline Actions

This appears later on in greater depth, but "continue" responses are "click the button to continue".

Two cases for them:

  • You hit SMS/Duo/push without CSRF. We don't want to text you if you got <img src="..." />'d, so you have to click the button.
  • For pure push like Duo, you don't enter a code; instead, you click on your phone, then "Continue" in the UI.
epriestley: This appears later on in greater depth, but "continue" responses are "click the button to…
$is_continue = true;
} }
} }
$is_upgrade = $throwable->getIsSessionUpgrade(); $is_upgrade = $throwable->getIsSessionUpgrade();
if ($is_upgrade) { if ($is_upgrade) {
$title = pht('Enter High Security'); $title = pht('Enter High Security');
} else { } else {
$title = pht('Provide MFA Credentials'); $title = pht('Provide MFA Credentials');
} }
if ($is_wait) { if ($is_wait) {
$submit = pht('Wait Patiently'); $submit = pht('Wait Patiently');
} else if ($is_upgrade) { } else if ($is_upgrade && !$is_continue) {
$submit = pht('Enter High Security'); $submit = pht('Enter High Security');
} else { } else {
$submit = pht('Continue'); $submit = pht('Continue');
} }
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($viewer) ->setUser($viewer)
->setTitle($title) ->setTitle($title)
->setShortTitle(pht('Security Checkpoint')) ->setShortTitle(pht('Security Checkpoint'))
->setWidth(AphrontDialogView::WIDTH_FORM) ->setWidth(AphrontDialogView::WIDTH_FORM)
->addHiddenInput(AphrontRequest::TYPE_HISEC, true) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
->setSubmitURI($request->getPath()) ->setSubmitURI($request->getPath())
->addCancelButton($throwable->getCancelURI()) ->addCancelButton($throwable->getCancelURI())
->addSubmitButton($submit); ->addSubmitButton($submit);
$form_layout = $form->buildLayoutView(); $form_layout = $form->buildLayoutView();
if ($is_upgrade) { if ($is_upgrade) {
$dialog $messages = array(
->setErrors(
array(
pht( pht(
'You are taking an action which requires you to enter '. 'You are taking an action which requires you to enter '.
'high security.'), 'high security.'),
)) );
$info_view = id(new PHUIInfoView())
->setSeverity(PHUIInfoView::SEVERITY_MFA)
->setErrors($messages);
$dialog
->appendChild($info_view)
->appendParagraph( ->appendParagraph(
pht( pht(
'High security mode helps protect your account from security '. 'To enter high security mode, confirm your credentials:'))
'threats, like session theft or someone messing with your stuff '.
'while you\'re grabbing a coffee. To enter high security mode, '.
'confirm your credentials.'))
epriestleyAuthorUnsubmitted
Done
Inline Actions

I streamlined this text slightly and made the header less scary.

epriestley: I streamlined this text slightly and made the header less scary.
->appendChild($form_layout) ->appendChild($form_layout)
->appendParagraph( ->appendParagraph(
pht( pht(
'Your account will remain in high security mode for a short '. 'Your account will remain in high security mode for a short '.
'period of time. When you are finished taking sensitive '. 'period of time. When you are finished taking sensitive '.
'actions, you should leave high security.')); 'actions, you should leave high security.'));
} else { } else {
$dialog $dialog
Show All 19 Lines
Phabricator · Built by Phacility