Differential D20036 Diff 47865 src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
Show First 20 Lines • Show All 4,900 Lines • ▼ Show 20 Lines | foreach ($xactions as $xaction) { | ||||
$xaction->setIsMFATransaction(true); | $xaction->setIsMFATransaction(true); | ||||
} | } | ||||
} | } | ||||
private function newMFATransactions( | private function newMFATransactions( | ||||
PhabricatorLiskDAO $object, | PhabricatorLiskDAO $object, | ||||
array $xactions) { | array $xactions) { | ||||
$is_mfa = ($object instanceof PhabricatorEditEngineMFAInterface); | $has_engine = ($object instanceof PhabricatorEditEngineMFAInterface); | ||||
if (!$is_mfa) { | if ($has_engine) { | ||||
return $xactions; | |||||
} | |||||
$engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) | $engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) | ||||
->setViewer($this->getActor()); | ->setViewer($this->getActor()); | ||||
$require_mfa = $engine->shouldRequireMFA(); | $require_mfa = $engine->shouldRequireMFA(); | ||||
$try_mfa = $engine->shouldTryMFA(); | |||||
} else { | |||||
$require_mfa = false; | |||||
$try_mfa = false; | |||||
} | |||||
// If the user is mentioning an MFA object on another object or creating | |||||
// a relationship like "parent" or "child" to this object, we always | |||||
// allow the edit to move forward without requiring MFA. | |||||
if ($this->getIsInverseEdgeEditor()) { | |||||
return $xactions; | |||||
} | |||||
if (!$require_mfa) { | if (!$require_mfa) { | ||||
$try_mfa = $engine->shouldTryMFA(); | // If the object hasn't already opted into MFA, see if any of the | ||||
// transactions want it. | |||||
if (!$try_mfa) { | |||||
foreach ($xactions as $xaction) { | |||||
$type = $xaction->getTransactionType(); | |||||
$xtype = $this->getModularTransactionType($type); | |||||
if ($xtype) { | |||||
$xtype = clone $xtype; | |||||
$xtype->setStorage($xaction); | |||||
if ($xtype->shouldTryMFA($object, $xaction)) { | |||||
$try_mfa = true; | |||||
break; | |||||
} | |||||
} | |||||
} | |||||
} | |||||
if ($try_mfa) { | if ($try_mfa) { | ||||
$this->setShouldRequireMFA(true); | $this->setShouldRequireMFA(true); | ||||
} | } | ||||
return $xactions; | return $xactions; | ||||
} | } | ||||
$type_mfa = PhabricatorTransactions::TYPE_MFA; | $type_mfa = PhabricatorTransactions::TYPE_MFA; | ||||
$has_mfa = false; | $has_mfa = false; | ||||
foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
if ($xaction->getTransactionType() === $type_mfa) { | if ($xaction->getTransactionType() === $type_mfa) { | ||||
$has_mfa = true; | $has_mfa = true; | ||||
break; | break; | ||||
} | } | ||||
} | } | ||||
if ($has_mfa) { | if ($has_mfa) { | ||||
return $xactions; | return $xactions; | ||||
} | } | ||||
// If the user is mentioning an MFA object on another object or creating | |||||
// a relationship like "parent" or "child" to this object, we allow the | |||||
// edit to move forward without requiring MFA. | |||||
if ($this->getIsInverseEdgeEditor()) { | |||||
return $xactions; | |||||
} | |||||
$template = $object->getApplicationTransactionTemplate(); | $template = $object->getApplicationTransactionTemplate(); | ||||
$mfa_xaction = id(clone $template) | $mfa_xaction = id(clone $template) | ||||
->setTransactionType($type_mfa) | ->setTransactionType($type_mfa) | ||||
->setNewValue(true); | ->setNewValue(true); | ||||
array_unshift($xactions, $mfa_xaction); | array_unshift($xactions, $mfa_xaction); | ||||
return $xactions; | return $xactions; | ||||
} | } | ||||
} | } |