Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/factor/PhabricatorDuoAuthFactor.php
| Show First 20 Lines • Show All 151 Lines • ▼ Show 20 Lines | final class PhabricatorDuoAuthFactor | ||||
| public function processAddFactorForm( | public function processAddFactorForm( | ||||
| PhabricatorAuthFactorProvider $provider, | PhabricatorAuthFactorProvider $provider, | ||||
| AphrontFormView $form, | AphrontFormView $form, | ||||
| AphrontRequest $request, | AphrontRequest $request, | ||||
| PhabricatorUser $user) { | PhabricatorUser $user) { | ||||
| $token = $this->loadMFASyncToken($provider, $request, $form, $user); | $token = $this->loadMFASyncToken($provider, $request, $form, $user); | ||||
| if ($this->isAuthResult($token)) { | |||||
| $form->appendChild($this->newAutomaticControl($token)); | |||||
| return; | |||||
| } | |||||
| $enroll = $token->getTemporaryTokenProperty('duo.enroll'); | $enroll = $token->getTemporaryTokenProperty('duo.enroll'); | ||||
| $duo_id = $token->getTemporaryTokenProperty('duo.user-id'); | $duo_id = $token->getTemporaryTokenProperty('duo.user-id'); | ||||
| $duo_uri = $token->getTemporaryTokenProperty('duo.uri'); | $duo_uri = $token->getTemporaryTokenProperty('duo.uri'); | ||||
| $duo_user = $token->getTemporaryTokenProperty('duo.username'); | $duo_user = $token->getTemporaryTokenProperty('duo.username'); | ||||
| $is_external = ($enroll === 'external'); | $is_external = ($enroll === 'external'); | ||||
| $is_auto = ($enroll === 'auto'); | $is_auto = ($enroll === 'auto'); | ||||
| ▲ Show 20 Lines • Show All 177 Lines • ▼ Show 20 Lines | protected function newMFASyncTokenProperties( | ||||
| ); | ); | ||||
| $result = $this->newDuoFuture($provider) | $result = $this->newDuoFuture($provider) | ||||
| ->setMethod('preauth', $parameters) | ->setMethod('preauth', $parameters) | ||||
| ->resolve(); | ->resolve(); | ||||
| $external_uri = null; | $external_uri = null; | ||||
| $result_code = $result['response']['result']; | $result_code = $result['response']['result']; | ||||
| $status_message = $result['response']['status_msg']; | |||||
| switch ($result_code) { | switch ($result_code) { | ||||
| case 'auth': | case 'auth': | ||||
| case 'allow': | case 'allow': | ||||
| // If the user already has a Duo account, they don't need to do | // If the user already has a Duo account, they don't need to do | ||||
| // anything. | // anything. | ||||
| return array( | return array( | ||||
| 'duo.enroll' => 'auto', | 'duo.enroll' => 'auto', | ||||
| 'duo.username' => $duo_user, | 'duo.username' => $duo_user, | ||||
| Show All 10 Lines | switch ($result_code) { | ||||
| // Otherwise, enrollment is permitted so we're going to continue. | // Otherwise, enrollment is permitted so we're going to continue. | ||||
| break; | break; | ||||
| default: | default: | ||||
| case 'deny': | case 'deny': | ||||
| return $this->newResult() | return $this->newResult() | ||||
| ->setIsError(true) | ->setIsError(true) | ||||
| ->setErrorMessage( | ->setErrorMessage( | ||||
| pht('Your account is not permitted to access this system.')); | pht( | ||||
| 'Your Duo account ("%s") is not permitted to access this '. | |||||
| 'system. Contact your Duo administrator for help. '. | |||||
| 'The Duo preauth API responded with status message ("%s"): %s', | |||||
amckinley: "The The" | |||||
| $duo_user, | |||||
| $result_code, | |||||
| $status_message)); | |||||
| } | } | ||||
| // Duo's "/enroll" API isn't repeatable for the same username. If we're | // Duo's "/enroll" API isn't repeatable for the same username. If we're | ||||
| // the first call, great: we can do inline enrollment, which is way more | // the first call, great: we can do inline enrollment, which is way more | ||||
| // user friendly. Otherwise, we have to send the user on an adventure. | // user friendly. Otherwise, we have to send the user on an adventure. | ||||
| $parameters = array( | $parameters = array( | ||||
| 'username' => $duo_user, | 'username' => $duo_user, | ||||
| ▲ Show 20 Lines • Show All 83 Lines • ▼ Show 20 Lines | switch ($next_step) { | ||||
| $duo_user, | $duo_user, | ||||
| $status_message)); | $status_message)); | ||||
| case 'deny': | case 'deny': | ||||
| default: | default: | ||||
| return $this->newResult() | return $this->newResult() | ||||
| ->setIsError(true) | ->setIsError(true) | ||||
| ->setErrorMessage( | ->setErrorMessage( | ||||
| pht( | pht( | ||||
| 'Duo has denied you access. Duo status message ("%s"): %s', | 'Your Duo account ("%s") is not permitted to access this '. | ||||
| 'system. Contact your Duo administrator for help. The Duo '. | |||||
| 'preauth API responded with status message ("%s"): %s', | |||||
| $duo_user, | |||||
| $next_step, | $next_step, | ||||
| $status_message)); | $status_message)); | ||||
| } | } | ||||
| $has_push = false; | $has_push = false; | ||||
| $devices = $response['devices']; | $devices = $response['devices']; | ||||
| foreach ($devices as $device) { | foreach ($devices as $device) { | ||||
| $capabilities = array_fuse($device['capabilities']); | $capabilities = array_fuse($device['capabilities']); | ||||
| ▲ Show 20 Lines • Show All 312 Lines • Show Last 20 Lines | |||||
"The The"