Differential D20094 Diff 48003 src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
| Show First 20 Lines • Show All 113 Lines • ▼ Show 20 Lines | if ($request->isFormPost()) { | ||||
| // it should reduce HackerOne reports of nebulous harm. | // it should reduce HackerOne reports of nebulous harm. | ||||
| $editor->revokePasswordResetLinks($target_user); | $editor->revokePasswordResetLinks($target_user); | ||||
| if ($target_email) { | if ($target_email) { | ||||
| $editor->verifyEmail($target_user, $target_email); | $editor->verifyEmail($target_user, $target_email); | ||||
| } | } | ||||
| unset($unguarded); | unset($unguarded); | ||||
| $next = '/'; | $next_uri = $this->getNextStepURI($target_user); | ||||
| if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { | |||||
| $next = '/settings/panel/external/'; | |||||
| } else { | |||||
| // We're going to let the user reset their password without knowing | PhabricatorCookies::setNextURICookie($request, $next_uri, $force = true); | ||||
| // the old one. Generate a one-time token for that. | |||||
| $key = Filesystem::readRandomCharacters(16); | |||||
| $password_type = | |||||
| PhabricatorAuthPasswordResetTemporaryTokenType::TOKENTYPE; | |||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | |||||
| id(new PhabricatorAuthTemporaryToken()) | |||||
| ->setTokenResource($target_user->getPHID()) | |||||
| ->setTokenType($password_type) | |||||
| ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | |||||
| ->setTokenCode(PhabricatorHash::weakDigest($key)) | |||||
| ->save(); | |||||
| unset($unguarded); | |||||
| $panel_uri = '/auth/password/'; | |||||
| $next = (string)id(new PhutilURI($panel_uri)) | |||||
| ->setQueryParams( | |||||
| array( | |||||
| 'key' => $key, | |||||
| )); | |||||
| $request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | |||||
| } | |||||
| PhabricatorCookies::setNextURICookie($request, $next, $force = true); | |||||
| $force_full_session = false; | $force_full_session = false; | ||||
| if ($link_type === PhabricatorAuthSessionEngine::ONETIME_RECOVER) { | if ($link_type === PhabricatorAuthSessionEngine::ONETIME_RECOVER) { | ||||
| $force_full_session = $token->getShouldForceFullSession(); | $force_full_session = $token->getShouldForceFullSession(); | ||||
| } | } | ||||
| return $this->loginUser($target_user, $force_full_session); | return $this->loginUser($target_user, $force_full_session); | ||||
| } | } | ||||
| Show All 39 Lines | $dialog = $this->newDialog() | ||||
| ->addCancelButton('/'); | ->addCancelButton('/'); | ||||
| foreach ($body as $paragraph) { | foreach ($body as $paragraph) { | ||||
| $dialog->appendParagraph($paragraph); | $dialog->appendParagraph($paragraph); | ||||
| } | } | ||||
| return id(new AphrontDialogResponse())->setDialog($dialog); | return id(new AphrontDialogResponse())->setDialog($dialog); | ||||
| } | } | ||||
| private function getNextStepURI(PhabricatorUser $user) { | |||||
| $request = $this->getRequest(); | |||||
| // If we have password auth, let the user set or reset their password after | |||||
| // login. | |||||
| $have_passwords = PhabricatorPasswordAuthProvider::getPasswordProvider(); | |||||
| if ($have_passwords) { | |||||
| // We're going to let the user reset their password without knowing | |||||
| // the old one. Generate a one-time token for that. | |||||
| $key = Filesystem::readRandomCharacters(16); | |||||
| $password_type = | |||||
| PhabricatorAuthPasswordResetTemporaryTokenType::TOKENTYPE; | |||||
| $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); | |||||
| id(new PhabricatorAuthTemporaryToken()) | |||||
| ->setTokenResource($user->getPHID()) | |||||
| ->setTokenType($password_type) | |||||
| ->setTokenExpires(time() + phutil_units('1 hour in seconds')) | |||||
| ->setTokenCode(PhabricatorHash::weakDigest($key)) | |||||
| ->save(); | |||||
| unset($unguarded); | |||||
| $panel_uri = '/auth/password/'; | |||||
| $request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes'); | |||||
| return (string)id(new PhutilURI($panel_uri)) | |||||
| ->setQueryParams( | |||||
| array( | |||||
| 'key' => $key, | |||||
| )); | |||||
| } | |||||
| $providers = id(new PhabricatorAuthProviderConfigQuery()) | |||||
| ->setViewer($user) | |||||
| ->withIsEnabled(true) | |||||
| ->execute(); | |||||
| // If there are no configured providers and the user is an administrator, | |||||
| // send them to Auth to configure a provider. This is probably where they | |||||
| // want to go. You can end up in this state by accidentally losing your | |||||
| // first session during initial setup, or after restoring exported data | |||||
| // from a hosted instance. | |||||
| if (!$providers && $user->getIsAdmin()) { | |||||
| return '/auth/'; | |||||
| } | |||||
| // If we didn't find anywhere better to send them, give up and just send | |||||
| // them to the home page. | |||||
| return '/'; | |||||
| } | |||||
| } | } | ||||