Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
Show All 28 Lines | final class PhabricatorPasswordSettingsPanel extends PhabricatorSettingsPanel { | ||||
} | } | ||||
public function processRequest(AphrontRequest $request) { | public function processRequest(AphrontRequest $request) { | ||||
$viewer = $request->getUser(); | $viewer = $request->getUser(); | ||||
$user = $this->getUser(); | $user = $this->getUser(); | ||||
$content_source = PhabricatorContentSource::newFromRequest($request); | $content_source = PhabricatorContentSource::newFromRequest($request); | ||||
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | |||||
$viewer, | |||||
$request, | |||||
'/settings/'); | |||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | ||||
$min_len = (int)$min_len; | $min_len = (int)$min_len; | ||||
// NOTE: Users can also change passwords through the separate "set/reset" | // NOTE: Users can also change passwords through the separate "set/reset" | ||||
// interface which is reached by logging in with a one-time token after | // interface which is reached by logging in with a one-time token after | ||||
// registration or password reset. If this flow changes, that flow may | // registration or password reset. If this flow changes, that flow may | ||||
// also need to change. | // also need to change. | ||||
$account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | ||||
$password_objects = id(new PhabricatorAuthPasswordQuery()) | $password_objects = id(new PhabricatorAuthPasswordQuery()) | ||||
->setViewer($viewer) | ->setViewer($viewer) | ||||
->withObjectPHIDs(array($user->getPHID())) | ->withObjectPHIDs(array($user->getPHID())) | ||||
->withPasswordTypes(array($account_type)) | ->withPasswordTypes(array($account_type)) | ||||
->withIsRevoked(false) | ->withIsRevoked(false) | ||||
->execute(); | ->execute(); | ||||
if ($password_objects) { | if (!$password_objects) { | ||||
$password_object = head($password_objects); | return $this->newSetPasswordView($request); | ||||
} else { | |||||
$password_object = PhabricatorAuthPassword::initializeNewPassword( | |||||
$user, | |||||
$account_type); | |||||
} | } | ||||
$password_object = head($password_objects); | |||||
$e_old = true; | $e_old = true; | ||||
$e_new = true; | $e_new = true; | ||||
$e_conf = true; | $e_conf = true; | ||||
$errors = array(); | $errors = array(); | ||||
if ($request->isFormPost()) { | if ($request->isFormOrHisecPost()) { | ||||
$workflow_key = sprintf( | |||||
'password.change(%s)', | |||||
$user->getPHID()); | |||||
$hisec_token = id(new PhabricatorAuthSessionEngine()) | |||||
->setWorkflowKey($workflow_key) | |||||
->requireHighSecurityToken($viewer, $request, '/settings/'); | |||||
// Rate limit guesses about the old password. This page requires MFA and | // Rate limit guesses about the old password. This page requires MFA and | ||||
// session compromise already, so this is mostly just to stop researchers | // session compromise already, so this is mostly just to stop researchers | ||||
// from reporting this as a vulnerability. | // from reporting this as a vulnerability. | ||||
PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
new PhabricatorAuthChangePasswordAction(), | new PhabricatorAuthChangePasswordAction(), | ||||
1); | 1); | ||||
▲ Show 20 Lines • Show All 133 Lines • ▼ Show 20 Lines | public function processRequest(AphrontRequest $request) { | ||||
return array( | return array( | ||||
$form_box, | $form_box, | ||||
$algo_box, | $algo_box, | ||||
$info_view, | $info_view, | ||||
); | ); | ||||
} | } | ||||
private function newSetPasswordView(AphrontRequest $request) { | |||||
$viewer = $request->getUser(); | |||||
$user = $this->getUser(); | |||||
$form = id(new AphrontFormView()) | |||||
->setViewer($viewer) | |||||
->appendRemarkupInstructions( | |||||
pht( | |||||
'Your account does not currently have a password set. You can '. | |||||
'choose a password by performing a password reset.')) | |||||
->appendControl( | |||||
id(new AphrontFormSubmitControl()) | |||||
->addCancelButton('/login/email/', pht('Reset Password'))); | |||||
$form_box = id(new PHUIObjectBoxView()) | |||||
->setHeaderText(pht('Set Password')) | |||||
->setBackground(PHUIObjectBoxView::WHITE_CONFIG) | |||||
->setForm($form); | |||||
return $form_box; | |||||
} | |||||
} | } |