Changeset View
Changeset View
Standalone View
Standalone View
src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
| Show All 28 Lines | final class PhabricatorPasswordSettingsPanel extends PhabricatorSettingsPanel { | ||||
| } | } | ||||
| public function processRequest(AphrontRequest $request) { | public function processRequest(AphrontRequest $request) { | ||||
| $viewer = $request->getUser(); | $viewer = $request->getUser(); | ||||
| $user = $this->getUser(); | $user = $this->getUser(); | ||||
| $content_source = PhabricatorContentSource::newFromRequest($request); | $content_source = PhabricatorContentSource::newFromRequest($request); | ||||
| $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( | |||||
| $viewer, | |||||
| $request, | |||||
| '/settings/'); | |||||
| $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | ||||
| $min_len = (int)$min_len; | $min_len = (int)$min_len; | ||||
| // NOTE: Users can also change passwords through the separate "set/reset" | // NOTE: Users can also change passwords through the separate "set/reset" | ||||
| // interface which is reached by logging in with a one-time token after | // interface which is reached by logging in with a one-time token after | ||||
| // registration or password reset. If this flow changes, that flow may | // registration or password reset. If this flow changes, that flow may | ||||
| // also need to change. | // also need to change. | ||||
| $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | $account_type = PhabricatorAuthPassword::PASSWORD_TYPE_ACCOUNT; | ||||
| $password_objects = id(new PhabricatorAuthPasswordQuery()) | $password_objects = id(new PhabricatorAuthPasswordQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->withObjectPHIDs(array($user->getPHID())) | ->withObjectPHIDs(array($user->getPHID())) | ||||
| ->withPasswordTypes(array($account_type)) | ->withPasswordTypes(array($account_type)) | ||||
| ->withIsRevoked(false) | ->withIsRevoked(false) | ||||
| ->execute(); | ->execute(); | ||||
| if ($password_objects) { | if (!$password_objects) { | ||||
| $password_object = head($password_objects); | return $this->newSetPasswordView($request); | ||||
| } else { | |||||
| $password_object = PhabricatorAuthPassword::initializeNewPassword( | |||||
| $user, | |||||
| $account_type); | |||||
| } | } | ||||
| $password_object = head($password_objects); | |||||
| $e_old = true; | $e_old = true; | ||||
| $e_new = true; | $e_new = true; | ||||
| $e_conf = true; | $e_conf = true; | ||||
| $errors = array(); | $errors = array(); | ||||
| if ($request->isFormPost()) { | if ($request->isFormOrHisecPost()) { | ||||
| $workflow_key = sprintf( | |||||
| 'password.change(%s)', | |||||
| $user->getPHID()); | |||||
| $hisec_token = id(new PhabricatorAuthSessionEngine()) | |||||
| ->setWorkflowKey($workflow_key) | |||||
| ->requireHighSecurityToken($viewer, $request, '/settings/'); | |||||
| // Rate limit guesses about the old password. This page requires MFA and | // Rate limit guesses about the old password. This page requires MFA and | ||||
| // session compromise already, so this is mostly just to stop researchers | // session compromise already, so this is mostly just to stop researchers | ||||
| // from reporting this as a vulnerability. | // from reporting this as a vulnerability. | ||||
| PhabricatorSystemActionEngine::willTakeAction( | PhabricatorSystemActionEngine::willTakeAction( | ||||
| array($viewer->getPHID()), | array($viewer->getPHID()), | ||||
| new PhabricatorAuthChangePasswordAction(), | new PhabricatorAuthChangePasswordAction(), | ||||
| 1); | 1); | ||||
| ▲ Show 20 Lines • Show All 133 Lines • ▼ Show 20 Lines | public function processRequest(AphrontRequest $request) { | ||||
| return array( | return array( | ||||
| $form_box, | $form_box, | ||||
| $algo_box, | $algo_box, | ||||
| $info_view, | $info_view, | ||||
| ); | ); | ||||
| } | } | ||||
| private function newSetPasswordView(AphrontRequest $request) { | |||||
| $viewer = $request->getUser(); | |||||
| $user = $this->getUser(); | |||||
| $form = id(new AphrontFormView()) | |||||
| ->setViewer($viewer) | |||||
| ->appendRemarkupInstructions( | |||||
| pht( | |||||
| 'Your account does not currently have a password set. You can '. | |||||
| 'choose a password by performing a password reset.')) | |||||
| ->appendControl( | |||||
| id(new AphrontFormSubmitControl()) | |||||
| ->addCancelButton('/login/email/', pht('Reset Password'))); | |||||
| $form_box = id(new PHUIObjectBoxView()) | |||||
| ->setHeaderText(pht('Set Password')) | |||||
| ->setBackground(PHUIObjectBoxView::WHITE_CONFIG) | |||||
| ->setForm($form); | |||||
| return $form_box; | |||||
| } | |||||
| } | } | ||||