Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
Show First 20 Lines • Show All 487 Lines • ▼ Show 20 Lines | private function newHighSecurityToken( | ||||
$factors = msortv($factors, 'newSortVector'); | $factors = msortv($factors, 'newSortVector'); | ||||
// If the account has no associated multi-factor auth, just issue a token | // If the account has no associated multi-factor auth, just issue a token | ||||
// without putting the session into high security mode. This is generally | // without putting the session into high security mode. This is generally | ||||
// easier for users. A minor but desirable side effect is that when a user | // easier for users. A minor but desirable side effect is that when a user | ||||
// adds an auth factor, existing sessions won't get a free pass into hisec, | // adds an auth factor, existing sessions won't get a free pass into hisec, | ||||
// since they never actually got marked as hisec. | // since they never actually got marked as hisec. | ||||
if (!$factors) { | if (!$factors) { | ||||
return $this->issueHighSecurityToken($session, true); | return $this->issueHighSecurityToken($session, true) | ||||
->setIsUnchallengedToken(true); | |||||
} | } | ||||
$this->request = $request; | $this->request = $request; | ||||
foreach ($factors as $factor) { | foreach ($factors as $factor) { | ||||
$factor->setSessionEngine($this); | $factor->setSessionEngine($this); | ||||
} | } | ||||
// Check for a rate limit without awarding points, so the user doesn't | // Check for a rate limit without awarding points, so the user doesn't | ||||
▲ Show 20 Lines • Show All 666 Lines • Show Last 20 Lines |