Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthSessionEngine.php
| Show First 20 Lines • Show All 487 Lines • ▼ Show 20 Lines | private function newHighSecurityToken( | ||||
| $factors = msortv($factors, 'newSortVector'); | $factors = msortv($factors, 'newSortVector'); | ||||
| // If the account has no associated multi-factor auth, just issue a token | // If the account has no associated multi-factor auth, just issue a token | ||||
| // without putting the session into high security mode. This is generally | // without putting the session into high security mode. This is generally | ||||
| // easier for users. A minor but desirable side effect is that when a user | // easier for users. A minor but desirable side effect is that when a user | ||||
| // adds an auth factor, existing sessions won't get a free pass into hisec, | // adds an auth factor, existing sessions won't get a free pass into hisec, | ||||
| // since they never actually got marked as hisec. | // since they never actually got marked as hisec. | ||||
| if (!$factors) { | if (!$factors) { | ||||
| return $this->issueHighSecurityToken($session, true); | return $this->issueHighSecurityToken($session, true) | ||||
| ->setIsUnchallengedToken(true); | |||||
| } | } | ||||
| $this->request = $request; | $this->request = $request; | ||||
| foreach ($factors as $factor) { | foreach ($factors as $factor) { | ||||
| $factor->setSessionEngine($this); | $factor->setSessionEngine($this); | ||||
| } | } | ||||
| // Check for a rate limit without awarding points, so the user doesn't | // Check for a rate limit without awarding points, so the user doesn't | ||||
| ▲ Show 20 Lines • Show All 666 Lines • Show Last 20 Lines | |||||