Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/check/PhabricatorAuthSetupCheck.php
Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | protected function executeChecks() { | ||||
if (!$is_locked && !$did_warn) { | if (!$is_locked && !$did_warn) { | ||||
$message = pht( | $message = pht( | ||||
'Your authentication provider configuration is unlocked. Once you '. | 'Your authentication provider configuration is unlocked. Once you '. | ||||
'finish setting up or modifying authentication, you should lock the '. | 'finish setting up or modifying authentication, you should lock the '. | ||||
'configuration to prevent unauthorized changes.'. | 'configuration to prevent unauthorized changes.'. | ||||
"\n\n". | "\n\n". | ||||
'Leaving your authentication provider configuration unlocked '. | 'Leaving your authentication provider configuration unlocked '. | ||||
'increases the damage that a compromised administrator account can '. | 'increases the damage that a compromised administrator account can '. | ||||
'do to your install, by, for example, changing the authentication '. | 'do to your install. For example, an attacker who compromises an '. | ||||
'provider to a server they control and intercepting usernames and '. | 'administrator account can change authentication providers to point '. | ||||
'at a server they control and attempt to intercept usernames and '. | |||||
'passwords.'. | 'passwords.'. | ||||
"\n\n". | "\n\n". | ||||
'To prevent this attack, you should configure your authentication '. | 'To prevent this attack, you should configure authentication, and '. | ||||
'providers, and then lock the configuration by doing `%s` '. | 'then lock the configuration by running "bin/auth lock" from the '. | ||||
'from the command line. This will prevent changing the '. | 'command line. This will prevent changing the authentication config '. | ||||
'authentication provider config without first doing `%s`.', | 'without first running "bin/auth unlock".'); | ||||
'bin/auth lock', | |||||
'bin/auth unlock'); | |||||
$this | $this | ||||
->newIssue('auth.config-unlocked') | ->newIssue('auth.config-unlocked') | ||||
->setShortName(pht('Auth Config Unlocked')) | ->setShortName(pht('Auth Config Unlocked')) | ||||
->setName(pht('Authenticaton Provider Configuration Unlocked')) | ->setName(pht('Authenticaton Configuration Unlocked')) | ||||
->setSummary( | |||||
pht( | |||||
'Authentication configuration is currently unlocked. Once you '. | |||||
'finish configuring authentication, you should lock it.')) | |||||
->setMessage($message) | ->setMessage($message) | ||||
->addRelatedPhabricatorConfig('auth.lock-config') | ->addRelatedPhabricatorConfig('auth.lock-config') | ||||
->addCommand( | ->addCommand( | ||||
hsprintf( | hsprintf( | ||||
'<tt>phabricator/ $</tt> ./bin/auth lock')); | '<tt>phabricator/ $</tt> ./bin/auth lock')); | ||||
} | } | ||||
} | } | ||||
} | } |