Changeset View
Changeset View
Standalone View
Standalone View
src/applications/config/check/PhabricatorAuthSetupCheck.php
| Show First 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | protected function executeChecks() { | ||||
| if (!$is_locked && !$did_warn) { | if (!$is_locked && !$did_warn) { | ||||
| $message = pht( | $message = pht( | ||||
| 'Your authentication provider configuration is unlocked. Once you '. | 'Your authentication provider configuration is unlocked. Once you '. | ||||
| 'finish setting up or modifying authentication, you should lock the '. | 'finish setting up or modifying authentication, you should lock the '. | ||||
| 'configuration to prevent unauthorized changes.'. | 'configuration to prevent unauthorized changes.'. | ||||
| "\n\n". | "\n\n". | ||||
| 'Leaving your authentication provider configuration unlocked '. | 'Leaving your authentication provider configuration unlocked '. | ||||
| 'increases the damage that a compromised administrator account can '. | 'increases the damage that a compromised administrator account can '. | ||||
| 'do to your install, by, for example, changing the authentication '. | 'do to your install. For example, an attacker who compromises an '. | ||||
| 'provider to a server they control and intercepting usernames and '. | 'administrator account can change authentication providers to point '. | ||||
| 'at a server they control and attempt to intercept usernames and '. | |||||
| 'passwords.'. | 'passwords.'. | ||||
| "\n\n". | "\n\n". | ||||
| 'To prevent this attack, you should configure your authentication '. | 'To prevent this attack, you should configure authentication, and '. | ||||
| 'providers, and then lock the configuration by doing `%s` '. | 'then lock the configuration by running "bin/auth lock" from the '. | ||||
| 'from the command line. This will prevent changing the '. | 'command line. This will prevent changing the authentication config '. | ||||
| 'authentication provider config without first doing `%s`.', | 'without first running "bin/auth unlock".'); | ||||
| 'bin/auth lock', | |||||
| 'bin/auth unlock'); | |||||
| $this | $this | ||||
| ->newIssue('auth.config-unlocked') | ->newIssue('auth.config-unlocked') | ||||
| ->setShortName(pht('Auth Config Unlocked')) | ->setShortName(pht('Auth Config Unlocked')) | ||||
| ->setName(pht('Authenticaton Provider Configuration Unlocked')) | ->setName(pht('Authenticaton Configuration Unlocked')) | ||||
| ->setSummary( | |||||
| pht( | |||||
| 'Authentication configuration is currently unlocked. Once you '. | |||||
| 'finish configuring authentication, you should lock it.')) | |||||
| ->setMessage($message) | ->setMessage($message) | ||||
| ->addRelatedPhabricatorConfig('auth.lock-config') | ->addRelatedPhabricatorConfig('auth.lock-config') | ||||
| ->addCommand( | ->addCommand( | ||||
| hsprintf( | hsprintf( | ||||
| '<tt>phabricator/ $</tt> ./bin/auth lock')); | '<tt>phabricator/ $</tt> ./bin/auth lock')); | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||