Page MenuHomestyx hydra
Files F233305

No OneTemporary
Actions

View Options

diff --git a/src/applications/auth/controller/PhabricatorAuthController.php b/src/applications/auth/controller/PhabricatorAuthController.php
index 60dc5bcbc9..19094da148 100644
--- a/src/applications/auth/controller/PhabricatorAuthController.php
+++ b/src/applications/auth/controller/PhabricatorAuthController.php
@@ -1,17 +1,17 @@
<?php
abstract class PhabricatorAuthController extends PhabricatorController {
public function buildStandardPageResponse($view, array $data) {
$page = $this->buildStandardPageView();
- $page->setApplicationName('Login');
+ $page->setApplicationName(pht('Login'));
$page->setBaseURI('/login/');
$page->setTitle(idx($data, 'title'));
$page->appendChild($view);
$response = new AphrontWebpageResponse();
return $response->setContent($page->render());
}
}
diff --git a/src/applications/auth/controller/PhabricatorDisabledUserController.php b/src/applications/auth/controller/PhabricatorDisabledUserController.php
index 08647187b5..dcd1e36abc 100644
--- a/src/applications/auth/controller/PhabricatorDisabledUserController.php
+++ b/src/applications/auth/controller/PhabricatorDisabledUserController.php
@@ -1,28 +1,29 @@
<?php
final class PhabricatorDisabledUserController
extends PhabricatorAuthController {
public function shouldRequireEnabledUser() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
if (!$user->getIsDisabled()) {
return new Aphront404Response();
}
$failure_view = new AphrontRequestFailureView();
- $failure_view->setHeader('Account Disabled');
- $failure_view->appendChild('<p>Your account has been disabled.</p>');
+ $failure_view->setHeader(pht('Account Disabled'));
+ $failure_view->appendChild(
+ '<p>'.pht('Your account has been disabled.').'</p>');
return $this->buildStandardPageResponse(
$failure_view,
array(
- 'title' => 'Account Disabled',
+ 'title' => pht('Account Disabled'),
));
}
}
diff --git a/src/applications/auth/controller/PhabricatorEmailLoginController.php b/src/applications/auth/controller/PhabricatorEmailLoginController.php
index bf142ea23e..e6cc6372df 100644
--- a/src/applications/auth/controller/PhabricatorEmailLoginController.php
+++ b/src/applications/auth/controller/PhabricatorEmailLoginController.php
@@ -1,153 +1,159 @@
<?php
final class PhabricatorEmailLoginController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
$e_email = true;
$e_captcha = true;
$errors = array();
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
if ($request->isFormPost()) {
$e_email = null;
- $e_captcha = 'Again';
+ $e_captcha = pht('Again');
$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);
if (!$captcha_ok) {
- $errors[] = "Captcha response is incorrect, try again.";
- $e_captcha = 'Invalid';
+ $errors[] = pht("Captcha response is incorrect, try again.");
+ $e_captcha = pht('Invalid');
}
$email = $request->getStr('email');
if (!strlen($email)) {
- $errors[] = "You must provide an email address.";
- $e_email = 'Required';
+ $errors[] = pht("You must provide an email address.");
+ $e_email = pht('Required');
}
if (!$errors) {
// NOTE: Don't validate the email unless the captcha is good; this makes
// it expensive to fish for valid email addresses while giving the user
// a better error if they goof their email.
$target_email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s',
$email);
$target_user = null;
if ($target_email) {
$target_user = id(new PhabricatorUser())->loadOneWhere(
'phid = %s',
$target_email->getUserPHID());
}
if (!$target_user) {
- $errors[] = "There is no account associated with that email address.";
- $e_email = "Invalid";
+ $errors[] =
+ pht("There is no account associated with that email address.");
+ $e_email = pht("Invalid");
}
if (!$errors) {
$uri = $target_user->getEmailLoginURI($target_email);
if ($is_serious) {
$body = <<<EOBODY
You can use this link to reset your Phabricator password:
{$uri}
EOBODY;
} else {
$body = <<<EOBODY
Condolences on forgetting your password. You can use this link to reset it:
{$uri}
After you set a new password, consider writing it down on a sticky note and
attaching it to your monitor so you don't forget again! Choosing a very short,
easy-to-remember password like "cat" or "1234" might also help.
Best Wishes,
Phabricator
EOBODY;
}
// NOTE: Don't set the user as 'from', or they may not receive the
// mail if they have the "don't send me email about my own actions"
// preference set.
$mail = new PhabricatorMetaMTAMail();
$mail->setSubject('[Phabricator] Password Reset');
$mail->addTos(
array(
$target_user->getPHID(),
));
$mail->setBody($body);
$mail->saveAndSend();
$view = new AphrontRequestFailureView();
- $view->setHeader('Check Your Email');
+ $view->setHeader(pht('Check Your Email'));
$view->appendChild(
- '<p>An email has been sent with a link you can use to login.</p>');
+ '<p>'.pht(
+ 'An email has been sent with a link you can use to login.'
+ ).'</p>');
return $this->buildStandardPageResponse(
$view,
array(
- 'title' => 'Email Sent',
+ 'title' => pht('Email Sent'),
));
}
}
}
$email_auth = new AphrontFormView();
$email_auth
->setAction('/login/email/')
->setUser($request->getUser())
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Email')
+ ->setLabel(pht('Email'))
->setName('email')
->setValue($request->getStr('email'))
->setError($e_email))
->appendChild(
id(new AphrontFormRecaptchaControl())
- ->setLabel('Captcha')
+ ->setLabel(pht('Captcha'))
->setError($e_captcha))
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Send Email'));
+ ->setValue(pht('Send Email')));
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
- $error_view->setTitle('Login Error');
+ $error_view->setTitle(pht('Login Error'));
$error_view->setErrors($errors);
}
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
- $panel->appendChild('<h1>Forgot Password / Email Login</h1>');
+ $panel->appendChild('
+ <h1>'.pht('Forgot Password / Email Login').'</h1>');
$panel->appendChild($email_auth);
+ $panel->setNoBackground();
- return $this->buildStandardPageResponse(
+ return $this->buildApplicationPage(
array(
$error_view,
$panel,
),
array(
- 'title' => 'Create New Account',
+ 'title' => pht('Forgot Password'),
+ 'device' => true,
));
}
}
diff --git a/src/applications/auth/controller/PhabricatorEmailTokenController.php b/src/applications/auth/controller/PhabricatorEmailTokenController.php
index 0f2187ee31..855caa37af 100644
--- a/src/applications/auth/controller/PhabricatorEmailTokenController.php
+++ b/src/applications/auth/controller/PhabricatorEmailTokenController.php
@@ -1,104 +1,106 @@
<?php
final class PhabricatorEmailTokenController
extends PhabricatorAuthController {
private $token;
public function shouldRequireLogin() {
return false;
}
public function willProcessRequest(array $data) {
$this->token = $data['token'];
}
public function processRequest() {
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
$token = $this->token;
$email = $request->getStr('email');
// NOTE: We need to bind verification to **addresses**, not **users**,
// because we verify addresses when they're used to login this way, and if
// we have a user-based verification you can:
//
// - Add some address you do not own;
// - request a password reset;
// - change the URI in the email to the address you don't own;
// - login via the email link; and
// - get a "verified" address you don't control.
$target_email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s',
$email);
$target_user = null;
if ($target_email) {
$target_user = id(new PhabricatorUser())->loadOneWhere(
'phid = %s',
$target_email->getUserPHID());
}
if (!$target_email ||
!$target_user ||
!$target_user->validateEmailToken($target_email, $token)) {
$view = new AphrontRequestFailureView();
- $view->setHeader('Unable to Login');
+ $view->setHeader(pht('Unable to Login'));
$view->appendChild(
- '<p>The authentication information in the link you clicked is '.
+ '<p>'.pht('The authentication information in the link you clicked is '.
'invalid or out of date. Make sure you are copy-and-pasting the '.
'entire link into your browser. You can try again, or request '.
- 'a new email.</p>');
+ 'a new email.').'</p>');
$view->appendChild(
'<div class="aphront-failure-continue">'.
- '<a class="button" href="/login/email/">Send Another Email</a>'.
+ '<a class="button" href="/login/email/">'.
+ pht('Send Another Email').
+ '</a>'.
'</div>');
return $this->buildStandardPageResponse(
$view,
array(
- 'title' => 'Login Failure',
+ 'title' => pht('Login Failure'),
));
}
// Verify email so that clicking the link in the "Welcome" email is good
// enough, without requiring users to go through a second round of email
// verification.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$target_email->setIsVerified(1);
$target_email->save();
$session_key = $target_user->establishSession('web');
unset($unguarded);
$request->setCookie('phusr', $target_user->getUsername());
$request->setCookie('phsid', $session_key);
if (PhabricatorEnv::getEnvConfig('account.editable')) {
$next = (string)id(new PhutilURI('/settings/panel/password/'))
->setQueryParams(
array(
'token' => $token,
'email' => $email,
));
} else {
$next = '/';
}
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $target_user->getUsername(),
'next' => $next,
));
return id(new AphrontRedirectResponse())
->setURI((string)$uri);
}
}
diff --git a/src/applications/auth/controller/PhabricatorLDAPLoginController.php b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
index 60595be4eb..4dafe831f7 100644
--- a/src/applications/auth/controller/PhabricatorLDAPLoginController.php
+++ b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
@@ -1,171 +1,174 @@
<?php
final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
private $provider;
public function shouldRequireLogin() {
return false;
}
public function willProcessRequest(array $data) {
$this->provider = new PhabricatorLDAPProvider();
}
public function processRequest() {
if (!$this->provider->isProviderEnabled()) {
return new Aphront400Response();
}
$current_user = $this->getRequest()->getUser();
$request = $this->getRequest();
$ldap_username = $request->getCookie('phusr');
if ($request->isFormPost()) {
$ldap_username = $request->getStr('username');
try {
$envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
$this->provider->auth($ldap_username, $envelope);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
if (empty($errors)) {
$ldap_info = $this->retrieveLDAPInfo($this->provider);
if ($current_user->getPHID()) {
if ($ldap_info->getID()) {
$existing_ldap = id(new PhabricatorUserLDAPInfo())->loadOneWhere(
'userID = %d',
$current_user->getID());
if ($ldap_info->getUserID() != $current_user->getID() ||
$existing_ldap) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Already Linked to Another Account');
+ $dialog->setTitle(pht('Already Linked to Another Account'));
$dialog->appendChild(
- '<p>The LDAP account you just authorized is already linked to '.
- 'another Phabricator account. Before you can link it to a '.
- 'different LDAP account, you must unlink the old account.</p>'
+ '<p>'.pht('The LDAP account you just authorized is already '.
+ 'linked toanother Phabricator account. Before you can link it '.
+ 'to a different LDAP account, you must unlink the old '.
+ 'account.').'</p>'
);
$dialog->addCancelButton('/settings/panel/ldap/');
return id(new AphrontDialogResponse())->setDialog($dialog);
} else {
return id(new AphrontRedirectResponse())
->setURI('/settings/panel/ldap/');
}
}
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Link LDAP Account');
+ $dialog->setTitle(pht('Link LDAP Account'));
$dialog->appendChild(
- '<p>Link your LDAP account to your Phabricator account?</p>');
+ '<p>'.
+ pht('Link your LDAP account to your Phabricator account?').
+ '</p>');
$dialog->addHiddenInput('username', $request->getStr('username'));
$dialog->addHiddenInput('password', $request->getStr('password'));
- $dialog->addSubmitButton('Link Accounts');
+ $dialog->addSubmitButton(pht('Link Accounts'));
$dialog->addCancelButton('/settings/panel/ldap/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$ldap_info->setUserID($current_user->getID());
$this->saveLDAPInfo($ldap_info);
return id(new AphrontRedirectResponse())
->setURI('/settings/panel/ldap/');
}
if ($ldap_info->getID()) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$known_user = id(new PhabricatorUser())->load(
$ldap_info->getUserID());
$session_key = $known_user->establishSession('web');
$this->saveLDAPInfo($ldap_info);
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $known_user->getUsername(),
));
return id(new AphrontRedirectResponse())->setURI((string)$uri);
}
$controller = newv('PhabricatorLDAPRegistrationController',
array($this->getRequest()));
$controller->setLDAPProvider($this->provider);
$controller->setLDAPInfo($ldap_info);
return $this->delegateToController($controller);
}
}
$ldap_form = new AphrontFormView();
$ldap_form
->setUser($request->getUser())
->setAction('/ldap/login/')
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('LDAP username')
+ ->setLabel(pht('LDAP username'))
->setName('username')
->setValue($ldap_username))
->appendChild(
id(new AphrontFormPasswordControl())
- ->setLabel('Password')
+ ->setLabel(pht('Password'))
->setName('password'));
$ldap_form
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Login'));
+ ->setValue(pht('Login')));
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
- $panel->appendChild('<h1>LDAP login</h1>');
+ $panel->appendChild('<h1>'.pht('LDAP login').'</h1>');
$panel->appendChild($ldap_form);
if (isset($errors) && count($errors) > 0) {
$error_view = new AphrontErrorView();
- $error_view->setTitle('Login Failed');
+ $error_view->setTitle(pht('Login Failed'));
$error_view->setErrors($errors);
}
return $this->buildStandardPageResponse(
array(
isset($error_view) ? $error_view : null,
$panel,
),
array(
- 'title' => 'Login',
+ 'title' => pht('Login'),
));
}
private function retrieveLDAPInfo(PhabricatorLDAPProvider $provider) {
$ldap_info = id(new PhabricatorUserLDAPInfo())->loadOneWhere(
'ldapUsername = %s',
$provider->retrieveUsername());
if (!$ldap_info) {
$ldap_info = new PhabricatorUserLDAPInfo();
$ldap_info->setLDAPUsername($provider->retrieveUsername());
}
return $ldap_info;
}
private function saveLDAPInfo(PhabricatorUserLDAPInfo $info) {
// UNGUARDED WRITES: Logging-in users don't have their CSRF set up yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$info->save();
}
}
diff --git a/src/applications/auth/controller/PhabricatorLDAPRegistrationController.php b/src/applications/auth/controller/PhabricatorLDAPRegistrationController.php
index 1fde2ef450..e52eea2134 100644
--- a/src/applications/auth/controller/PhabricatorLDAPRegistrationController.php
+++ b/src/applications/auth/controller/PhabricatorLDAPRegistrationController.php
@@ -1,220 +1,220 @@
<?php
final class PhabricatorLDAPRegistrationController
extends PhabricatorAuthController {
private $ldapProvider;
private $ldapInfo;
public function setLDAPProvider($provider) {
$this->ldapProvider = $provider;
return $this;
}
public function getLDAProvider() {
return $this->ldapProvider;
}
public function setLDAPInfo($info) {
$this->ldapInfo = $info;
return $this;
}
public function getLDAPInfo() {
return $this->ldapInfo;
}
public function processRequest() {
$provider = $this->getLDAProvider();
$ldap_info = $this->getLDAPInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername($provider->retrieveUsername());
$user->setRealname($provider->retrieveUserRealName());
$new_email = $provider->retrieveUserEmail();
if ($new_email) {
// If the user's LDAP provider account has an email address but the
// email address domain is not allowed by the Phabricator configuration,
// we just pretend the provider did not supply an address.
//
// For instance, if the user uses LDAP Auth and their email address
// is "joe@personal.com" but Phabricator is configured to require users
// use "@company.com" addresses, we show a prompt below and tell the user
// to provide their "@company.com" address. They can still use the LDAP
// account to login, they just need to associate their account with an
// allowed address.
//
// If the email address is fine, we just use it and don't prompt the user.
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$new_email = null;
}
}
$show_email_input = ($new_email === null);
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
- $e_username = 'Required';
- $errors[] = 'Username is required.';
+ $e_username = pht('Required');
+ $errors[] = pht('Username is required.');
} else if (!PhabricatorUser::validateUsername($username)) {
- $e_username = 'Invalid';
+ $e_username = pht('Invalid');
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
if (!$new_email) {
$new_email = trim($request->getStr('email'));
if (!$new_email) {
- $e_email = 'Required';
- $errors[] = 'Email is required.';
+ $e_email = pht('Required');
+ $errors[] = pht('Email is required.');
} else {
$e_email = null;
}
}
if ($new_email) {
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
- $e_email = 'Invalid';
+ $e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
- $e_realname = 'Required';
- $errors[] = 'Real name is required.';
+ $e_realname = pht('Required');
+ $errors[] = pht('Real name is required.');
} else {
$e_realname = null;
}
}
if (!$errors) {
try {
// NOTE: We don't verify LDAP email addresses by default because
// LDAP providers might associate email addresses with accounts that
// haven't actually verified they own them. We could selectively
// auto-verify some providers that we trust here, but the stakes for
// verifying an email address are high because having a corporate
// address at a company is sometimes the key to the castle.
$email_obj = id(new PhabricatorUserEmail())
->setAddress($new_email)
->setIsVerified(0);
id(new PhabricatorUserEditor())
->setActor($user)
->createNewUser($user, $email_obj);
$ldap_info->setUserID($user->getID());
$ldap_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$email_obj->sendVerificationEmail($user);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere(
'userName = %s',
$user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s',
$new_email);
if ($same_username) {
- $e_username = 'Duplicate';
- $errors[] = 'That username or email is not unique.';
+ $e_username = pht('Duplicate');
+ $errors[] = pht('That username or email is not unique.');
} else if ($same_email) {
- $e_email = 'Duplicate';
- $errors[] = 'That email is not unique.';
+ $e_email = pht('Duplicate');
+ $errors[] = pht('That email is not unique.');
} else {
throw $exception;
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
- $error_view->setTitle('Registration Failed');
+ $error_view->setTitle(pht('Registration Failed'));
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI('/ldap/login/');
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form
->setUser($request->getUser())
->setAction($action_path)
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Username')
+ ->setLabel(pht('Username'))
->setName('username')
->setValue($user->getUsername())
->setError($e_username));
$form->appendChild(
id(new AphrontFormPasswordControl())
- ->setLabel('Password')
+ ->setLabel(pht('Password'))
->setName('password'));
if ($show_email_input) {
$form->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Email')
+ ->setLabel(pht('Email'))
->setName('email')
->setValue($request->getStr('email'))
->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Real Name')
+ ->setLabel(pht('Real Name'))
->setName('realname')
->setValue($request->getStr('realname'))
->setError($e_realname));
}
$form
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Create Account'));
+ ->setValue(pht('Create Account')));
$panel = new AphrontPanelView();
- $panel->setHeader('Create New Account');
+ $panel->setHeader(pht('Create New Account'));
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
return $this->buildStandardPageResponse(
array(
$error_view,
$panel,
),
array(
- 'title' => 'Create New Account',
+ 'title' => pht('Create New Account'),
));
}
}
diff --git a/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php b/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php
index 180c20ce73..44cad5a398 100644
--- a/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php
+++ b/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php
@@ -1,36 +1,36 @@
<?php
final class PhabricatorLDAPUnlinkController extends PhabricatorAuthController {
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$ldap_info = id(new PhabricatorUserLDAPInfo())->loadOneWhere(
'userID = %d',
$user->getID());
if (!$ldap_info) {
return new Aphront400Response();
}
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($user);
- $dialog->setTitle('Really unlink account?');
+ $dialog->setTitle(pht('Really unlink account?'));
$dialog->appendChild(
- '<p><strong>You will not be able to login</strong> using this account '.
- 'once you unlink it. Continue?</p>');
- $dialog->addSubmitButton('Unlink Account');
+ '<p>'.pht('You will not be able to login using this account '.
+ 'once you unlink it. Continue?').'</p>');
+ $dialog->addSubmitButton(pht('Unlink Account'));
$dialog->addCancelButton('/settings/panel/ldap/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$ldap_info->delete();
return id(new AphrontRedirectResponse())
->setURI('/settings/panel/ldap/');
}
}
diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php
index 6bc87c5aab..c4bda38a77 100644
--- a/src/applications/auth/controller/PhabricatorLoginController.php
+++ b/src/applications/auth/controller/PhabricatorLoginController.php
@@ -1,306 +1,311 @@
<?php
final class PhabricatorLoginController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
if ($user->isLoggedIn()) {
// Kick the user out if they're already logged in.
return id(new AphrontRedirectResponse())->setURI('/');
}
if ($request->isAjax()) {
// We end up here if the user clicks a workflow link that they need to
// login to use. We give them a dialog saying "You need to login..".
if ($request->isDialogFormPost()) {
return id(new AphrontRedirectResponse())->setURI(
$request->getRequestURI());
}
$dialog = new AphrontDialogView();
$dialog->setUser($user);
- $dialog->setTitle('Login Required');
- $dialog->appendChild('<p>You must login to continue.</p>');
- $dialog->addSubmitButton('Login');
- $dialog->addCancelButton('/', 'Cancel');
+ $dialog->setTitle(pht('Login Required'));
+ $dialog->appendChild('<p>'.pht('You must login to continue.').'</p>');
+ $dialog->addSubmitButton(pht('Login'));
+ $dialog->addCancelButton('/', pht('Cancel'));
return id(new AphrontDialogResponse())->setDialog($dialog);
}
if ($request->isConduit()) {
// A common source of errors in Conduit client configuration is getting
// the request path wrong. The client will end up here, so make some
// effort to give them a comprehensible error message.
$request_path = $this->getRequest()->getPath();
$conduit_path = '/api/<method>';
$example_path = '/api/conduit.ping';
$message =
"ERROR: You are making a Conduit API request to '{$request_path}', ".
"but the correct HTTP request path to use in order to access a ".
"Conduit method is '{$conduit_path}' (for example, ".
"'{$example_path}'). Check your configuration.";
return id(new AphrontPlainTextResponse())->setContent($message);
}
$error_view = null;
if ($request->getCookie('phusr') && $request->getCookie('phsid')) {
// The session cookie is invalid, so clear it.
$request->clearCookie('phusr');
$request->clearCookie('phsid');
$error_view = new AphrontErrorView();
- $error_view->setTitle('Invalid Session');
+ $error_view->setTitle(pht('Invalid Session'));
$error_view->setErrors(array(
- "Your login session is invalid. Try logging in again. If that ".
- "doesn't work, clear your browser cookies."
+ pht("Your login session is invalid. Try logging in again. If that ".
+ "doesn't work, clear your browser cookies.")
));
}
$next_uri_path = $this->getRequest()->getPath();
if ($next_uri_path == '/login/') {
$next_uri = '/';
} else {
$next_uri = $this->getRequest()->getRequestURI();
}
if (!$request->isFormPost()) {
$request->setCookie('next_uri', $next_uri);
}
$password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
$username_or_email = $request->getCookie('phusr');
$forms = array();
$errors = array();
if ($password_auth) {
$require_captcha = false;
$e_captcha = true;
if ($request->isFormPost()) {
if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
PhabricatorUserLog::ACTION_LOGIN_FAILURE,
60 * 15);
if (count($failed_attempts) > 5) {
$require_captcha = true;
if (!AphrontFormRecaptchaControl::processCaptcha($request)) {
if (AphrontFormRecaptchaControl::hasCaptchaResponse($request)) {
- $e_captcha = 'Invalid';
- $errors[] = 'CAPTCHA was not entered correctly.';
+ $e_captcha = pht('Invalid');
+ $errors[] = pht('CAPTCHA was not entered correctly.');
} else {
- $e_captcha = 'Required';
- $errors[] = 'Too many login failures recently. You must '.
- 'submit a CAPTCHA with your login request.';
+ $e_captcha = pht('Required');
+ $errors[] = pht('Too many login failures recently. You must '.
+ 'submit a CAPTCHA with your login request.');
}
}
}
}
$username_or_email = $request->getStr('username_or_email');
$user = id(new PhabricatorUser())->loadOneWhere(
'username = %s',
$username_or_email);
if (!$user) {
$user = PhabricatorUser::loadOneWithEmailAddress($username_or_email);
}
if (!$errors) {
// Perform username/password tests only if we didn't get rate limited
// by the CAPTCHA.
$envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
if (!$user || !$user->comparePassword($envelope)) {
- $errors[] = 'Bad username/password.';
+ $errors[] = pht('Bad username/password.');
}
}
if (!$errors) {
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $user->getUsername(),
));
return id(new AphrontRedirectResponse())
->setURI((string)$uri);
} else {
$log = PhabricatorUserLog::newLog(
null,
$user,
PhabricatorUserLog::ACTION_LOGIN_FAILURE);
$log->save();
$request->clearCookie('phusr');
$request->clearCookie('phsid');
}
}
if ($errors) {
$error_view = new AphrontErrorView();
- $error_view->setTitle('Login Failed');
+ $error_view->setTitle(pht('Login Failed'));
$error_view->setErrors($errors);
}
$form = new AphrontFormView();
$form
->setUser($request->getUser())
->setAction('/login/')
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Username/Email')
+ ->setLabel(pht('Username/Email'))
->setName('username_or_email')
->setValue($username_or_email))
->appendChild(
id(new AphrontFormPasswordControl())
- ->setLabel('Password')
+ ->setLabel(pht('Password'))
->setName('password')
->setCaption(
'<a href="/login/email/">'.
- 'Forgot your password? / Email Login</a>'));
+ pht('Forgot your password? / Email Login').'</a>'));
if ($require_captcha) {
$form->appendChild(
id(new AphrontFormRecaptchaControl())
->setError($e_captcha));
}
$form
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Login'));
+ ->setValue(pht('Login')));
// $panel->setCreateButton('Register New Account', '/login/register/');
$forms['Phabricator Login'] = $form;
}
$ldap_provider = new PhabricatorLDAPProvider();
if ($ldap_provider->isProviderEnabled()) {
$ldap_form = new AphrontFormView();
$ldap_form
->setUser($request->getUser())
->setAction('/ldap/login/')
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('LDAP username')
+ ->setLabel(pht('LDAP username'))
->setName('username')
->setValue($username_or_email))
->appendChild(
id(new AphrontFormPasswordControl())
- ->setLabel('Password')
+ ->setLabel(pht('Password'))
->setName('password'));
$ldap_form
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Login'));
+ ->setValue(pht('Login')));
$forms['LDAP Login'] = $ldap_form;
}
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
$enabled = $provider->isProviderEnabled();
if (!$enabled) {
continue;
}
$auth_uri = $provider->getAuthURI();
$redirect_uri = $provider->getRedirectURI();
$client_id = $provider->getClientID();
$provider_name = $provider->getProviderName();
$minimum_scope = $provider->getMinimumScope();
$extra_auth = $provider->getExtraAuthParameters();
// TODO: In theory we should use 'state' to prevent CSRF, but the total
// effect of the CSRF attack is that an attacker can cause a user to login
// to Phabricator if they're already logged into some OAuth provider. This
// does not seem like the most severe threat in the world, and generating
// CSRF for logged-out users is vaugely tricky.
if ($provider->isProviderRegistrationEnabled()) {
- $title = "Login or Register with {$provider_name}";
- $body = 'Login or register for Phabricator using your '.
- phutil_escape_html($provider_name).' account.';
- $button = "Login or Register with {$provider_name}";
+ $title = pht("Login or Register with %s",
+ phutil_escape_html($provider_name));
+ $body = pht('Login or register for Phabricator using your %s account.',
+ phutil_escape_html($provider_name));
+ $button = pht("Login or Register with %s",
+ phutil_escape_html($provider_name));
} else {
- $title = "Login with {$provider_name}";
- $body = 'Login to your existing Phabricator account using your '.
- phutil_escape_html($provider_name).' account.<br /><br />'.
- '<strong>You can not use '.
- phutil_escape_html($provider_name).' to register a new '.
- 'account.</strong>';
- $button = "Login with {$provider_name}";
+ $title = pht("Login with %s",
+ phutil_escape_html($provider_name));
+ $body = pht('Login to your existing Phabricator account using your '.
+ '%s account.', phutil_escape_html($provider_name)).
+ '<br /><br />'.
+ '<strong>'.
+ pht('You can not use %s to register a new account.',
+ phutil_escape_html($provider_name)).
+ '</strong>';
+ $button = pht("Log in with %s", phutil_escape_html($provider_name));
}
$auth_form = new AphrontFormView();
$auth_form
->setAction($auth_uri)
->addHiddenInput('client_id', $client_id)
->addHiddenInput('redirect_uri', $redirect_uri)
->addHiddenInput('scope', $minimum_scope);
foreach ($extra_auth as $key => $value) {
$auth_form->addHiddenInput($key, $value);
}
$auth_form
->setUser($request->getUser())
->setMethod('GET')
->appendChild(
'<p class="aphront-form-instructions">'.$body.'</p>')
->appendChild(
id(new AphrontFormSubmitControl())
->setValue("{$button} \xC2\xBB"));
$forms[$title] = $auth_form;
}
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->setNoBackground();
foreach ($forms as $name => $form) {
$panel->appendChild('<h1>'.$name.'</h1>');
$panel->appendChild($form);
$panel->appendChild('<br />');
}
$login_message = PhabricatorEnv::getEnvConfig('auth.login-message');
return $this->buildApplicationPage(
array(
$error_view,
$login_message,
$panel,
),
array(
- 'title' => 'Login',
+ 'title' => pht('Login'),
'device' => true
));
}
}
diff --git a/src/applications/auth/controller/PhabricatorLoginValidateController.php b/src/applications/auth/controller/PhabricatorLoginValidateController.php
index 7ddc737011..9423199711 100644
--- a/src/applications/auth/controller/PhabricatorLoginValidateController.php
+++ b/src/applications/auth/controller/PhabricatorLoginValidateController.php
@@ -1,76 +1,76 @@
<?php
final class PhabricatorLoginValidateController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
$failures = array();
if (!strlen($request->getStr('phusr'))) {
throw new Exception(
"Login validation is missing expected parameters!");
}
$expect_phusr = $request->getStr('phusr');
$actual_phusr = $request->getCookie('phusr');
if ($actual_phusr != $expect_phusr) {
if ($actual_phusr) {
$cookie_info = "sent back a cookie with the value '{$actual_phusr}'.";
} else {
$cookie_info = "did not accept the cookie.";
}
$failures[] =
"Attempted to set 'phusr' cookie to '{$expect_phusr}', but your ".
"browser {$cookie_info}";
}
if (!$failures) {
if (!$request->getUser()->getPHID()) {
$failures[] = "Cookies were set correctly, but your session ".
"isn't valid.";
}
}
if ($failures) {
$list = array();
foreach ($failures as $failure) {
$list[] = '<li>'.phutil_escape_html($failure).'</li>';
}
$list = '<ul>'.implode("\n", $list).'</ul>';
$view = new AphrontRequestFailureView();
- $view->setHeader('Login Failed');
+ $view->setHeader(pht('Login Failed'));
$view->appendChild(
- '<p>Login failed:</p>'.
+ '<p>'.pht('Login failed:').'</p>'.
$list.
- '<p><strong>Clear your cookies</strong> and try again.</p>');
+ '<p>'.pht('<strong>Clear your cookies</strong> and try again.').'</p>');
$view->appendChild(
'<div class="aphront-failure-continue">'.
- '<a class="button" href="/login/">Try Again</a>'.
+ '<a class="button" href="/login/">'.pht('Try Again').'</a>'.
'</div>');
return $this->buildStandardPageResponse(
$view,
array(
- 'title' => 'Login Failed',
+ 'title' => pht('Login Failed'),
));
}
$next = nonempty($request->getStr('next'), $request->getCookie('next_uri'));
$request->clearCookie('next_uri');
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
$next = '/';
}
return id(new AphrontRedirectResponse())->setURI($next);
}
}
diff --git a/src/applications/auth/controller/PhabricatorLogoutController.php b/src/applications/auth/controller/PhabricatorLogoutController.php
index fc3e9c8dc5..e2cc5410fa 100644
--- a/src/applications/auth/controller/PhabricatorLogoutController.php
+++ b/src/applications/auth/controller/PhabricatorLogoutController.php
@@ -1,59 +1,59 @@
<?php
final class PhabricatorLogoutController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return true;
}
public function shouldRequireEmailVerification() {
// Allow unverified users to logout.
return false;
}
public function shouldRequireEnabledUser() {
// Allow disabled users to logout.
return false;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
if ($request->isFormPost()) {
$log = PhabricatorUserLog::newLog(
$user,
$user,
PhabricatorUserLog::ACTION_LOGOUT);
$log->save();
// Destroy the user's session in the database so logout works even if
// their cookies have some issues. We'll detect cookie issues when they
// try to login again and tell them to clear any junk.
$phsid = $request->getCookie('phsid');
if ($phsid) {
$user->destroySession($phsid);
}
$request->clearCookie('phsid');
return id(new AphrontRedirectResponse())
->setURI('/login/');
}
if ($user->getPHID()) {
$dialog = id(new AphrontDialogView())
->setUser($user)
- ->setTitle('Log out of Phabricator?')
- ->appendChild('<p>Are you sure you want to log out?</p>')
- ->addSubmitButton('Log Out')
+ ->setTitle(pht('Log out of Phabricator?'))
+ ->appendChild('<p>'.pht('Are you sure you want to log out?').'</p>')
+ ->addSubmitButton(pht('Logout'))
->addCancelButton('/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
return id(new AphrontRedirectResponse())->setURI('/');
}
}
diff --git a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php
index 319163112d..999dec88ee 100644
--- a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php
+++ b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php
@@ -1,74 +1,79 @@
<?php
final class PhabricatorMustVerifyEmailController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function shouldRequireEmailVerification() {
// NOTE: We don't technically need this since PhabricatorController forces
// us here in either case, but it's more consistent with intent.
return false;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$email = $user->loadPrimaryEmail();
if ($email->getIsVerified()) {
return id(new AphrontRedirectResponse())->setURI('/');
}
$email_address = $email->getAddress();
$sent = null;
if ($request->isFormPost()) {
$email->sendVerificationEmail($user);
$sent = new AphrontErrorView();
$sent->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
- $sent->setTitle('Email Sent');
- $sent->appendChild(
- '<p>Another verification email was sent to <strong>'.
- phutil_escape_html($email_address).'</strong>.</p>');
+ $sent->setTitle(pht('Email Sent'));
+ $sent->appendChild('<p>'.
+ pht('Another verification email was sent to <strong>%s</strong>.',
+ phutil_escape_html($email_address)).'</p>');
}
$error_view = new AphrontRequestFailureView();
- $error_view->setHeader('Check Your Email');
+ $error_view->setHeader(pht('Check Your Email'));
$error_view->appendChild(
- '<p>You must verify your email address to login. You should have a new '.
+ '<p>'.
+ pht('You must verify your email address to login. You should have a new '.
'email message from Phabricator with verification instructions in your '.
- 'inbox (<strong>'.phutil_escape_html($email_address).'</strong>).</p>');
+ 'inbox (<strong>%s</strong>).', phutil_escape_html($email_address)).
+ '</p>');
$error_view->appendChild(
- '<p>If you did not receive an email, you can click the button below '.
- 'to try sending another one.</p>');
+ '<p>'.
+ pht('If you did not receive an email, you can click the button below '.
+ 'to try sending another one.').
+ '</p>');
$error_view->appendChild(
'<div class="aphront-failure-continue">'.
phabricator_render_form(
$user,
array(
'action' => '/login/mustverify/',
'method' => 'POST',
),
phutil_render_tag(
'button',
array(
),
- 'Send Another Email')).
+ pht('Send Another Email'))).
'</div>');
- return $this->buildStandardPageResponse(
+ return $this->buildApplicationPage(
array(
$sent,
$error_view,
),
array(
- 'title' => 'Must Verify Email',
+ 'title' => pht('Must Verify Email'),
+ 'device' => true
));
}
}
diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
index 09be7d076e..2a6c9da6e1 100644
--- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
@@ -1,339 +1,340 @@
<?php
final class PhabricatorOAuthLoginController
extends PhabricatorAuthController {
private $provider;
private $userID;
private $accessToken;
private $tokenExpires;
private $oauthState;
public function shouldRequireLogin() {
return false;
}
public function willProcessRequest(array $data) {
$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
}
public function processRequest() {
$current_user = $this->getRequest()->getUser();
$provider = $this->provider;
if (!$provider->isProviderEnabled()) {
return new Aphront400Response();
}
$provider_name = $provider->getProviderName();
$provider_key = $provider->getProviderKey();
$request = $this->getRequest();
if ($request->getStr('error')) {
$error_view = id(new PhabricatorOAuthFailureView())
->setRequest($request);
return $this->buildErrorResponse($error_view);
}
$error_response = $this->retrieveAccessToken($provider);
if ($error_response) {
return $error_response;
}
$userinfo_uri = new PhutilURI($provider->getUserInfoURI());
$userinfo_uri->setQueryParam('access_token', $this->accessToken);
$userinfo_uri = (string)$userinfo_uri;
try {
$user_data = HTTPSFuture::loadContent($userinfo_uri);
if ($user_data === false) {
throw new PhabricatorOAuthProviderException(
"Request to '{$userinfo_uri}' failed!");
}
$provider->setUserData($user_data);
} catch (PhabricatorOAuthProviderException $e) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView(), $e);
}
$provider->setAccessToken($this->accessToken);
$user_id = $provider->retrieveUserID();
$provider_key = $provider->getProviderKey();
$oauth_info = $this->retrieveOAuthInfo($provider);
if ($current_user->getPHID()) {
if ($oauth_info->getID()) {
if ($oauth_info->getUserID() != $current_user->getID()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Already Linked to Another Account');
- $dialog->appendChild(
- hsprintf(
- '<p>The %s account you just authorized is already linked to '.
+ $dialog->setTitle(pht('Already Linked to Another Account'));
+ $dialog->appendChild('<p>'.
+ pht(
+ 'The %s account you just authorized is already linked to '.
'another Phabricator account. Before you can associate your %s '.
'account with this Phabriactor account, you must unlink it from '.
'the Phabricator account it is currently linked to.</p>',
- $provider_name,
- $provider_name));
+ phutil_escape_html($provider_name),
+ phutil_escape_html($provider_name))).'</p>';
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
} else {
$this->saveOAuthInfo($oauth_info); // Refresh token.
return id(new AphrontRedirectResponse())
->setURI($provider->getSettingsPanelURI());
}
}
$existing_oauth = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'userID = %d AND oauthProvider = %s',
$current_user->getID(),
$provider_key);
if ($existing_oauth) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Already Linked to an Account From This Provider');
- $dialog->appendChild(
- hsprintf(
- '<p>The account you are logged in with is already linked to a %s '.
+ $dialog->setTitle(
+ pht('Already Linked to an Account From This Provider'));
+ $dialog->appendChild('<p>'.
+ pht(
+ 'The account you are logged in with is already linked to a %s '.
'account. Before you can link it to a different %s account, you '.
'must unlink the old account.</p>',
- $provider_name,
- $provider_name));
+ phutil_escape_html($provider_name),
+ phutil_escape_html($provider_name))).'</p>';
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Link '.$provider_name.' Account');
+ $dialog->setTitle(pht('Link %s Account', $provider_name));
$dialog->appendChild(
- hsprintf(
+ pht(
'<p>Link your %s account to your Phabricator account?</p>',
- $provider_name));
+ phutil_escape_html($provider_name)));
$dialog->addHiddenInput('confirm_token', $provider->getAccessToken());
$dialog->addHiddenInput('expires', $oauth_info->getTokenExpires());
$dialog->addHiddenInput('state', $this->oauthState);
$dialog->addHiddenInput('scope', $oauth_info->getTokenScope());
$dialog->addSubmitButton('Link Accounts');
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$oauth_info->setUserID($current_user->getID());
$this->saveOAuthInfo($oauth_info);
return id(new AphrontRedirectResponse())
->setURI($provider->getSettingsPanelURI());
}
// Login with known auth.
if ($oauth_info->getID()) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$known_user = id(new PhabricatorUser())->load($oauth_info->getUserID());
$request->getApplicationConfiguration()->willAuthenticateUserWithOAuth(
$known_user,
$oauth_info,
$provider);
$session_key = $known_user->establishSession('web');
$this->saveOAuthInfo($oauth_info);
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $known_user->getUsername(),
));
return id(new AphrontRedirectResponse())->setURI((string)$uri);
}
$oauth_email = $provider->retrieveUserEmail();
if ($oauth_email) {
$known_email = id(new PhabricatorUserEmail())
->loadOneWhere('address = %s', $oauth_email);
if ($known_email) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Already Linked to Another Account');
- $dialog->appendChild(
- hsprintf(
- '<p>The %s account you just authorized has an email address which '.
+ $dialog->setTitle(pht('Already Linked to Another Account'));
+ $dialog->appendChild('<p>'.
+ pht(
+ 'The %s account you just authorized has an email address which '.
'is already in use by another Phabricator account. To link the '.
'accounts, log in to your Phabricator account and then go to '.
- 'Settings.</p>',
- $provider_name));
+ 'Settings.',
+ phutil_escape_html($provider_name))).'</p>';
$user = id(new PhabricatorUser())
->loadOneWhere('phid = %s', $known_email->getUserPHID());
$oauth_infos = id(new PhabricatorUserOAuthInfo())
->loadAllWhere('userID = %d', $user->getID());
if ($oauth_infos) {
$providers = array();
foreach ($oauth_infos as $info) {
$provider = $info->getOAuthProvider();
$providers[] = PhabricatorOAuthProvider::newProvider($provider)
->getProviderName();
}
$dialog->appendChild(
- hsprintf(
+ pht(
'<p>The account is associated with: %s.</p>',
- implode(', ', $providers)));
+ implode(', ', phutil_escape_html($providers))));
}
$dialog->addCancelButton('/login/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
}
if (!$provider->isProviderRegistrationEnabled()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('No Account Registration With '.$provider_name);
- $dialog->appendChild(
- hsprintf(
- '<p>You can not register a new account using %s; you can only use '.
+ $dialog->setTitle(pht('No Account Registration with %s', $provider_name));
+ $dialog->appendChild('<p>'.
+ pht(
+ 'You can not register a new account using %s; you can only use '.
'your %s account to log into an existing Phabricator account which '.
- 'you have registered through other means.</p>',
- $provider_name,
- $provider_name));
+ 'you have registered through other means.',
+ phutil_escape_html($provider_name),
+ phutil_escape_html($provider_name))).'</p>';
$dialog->addCancelButton('/login/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$controller = PhabricatorEnv::newObjectFromConfig(
'controller.oauth-registration',
array($this->getRequest()));
$controller->setOAuthProvider($provider);
$controller->setOAuthInfo($oauth_info);
$controller->setOAuthState($this->oauthState);
return $this->delegateToController($controller);
}
private function buildErrorResponse(PhabricatorOAuthFailureView $view,
Exception $e = null) {
$provider = $this->provider;
$provider_name = $provider->getProviderName();
$view->setOAuthProvider($provider);
if ($e) {
$view->setException($e);
}
return $this->buildStandardPageResponse(
$view,
array(
- 'title' => $provider_name.' Auth Failed',
+ 'title' => pht('Auth Failed'),
));
}
private function retrieveAccessToken(PhabricatorOAuthProvider $provider) {
$request = $this->getRequest();
$token = $request->getStr('confirm_token');
if ($token) {
$this->tokenExpires = $request->getInt('expires');
$this->accessToken = $token;
$this->oauthState = $request->getStr('state');
return null;
}
$client_id = $provider->getClientID();
$client_secret = $provider->getClientSecret();
$redirect_uri = $provider->getRedirectURI();
$auth_uri = $provider->getTokenURI();
$code = $request->getStr('code');
$query_data = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'code' => $code,
) + $provider->getExtraTokenParameters();
$future = new HTTPSFuture($auth_uri, $query_data);
$future->setMethod('POST');
try {
list($response) = $future->resolvex();
} catch (Exception $ex) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
}
$data = $provider->decodeTokenResponse($response);
$token = idx($data, 'access_token');
if (!$token) {
return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
}
$this->tokenExpires = $provider->getTokenExpiryFromArray($data);
$this->accessToken = $token;
$this->oauthState = $request->getStr('state');
return null;
}
private function retrieveOAuthInfo(PhabricatorOAuthProvider $provider) {
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'oauthProvider = %s and oauthUID = %s',
$provider->getProviderKey(),
$provider->retrieveUserID());
$scope = $this->getRequest()->getStr('scope');
if (!$oauth_info) {
$oauth_info = new PhabricatorUserOAuthInfo();
$oauth_info->setOAuthProvider($provider->getProviderKey());
$oauth_info->setOAuthUID($provider->retrieveUserID());
// some providers don't tell you what scope you got, so default
// to the minimum Phabricator requires rather than assuming no scope
if (!$scope) {
$scope = $provider->getMinimumScope();
}
}
$oauth_info->setAccountURI($provider->retrieveUserAccountURI());
$oauth_info->setAccountName($provider->retrieveUserAccountName());
$oauth_info->setToken($provider->getAccessToken());
$oauth_info->setTokenStatus(PhabricatorUserOAuthInfo::TOKEN_STATUS_GOOD);
$oauth_info->setTokenScope($scope);
// If we have out-of-date expiration info, just clear it out. Then replace
// it with good info if the provider gave it to us.
$expires = $oauth_info->getTokenExpires();
if ($expires <= time()) {
$expires = null;
}
if ($this->tokenExpires) {
$expires = $this->tokenExpires;
}
$oauth_info->setTokenExpires($expires);
return $oauth_info;
}
private function saveOAuthInfo(PhabricatorUserOAuthInfo $info) {
// UNGUARDED WRITES: Logging-in users don't have their CSRF set up yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$info->save();
}
}
diff --git a/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php b/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php
index 816dae4bba..bff01b251b 100644
--- a/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php
+++ b/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php
@@ -1,52 +1,52 @@
<?php
final class PhabricatorOAuthUnlinkController extends PhabricatorAuthController {
private $provider;
public function willProcessRequest(array $data) {
$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$provider = $this->provider;
if ($provider->isProviderLinkPermanent()) {
throw new Exception(
- "You may not unlink accounts from this OAuth provider.");
+ pht("You may not unlink accounts from this OAuth provider."));
}
$provider_key = $provider->getProviderKey();
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
'userID = %d AND oauthProvider = %s',
$user->getID(),
$provider_key);
if (!$oauth_info) {
return new Aphront400Response();
}
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($user);
- $dialog->setTitle('Really unlink account?');
+ $dialog->setTitle(pht('Really unlink account?'));
$dialog->appendChild(
- '<p><strong>You will not be able to login</strong> using this account '.
- 'once you unlink it. Continue?</p>');
- $dialog->addSubmitButton('Unlink Account');
+ '<p>'.pht('You will not be able to login using this account '.
+ 'once you unlink it. Continue?').'</p>');
+ $dialog->addSubmitButton(pht('Unlink Account'));
$dialog->addCancelButton($provider->getSettingsPanelURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
$oauth_info->delete();
return id(new AphrontRedirectResponse())
->setURI($provider->getSettingsPanelURI());
}
}
diff --git a/src/applications/auth/controller/oauthregistration/PhabricatorOAuthDefaultRegistrationController.php b/src/applications/auth/controller/oauthregistration/PhabricatorOAuthDefaultRegistrationController.php
index a88c27fd91..6b81024bf7 100644
--- a/src/applications/auth/controller/oauthregistration/PhabricatorOAuthDefaultRegistrationController.php
+++ b/src/applications/auth/controller/oauthregistration/PhabricatorOAuthDefaultRegistrationController.php
@@ -1,223 +1,225 @@
<?php
final class PhabricatorOAuthDefaultRegistrationController
extends PhabricatorOAuthRegistrationController {
public function processRequest() {
$provider = $this->getOAuthProvider();
$oauth_info = $this->getOAuthInfo();
$request = $this->getRequest();
$errors = array();
$e_username = true;
$e_email = true;
$e_realname = true;
$user = new PhabricatorUser();
$user->setUsername($provider->retrieveUserAccountName());
$user->setRealName($provider->retrieveUserRealName());
$new_email = $provider->retrieveUserEmail();
if ($new_email) {
// If the user's OAuth provider account has an email address but the
// email address domain is not allowed by the Phabricator configuration,
// we just pretend the provider did not supply an address.
//
// For instance, if the user uses Google OAuth and their Google address
// is "joe@personal.com" but Phabricator is configured to require users
// use "@company.com" addresses, we show a prompt below and tell the user
// to provide their "@company.com" address. They can still use the OAuth
// account to login, they just need to associate their account with an
// allowed address.
//
// If the OAuth address is fine, we just use it and don't prompt the user.
if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
$new_email = null;
}
}
$show_email_input = ($new_email === null);
if ($request->isFormPost()) {
$user->setUsername($request->getStr('username'));
$username = $user->getUsername();
if (!strlen($user->getUsername())) {
- $e_username = 'Required';
- $errors[] = 'Username is required.';
+ $e_username = pht('Required');
+ $errors[] = pht('Username is required.');
} else if (!PhabricatorUser::validateUsername($username)) {
- $e_username = 'Invalid';
+ $e_username = pht('Invalid');
$errors[] = PhabricatorUser::describeValidUsername();
} else {
$e_username = null;
}
if (!$new_email) {
$new_email = trim($request->getStr('email'));
if (!$new_email) {
- $e_email = 'Required';
- $errors[] = 'Email is required.';
+ $e_email = pht('Required');
+ $errors[] = pht('Email is required.');
} else {
$e_email = null;
}
}
if ($new_email) {
$email_ok = PhabricatorUserEmail::isAllowedAddress($new_email);
if (!$email_ok) {
- $e_email = 'Invalid';
+ $e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
if (!strlen($user->getRealName())) {
$user->setRealName($request->getStr('realname'));
if (!strlen($user->getRealName())) {
- $e_realname = 'Required';
- $errors[] = 'Real name is required.';
+ $e_realname = pht('Required');
+ $errors[] = pht('Real name is required.');
} else {
$e_realname = null;
}
}
if (!$errors) {
$image = $provider->retrieveUserProfileImage();
if ($image) {
$file = PhabricatorFile::newFromFileData(
$image,
array(
'name' => $provider->getProviderKey().'-profile.jpg',
'authorPHID' => $user->getPHID(),
));
$xformer = new PhabricatorImageTransformer();
// Resize OAuth image to a reasonable size
$small_xformed = $xformer->executeProfileTransform(
$file,
$width = 50,
$min_height = 50,
$max_height = 50);
$user->setProfileImagePHID($small_xformed->getPHID());
}
try {
// NOTE: We don't verify OAuth email addresses by default because
// OAuth providers might associate email addresses with accounts that
// haven't actually verified they own them. We could selectively
// auto-verify some providers that we trust here, but the stakes for
// verifying an email address are high because having a corporate
// address at a company is sometimes the key to the castle.
$email_obj = id(new PhabricatorUserEmail())
->setAddress($new_email)
->setIsVerified(0);
id(new PhabricatorUserEditor())
->setActor($user)
->createNewUser($user, $email_obj);
$oauth_info->setUserID($user->getID());
$oauth_info->save();
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$email_obj->sendVerificationEmail($user);
return id(new AphrontRedirectResponse())->setURI('/');
} catch (AphrontQueryDuplicateKeyException $exception) {
$same_username = id(new PhabricatorUser())->loadOneWhere(
'userName = %s',
$user->getUserName());
$same_email = id(new PhabricatorUserEmail())->loadOneWhere(
'address = %s',
$new_email);
if ($same_username) {
- $e_username = 'Duplicate';
- $errors[] = 'That username or email is not unique.';
+ $e_username = pht('Duplicate');
+ $errors[] = pht('That username or email is not unique.');
} else if ($same_email) {
- $e_email = 'Duplicate';
- $errors[] = 'That email is not unique.';
+ $e_email = pht('Duplicate');
+ $errors[] = pht('That email is not unique.');
} else {
throw $exception;
}
}
}
}
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
- $error_view->setTitle('Registration Failed');
+ $error_view->setTitle(pht('Registration Failed'));
$error_view->setErrors($errors);
}
// Strip the URI down to the path, because otherwise we'll trigger
// external CSRF protection (by having a protocol in the form "action")
// and generate a form with no CSRF token.
$action_uri = new PhutilURI($provider->getRedirectURI());
$action_path = $action_uri->getPath();
$form = new AphrontFormView();
$form
->addHiddenInput('confirm_token', $provider->getAccessToken())
->addHiddenInput('expires', $oauth_info->getTokenExpires())
->addHiddenInput('state', $this->getOAuthState())
->setUser($request->getUser())
->setAction($action_path)
->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Username')
+ ->setLabel(pht('Username'))
->setName('username')
->setValue($user->getUsername())
->setError($e_username));
if ($show_email_input) {
$form->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Email')
+ ->setLabel(pht('Email'))
->setName('email')
->setValue($request->getStr('email'))
->setCaption(PhabricatorUserEmail::describeAllowedAddresses())
->setError($e_email));
}
if ($provider->retrieveUserRealName() === null) {
$form->appendChild(
id(new AphrontFormTextControl())
- ->setLabel('Real Name')
+ ->setLabel(pht('Real Name'))
->setName('realname')
->setValue($request->getStr('realname'))
->setError($e_realname));
}
$form
->appendChild(
id(new AphrontFormSubmitControl())
- ->setValue('Create Account'));
+ ->setValue(pht('Create Account')));
$panel = new AphrontPanelView();
- $panel->setHeader('Create New Account');
+ $panel->setHeader(pht('Create New Account'));
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild($form);
+ $panel->setNoBackground();
- return $this->buildStandardPageResponse(
+ return $this->buildApplicationPage(
array(
$error_view,
$panel,
),
array(
- 'title' => 'Create New Account',
+ 'title' => pht('Create New Account'),
+ 'device' => true
));
}
}
diff --git a/src/applications/auth/view/PhabricatorOAuthFailureView.php b/src/applications/auth/view/PhabricatorOAuthFailureView.php
index 4853410dbd..b8fa2afd2f 100644
--- a/src/applications/auth/view/PhabricatorOAuthFailureView.php
+++ b/src/applications/auth/view/PhabricatorOAuthFailureView.php
@@ -1,88 +1,88 @@
<?php
final class PhabricatorOAuthFailureView extends AphrontView {
private $request;
private $provider;
private $exception;
public function setRequest(AphrontRequest $request) {
$this->request = $request;
return $this;
}
public function setOAuthProvider($provider) {
$this->provider = $provider;
return $this;
}
public function setException(Exception $e) {
$this->exception = $e;
return $this;
}
public function render() {
$request = $this->request;
$provider = $this->provider;
$provider_name = $provider->getProviderName();
$diagnose = null;
$view = new AphrontRequestFailureView();
- $view->setHeader($provider_name.' Auth Failed');
+ $view->setHeader(pht('%s Auth Failed', $provider_name));
if ($this->request) {
$view->appendChild(
hsprintf(
'<p><strong>Description:</strong> %s</p>',
$request->getStr('error_description')));
$view->appendChild(
hsprintf(
'<p><strong>Error:</strong> %s</p>',
$request->getStr('error')));
$view->appendChild(
hsprintf(
'<p><strong>Error Reason:</strong> %s</p>',
$request->getStr('error_reason')));
} else if ($this->exception) {
$view->appendChild(
hsprintf(
'<p><strong>Error Details:</strong> %s</p>',
$this->exception->getMessage()));
} else {
// TODO: We can probably refine this.
$view->appendChild(
hsprintf(
'<p>Unable to authenticate with %s. '.
'There are several reasons this might happen:</p>'.
'<ul>'.
'<li>Phabricator may be configured with the wrong Application '.
'Secret; or</li>'.
'<li>the %s OAuth access token may have expired; or</li>'.
'<li>%s may have revoked authorization for the Application; '.
'or</li>'.
'<li>%s may be having technical problems.</li>'.
'</ul>'.
'<p>You can try again, or login using another method.</p>',
$provider_name,
$provider_name,
$provider_name,
$provider_name));
$provider_key = $provider->getProviderKey();
$diagnose = hsprintf(
'<a href="/oauth/'.$provider_key.'/diagnose/" class="button green">'.
'Diagnose %s OAuth Problems'.
'</a>',
$provider_name);
}
$view->appendChild(
'<div class="aphront-failure-continue">'.
$diagnose.
- '<a href="/login/" class="button">Continue</a>'.
+ '<a href="/login/" class="button">'.pht('Continue').'</a>'.
'</div>');
return $view->render();
}
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Jul 28, 2:03 AM (1 w, 19 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
186338
Default Alt Text
(75 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)