No OneTemporary
Actions

Size

57 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
	index ccc66ffeb7..9ecea74d6a 100644
	--- a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
	@@ -1,207 +1,202 @@
	<?php

	final class PhabricatorAuthOneTimeLoginController
	extends PhabricatorAuthController {

	public function shouldRequireLogin() {
	return false;
	}

	public function handleRequest(AphrontRequest $request) {
	$viewer = $this->getViewer();
	$id = $request->getURIData('id');
	$link_type = $request->getURIData('type');
	$key = $request->getURIData('key');
	$email_id = $request->getURIData('emailID');

	if ($request->getUser()->isLoggedIn()) {
	return $this->renderError(
	pht('You are already logged in.'));
	}

	$target_user = id(new PhabricatorPeopleQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withIDs(array($id))
	->executeOne();
	if (!$target_user) {
	return new Aphront404Response();
	}

	// NOTE: As a convenience to users, these one-time login URIs may also
	// be associated with an email address which will be verified when the
	// URI is used.

	// This improves the new user experience for users receiving "Welcome"
	// emails on installs that require verification: if we did not verify the
	// email, they'd immediately get roadblocked with a "Verify Your Email"
	// error and have to go back to their email account, wait for a
	// "Verification" email, and then click that link to actually get access to
	// their account. This is hugely unwieldy, and if the link was only sent
	// to the user's email in the first place we can safely verify it as a
	// side effect of login.

	// The email hashed into the URI so users can't verify some email they
	// do not own by doing this:
	//
	// - Add some address you do not own;
	// - request a password reset;
	// - change the URI in the email to the address you don't own;
	// - login via the email link; and
	// - get a "verified" address you don't control.

	$target_email = null;
	if ($email_id) {
	$target_email = id(new PhabricatorUserEmail())->loadOneWhere(
	'userPHID = %s AND id = %d',
	$target_user->getPHID(),
	$email_id);
	if (!$target_email) {
	return new Aphront404Response();
	}
	}

	$engine = new PhabricatorAuthSessionEngine();
	$token = $engine->loadOneTimeLoginKey(
	$target_user,
	$target_email,
	$key);

	if (!$token) {
	return $this->newDialog()
	->setTitle(pht('Unable to Login'))
	->setShortTitle(pht('Login Failure'))
	->appendParagraph(
	pht(
	'The login link you clicked is invalid, out of date, or has '.
	'already been used.'))
	->appendParagraph(
	pht(
	'Make sure you are copy-and-pasting the entire link into '.
	'your browser. Login links are only valid for 24 hours, and '.
	'can only be used once.'))
	->appendParagraph(
	pht('You can try again, or request a new link via email.'))
	->addCancelButton('/login/email/', pht('Send Another Email'));
	}

	if (!$target_user->canEstablishWebSessions()) {
	return $this->newDialog()
	->setTitle(pht('Unable to Establish Web Session'))
	->setShortTitle(pht('Login Failure'))
	->appendParagraph(
	pht(
	'You are trying to gain access to an account ("%s") that can not '.
	'establish a web session.',
	$target_user->getUsername()))
	->appendParagraph(
	pht(
	'Special users like daemons and mailing lists are not permitted '.
	'to log in via the web. Log in as a normal user instead.'))
	->addCancelButton('/');
	}

	if ($request->isFormPost()) {
	// If we have an email bound into this URI, verify email so that clicking
	// the link in the "Welcome" email is good enough, without requiring users
	// to go through a second round of email verification.

	+ $editor = id(new PhabricatorUserEditor())
	+ ->setActor($target_user);
	+
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	// Nuke the token and all other outstanding password reset tokens.
	// There is no particular security benefit to destroying them all, but
	// it should reduce HackerOne reports of nebulous harm.
	-
	- PhabricatorAuthTemporaryToken::revokeTokens(
	- $target_user,
	- array($target_user->getPHID()),
	- array(
	- PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE,
	- PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE,
	- ));
	+ $editor->revokePasswordResetLinks($target_user);

	if ($target_email) {
	- id(new PhabricatorUserEditor())
	- ->setActor($target_user)
	- ->verifyEmail($target_user, $target_email);
	+ $editor->verifyEmail($target_user, $target_email);
	}
	unset($unguarded);

	$next = '/';
	if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
	$next = '/settings/panel/external/';
	} else {

	// We're going to let the user reset their password without knowing
	// the old one. Generate a one-time token for that.
	$key = Filesystem::readRandomCharacters(16);
	+ $password_type =
	+ PhabricatorAuthPasswordResetTemporaryTokenType::TOKENTYPE;

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthTemporaryToken())
	->setObjectPHID($target_user->getPHID())
	- ->setTokenType(
	- PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE)
	+ ->setTokenType($password_type)
	->setTokenExpires(time() + phutil_units('1 hour in seconds'))
	->setTokenCode(PhabricatorHash::digest($key))
	->save();
	unset($unguarded);

	$next = (string)id(new PhutilURI('/settings/panel/password/'))
	->setQueryParams(
	array(
	'key' => $key,
	));

	$request->setTemporaryCookie(PhabricatorCookies::COOKIE_HISEC, 'yes');
	}

	PhabricatorCookies::setNextURICookie($request, $next, $force = true);

	return $this->loginUser($target_user);
	}

	// NOTE: We need to CSRF here so attackers can't generate an email link,
	// then log a user in to an account they control via sneaky invisible
	// form submissions.

	switch ($link_type) {
	case PhabricatorAuthSessionEngine::ONETIME_WELCOME:
	$title = pht('Welcome to Phabricator');
	break;
	case PhabricatorAuthSessionEngine::ONETIME_RECOVER:
	$title = pht('Account Recovery');
	break;
	case PhabricatorAuthSessionEngine::ONETIME_USERNAME:
	case PhabricatorAuthSessionEngine::ONETIME_RESET:
	default:
	$title = pht('Login to Phabricator');
	break;
	}

	$body = array();
	$body[] = pht(
	'Use the button below to log in as: %s',
	phutil_tag('strong', array(), $target_user->getUsername()));

	if ($target_email && !$target_email->getIsVerified()) {
	$body[] = pht(
	'Logging in will verify %s as an email address you own.',
	phutil_tag('strong', array(), $target_email->getAddress()));

	}

	$body[] = pht(
	'After logging in you should set a password for your account, or '.
	'link your account to an external account that you can use to '.
	'authenticate in the future.');

	$dialog = $this->newDialog()
	->setTitle($title)
	->addSubmitButton(pht('Login (%s)', $target_user->getUsername()))
	->addCancelButton('/');

	foreach ($body as $paragraph) {
	$dialog->appendParagraph($paragraph);
	}

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}
	}
	diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	index 77ba80bccb..e6289926dd 100644
	--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	@@ -1,726 +1,717 @@
	<?php

	/**
	*
	* @task use Using Sessions
	* @task new Creating Sessions
	* @task hisec High Security
	* @task partial Partial Sessions
	* @task onetime One Time Login URIs
	*/
	final class PhabricatorAuthSessionEngine extends Phobject {

	/**
	* Session issued to normal users after they login through a standard channel.
	* Associates the client with a standard user identity.
	*/
	const KIND_USER = 'U';


	/**
	* Session issued to users who login with some sort of credentials but do not
	* have full accounts. These are sometimes called "grey users".
	*
	* TODO: We do not currently issue these sessions, see T4310.
	*/
	const KIND_EXTERNAL = 'X';


	/**
	* Session issued to logged-out users which has no real identity information.
	* Its purpose is to protect logged-out users from CSRF.
	*/
	const KIND_ANONYMOUS = 'A';


	/**
	* Session kind isn't known.
	*/
	const KIND_UNKNOWN = '?';


	- /**
	- * Temporary tokens for one time logins.
	- */
	- const ONETIME_TEMPORARY_TOKEN_TYPE = 'login:onetime';
	-
	-
	- /**
	- * Temporary tokens for password recovery after one time login.
	- */
	- const PASSWORD_TEMPORARY_TOKEN_TYPE = 'login:password';
	-
	const ONETIME_RECOVER = 'recover';
	const ONETIME_RESET = 'reset';
	const ONETIME_WELCOME = 'welcome';
	const ONETIME_USERNAME = 'rename';


	/**
	* Get the session kind (e.g., anonymous, user, external account) from a
	* session token. Returns a `KIND_` constant.
	*
	* @param string Session token.
	* @return const Session kind constant.
	*/
	public static function getSessionKindFromToken($session_token) {
	if (strpos($session_token, '/') === false) {
	// Old-style session, these are all user sessions.
	return self::KIND_USER;
	}

	list($kind, $key) = explode('/', $session_token, 2);

	switch ($kind) {
	case self::KIND_ANONYMOUS:
	case self::KIND_USER:
	case self::KIND_EXTERNAL:
	return $kind;
	default:
	return self::KIND_UNKNOWN;
	}
	}


	/**
	* Load the user identity associated with a session of a given type,
	* identified by token.
	*
	* When the user presents a session token to an API, this method verifies
	* it is of the correct type and loads the corresponding identity if the
	* session exists and is valid.
	*
	* NOTE: `$session_type` is the type of session that is required by the
	* loading context. This prevents use of a Conduit sesssion as a Web
	* session, for example.
	*
	* @param const The type of session to load.
	* @param string The session token.
	* @return PhabricatorUser\|null
	* @task use
	*/
	public function loadUserForSession($session_type, $session_token) {
	$session_kind = self::getSessionKindFromToken($session_token);
	switch ($session_kind) {
	case self::KIND_ANONYMOUS:
	// Don't bother trying to load a user for an anonymous session, since
	// neither the session nor the user exist.
	return null;
	case self::KIND_UNKNOWN:
	// If we don't know what kind of session this is, don't go looking for
	// it.
	return null;
	case self::KIND_USER:
	break;
	case self::KIND_EXTERNAL:
	// TODO: Implement these (T4310).
	return null;
	}

	$session_table = new PhabricatorAuthSession();
	$user_table = new PhabricatorUser();
	$conn_r = $session_table->establishConnection('r');
	$session_key = PhabricatorHash::digest($session_token);

	// NOTE: We're being clever here because this happens on every page load,
	// and by joining we can save a query. This might be getting too clever
	// for its own good, though...

	$info = queryfx_one(
	$conn_r,
	'SELECT
	s.id AS s_id,
	s.sessionExpires AS s_sessionExpires,
	s.sessionStart AS s_sessionStart,
	s.highSecurityUntil AS s_highSecurityUntil,
	s.isPartial AS s_isPartial,
	s.signedLegalpadDocuments as s_signedLegalpadDocuments,
	u.*
	FROM %T u JOIN %T s ON u.phid = s.userPHID
	AND s.type = %s AND s.sessionKey = %s',
	$user_table->getTableName(),
	$session_table->getTableName(),
	$session_type,
	$session_key);

	if (!$info) {
	return null;
	}

	$session_dict = array(
	'userPHID' => $info['phid'],
	'sessionKey' => $session_key,
	'type' => $session_type,
	);
	foreach ($info as $key => $value) {
	if (strncmp($key, 's_', 2) === 0) {
	unset($info[$key]);
	$session_dict[substr($key, 2)] = $value;
	}
	}

	$user = $user_table->loadFromArray($info);
	switch ($session_type) {
	case PhabricatorAuthSession::TYPE_WEB:
	// Explicitly prevent bots and mailing lists from establishing web
	// sessions. It's normally impossible to attach authentication to these
	// accounts, and likewise impossible to generate sessions, but it's
	// technically possible that a session could exist in the database. If
	// one does somehow, refuse to load it.
	if (!$user->canEstablishWebSessions()) {
	return null;
	}
	break;
	}

	$session = id(new PhabricatorAuthSession())->loadFromArray($session_dict);

	$ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	// If more than 20% of the time on this session has been used, refresh the
	// TTL back up to the full duration. The idea here is that sessions are
	// good forever if used regularly, but get GC'd when they fall out of use.

	// NOTE: If we begin rotating session keys when extending sessions, the
	// CSRF code needs to be updated so CSRF tokens survive session rotation.

	if (time() + (0.80 * $ttl) > $session->getSessionExpires()) {
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$conn_w = $session_table->establishConnection('w');
	queryfx(
	$conn_w,
	'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d',
	$session->getTableName(),
	$ttl,
	$session->getID());
	unset($unguarded);
	}

	$user->attachSession($session);
	return $user;
	}


	/**
	* Issue a new session key for a given identity. Phabricator supports
	* different types of sessions (like "web" and "conduit") and each session
	* type may have multiple concurrent sessions (this allows a user to be
	* logged in on multiple browsers at the same time, for instance).
	*
	* Note that this method is transport-agnostic and does not set cookies or
	* issue other types of tokens, it ONLY generates a new session key.
	*
	* You can configure the maximum number of concurrent sessions for various
	* session types in the Phabricator configuration.
	*
	* @param const Session type constant (see
	* @{class:PhabricatorAuthSession}).
	* @param phid\|null Identity to establish a session for, usually a user
	* PHID. With `null`, generates an anonymous session.
	* @param bool True to issue a partial session.
	* @return string Newly generated session key.
	*/
	public function establishSession($session_type, $identity_phid, $partial) {
	// Consume entropy to generate a new session key, forestalling the eventual
	// heat death of the universe.
	$session_key = Filesystem::readRandomCharacters(40);

	if ($identity_phid === null) {
	return self::KIND_ANONYMOUS.'/'.$session_key;
	}

	$session_table = new PhabricatorAuthSession();
	$conn_w = $session_table->establishConnection('w');

	// This has a side effect of validating the session type.
	$session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	$digest_key = PhabricatorHash::digest($session_key);

	// Logging-in users don't have CSRF stuff yet, so we have to unguard this
	// write.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthSession())
	->setUserPHID($identity_phid)
	->setType($session_type)
	->setSessionKey($digest_key)
	->setSessionStart(time())
	->setSessionExpires(time() + $session_ttl)
	->setIsPartial($partial ? 1 : 0)
	->setSignedLegalpadDocuments(0)
	->save();

	$log = PhabricatorUserLog::initializeNewLog(
	null,
	$identity_phid,
	($partial
	? PhabricatorUserLog::ACTION_LOGIN_PARTIAL
	: PhabricatorUserLog::ACTION_LOGIN));

	$log->setDetails(
	array(
	'session_type' => $session_type,
	));
	$log->setSession($digest_key);
	$log->save();
	unset($unguarded);

	return $session_key;
	}


	/**
	* Terminate all of a user's login sessions.
	*
	* This is used when users change passwords, linked accounts, or add
	* multifactor authentication.
	*
	* @param PhabricatorUser User whose sessions should be terminated.
	* @param string\|null Optionally, one session to keep. Normally, the current
	* login session.
	*
	* @return void
	*/
	public function terminateLoginSessions(
	PhabricatorUser $user,
	$except_session = null) {

	$sessions = id(new PhabricatorAuthSessionQuery())
	->setViewer($user)
	->withIdentityPHIDs(array($user->getPHID()))
	->execute();

	if ($except_session !== null) {
	$except_session = PhabricatorHash::digest($except_session);
	}

	foreach ($sessions as $key => $session) {
	if ($except_session !== null) {
	$is_except = phutil_hashes_are_identical(
	$session->getSessionKey(),
	$except_session);
	if ($is_except) {
	continue;
	}
	}

	$session->delete();
	}
	}


	/* -( High Security )------------------------------------------------------ */


	/**
	* Require high security, or prompt the user to enter high security.
	*
	* If the user's session is in high security, this method will return a
	* token. Otherwise, it will throw an exception which will eventually
	* be converted into a multi-factor authentication workflow.
	*
	* @param PhabricatorUser User whose session needs to be in high security.
	* @param AphrontReqeust Current request.
	* @param string URI to return the user to if they cancel.
	* @param bool True to jump partial sessions directly into high
	* security instead of just upgrading them to full
	* sessions.
	* @return PhabricatorAuthHighSecurityToken Security token.
	* @task hisec
	*/
	public function requireHighSecuritySession(
	PhabricatorUser $viewer,
	AphrontRequest $request,
	$cancel_uri,
	$jump_into_hisec = false) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Requiring a high-security session from a user with no session!'));
	}

	$session = $viewer->getSession();

	// Check if the session is already in high security mode.
	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	// Load the multi-factor auth sources attached to this account.
	$factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
	'userPHID = %s',
	$viewer->getPHID());

	// If the account has no associated multi-factor auth, just issue a token
	// without putting the session into high security mode. This is generally
	// easier for users. A minor but desirable side effect is that when a user
	// adds an auth factor, existing sessions won't get a free pass into hisec,
	// since they never actually got marked as hisec.
	if (!$factors) {
	return $this->issueHighSecurityToken($session, true);
	}

	// Check for a rate limit without awarding points, so the user doesn't
	// get partway through the workflow only to get blocked.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	0);

	$validation_results = array();
	if ($request->isHTTPPost()) {
	$request->validateCSRF();
	if ($request->getExists(AphrontRequest::TYPE_HISEC)) {

	// Limit factor verification rates to prevent brute force attacks.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	1);

	$ok = true;
	foreach ($factors as $factor) {
	$id = $factor->getID();
	$impl = $factor->requireImplementation();

	$validation_results[$id] = $impl->processValidateFactorForm(
	$factor,
	$viewer,
	$request);

	if (!$impl->isFactorValid($factor, $validation_results[$id])) {
	$ok = false;
	}
	}

	if ($ok) {
	// Give the user a credit back for a successful factor verification.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	-1);

	if ($session->getIsPartial() && !$jump_into_hisec) {
	// If we have a partial session and are not jumping directly into
	// hisec, just issue a token without putting it in high security
	// mode.
	return $this->issueHighSecurityToken($session, true);
	}

	$until = time() + phutil_units('15 minutes in seconds');
	$session->setHighSecurityUntil($until);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = %d WHERE id = %d',
	$session->getTableName(),
	$until,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_ENTER_HISEC);
	$log->save();
	} else {
	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_FAIL_HISEC);
	$log->save();
	}
	}
	}

	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	throw id(new PhabricatorAuthHighSecurityRequiredException())
	->setCancelURI($cancel_uri)
	->setFactors($factors)
	->setFactorValidationResults($validation_results);
	}


	/**
	* Issue a high security token for a session, if authorized.
	*
	* @param PhabricatorAuthSession Session to issue a token for.
	* @param bool Force token issue.
	* @return PhabricatorAuthHighSecurityToken\|null Token, if authorized.
	* @task hisec
	*/
	private function issueHighSecurityToken(
	PhabricatorAuthSession $session,
	$force = false) {

	$until = $session->getHighSecurityUntil();
	if ($until > time() \|\| $force) {
	return new PhabricatorAuthHighSecurityToken();
	}

	return null;
	}


	/**
	* Render a form for providing relevant multi-factor credentials.
	*
	* @param PhabricatorUser Viewing user.
	* @param AphrontRequest Current request.
	* @return AphrontFormView Renderable form.
	* @task hisec
	*/
	public function renderHighSecurityForm(
	array $factors,
	array $validation_results,
	PhabricatorUser $viewer,
	AphrontRequest $request) {

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendRemarkupInstructions('');

	foreach ($factors as $factor) {
	$factor->requireImplementation()->renderValidateFactorForm(
	$factor,
	$form,
	$viewer,
	idx($validation_results, $factor->getID()));
	}

	$form->appendRemarkupInstructions('');

	return $form;
	}


	/**
	* Strip the high security flag from a session.
	*
	* Kicks a session out of high security and logs the exit.
	*
	* @param PhabricatorUser Acting user.
	* @param PhabricatorAuthSession Session to return to normal security.
	* @return void
	* @task hisec
	*/
	public function exitHighSecurity(
	PhabricatorUser $viewer,
	PhabricatorAuthSession $session) {

	if (!$session->getHighSecurityUntil()) {
	return;
	}

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',
	$session->getTableName(),
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_EXIT_HISEC);
	$log->save();
	}


	/* -( Partial Sessions )--------------------------------------------------- */


	/**
	* Upgrade a partial session to a full session.
	*
	* @param PhabricatorAuthSession Session to upgrade.
	* @return void
	* @task partial
	*/
	public function upgradePartialSession(PhabricatorUser $viewer) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Upgrading partial session of user with no session!'));
	}

	$session = $viewer->getSession();

	if (!$session->getIsPartial()) {
	throw new Exception(pht('Session is not partial!'));
	}

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$session->setIsPartial(0);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET isPartial = %d WHERE id = %d',
	$session->getTableName(),
	0,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_LOGIN_FULL);
	$log->save();
	unset($unguarded);
	}


	/* -( Legalpad Documents )-------------------------------------------------- */


	/**
	* Upgrade a session to have all legalpad documents signed.
	*
	* @param PhabricatorUser User whose session should upgrade.
	* @param array LegalpadDocument objects
	* @return void
	* @task partial
	*/
	public function signLegalpadDocuments(PhabricatorUser $viewer, array $docs) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Signing session legalpad documents of user with no session!'));
	}

	$session = $viewer->getSession();

	if ($session->getSignedLegalpadDocuments()) {
	throw new Exception(pht(
	'Session has already signed required legalpad documents!'));
	}

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$session->setSignedLegalpadDocuments(1);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET signedLegalpadDocuments = %d WHERE id = %d',
	$session->getTableName(),
	1,
	$session->getID());

	if (!empty($docs)) {
	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_LOGIN_LEGALPAD);
	$log->save();
	}
	unset($unguarded);
	}


	/* -( One Time Login URIs )------------------------------------------------ */


	/**
	* Retrieve a temporary, one-time URI which can log in to an account.
	*
	* These URIs are used for password recovery and to regain access to accounts
	* which users have been locked out of.
	*
	* @param PhabricatorUser User to generate a URI for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Optional context string for the URI. This is purely cosmetic
	* and used only to customize workflow and error messages.
	* @return string Login URI.
	* @task onetime
	*/
	public function getOneTimeLoginURI(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$type = self::ONETIME_RESET) {

	$key = Filesystem::readRandomCharacters(32);
	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);
	+ $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE;

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthTemporaryToken())
	->setObjectPHID($user->getPHID())
	- ->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE)
	+ ->setTokenType($onetime_type)
	->setTokenExpires(time() + phutil_units('1 day in seconds'))
	->setTokenCode($key_hash)
	->save();
	unset($unguarded);

	$uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/';
	if ($email) {
	$uri = $uri.$email->getID().'/';
	}

	try {
	$uri = PhabricatorEnv::getProductionURI($uri);
	} catch (Exception $ex) {
	// If a user runs `bin/auth recover` before configuring the base URI,
	// just show the path. We don't have any way to figure out the domain.
	// See T4132.
	}

	return $uri;
	}


	/**
	* Load the temporary token associated with a given one-time login key.
	*
	* @param PhabricatorUser User to load the token for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Key user is presenting as a valid one-time login key.
	* @return PhabricatorAuthTemporaryToken\|null Token, if one exists.
	* @task onetime
	*/
	public function loadOneTimeLoginKey(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);
	+ $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE;

	return id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($user)
	->withObjectPHIDs(array($user->getPHID()))
	- ->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE))
	+ ->withTokenTypes(array($onetime_type))
	->withTokenCodes(array($key_hash))
	->withExpired(false)
	->executeOne();
	}


	/**
	* Hash a one-time login key for storage as a temporary token.
	*
	* @param PhabricatorUser User this key is for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string The one time login key.
	* @return string Hash of the key.
	* task onetime
	*/
	private function getOneTimeLoginKeyHash(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$parts = array(
	$key,
	$user->getAccountSecret(),
	);

	if ($email) {
	$parts[] = $email->getVerificationCode();
	}

	return PhabricatorHash::digest(implode(':', $parts));
	}

	}
	diff --git a/src/applications/people/editor/PhabricatorUserEditor.php b/src/applications/people/editor/PhabricatorUserEditor.php
	index d7885ef101..3370fb428b 100644
	--- a/src/applications/people/editor/PhabricatorUserEditor.php
	+++ b/src/applications/people/editor/PhabricatorUserEditor.php
	@@ -1,734 +1,734 @@
	<?php

	/**
	* Editor class for creating and adjusting users. This class guarantees data
	* integrity and writes logs when user information changes.
	*
	* @task config Configuration
	* @task edit Creating and Editing Users
	* @task role Editing Roles
	* @task email Adding, Removing and Changing Email
	* @task internal Internals
	*/
	final class PhabricatorUserEditor extends PhabricatorEditor {

	private $logs = array();


	/* -( Creating and Editing Users )----------------------------------------- */


	/**
	* @task edit
	*/
	public function createNewUser(
	PhabricatorUser $user,
	PhabricatorUserEmail $email,
	$allow_reassign = false) {

	if ($user->getID()) {
	throw new Exception(pht('User has already been created!'));
	}

	$is_reassign = false;
	if ($email->getID()) {
	if ($allow_reassign) {
	if ($email->getIsPrimary()) {
	throw new Exception(
	pht('Primary email addresses can not be reassigned.'));
	}
	$is_reassign = true;
	} else {
	throw new Exception(pht('Email has already been created!'));
	}
	}

	if (!PhabricatorUser::validateUsername($user->getUsername())) {
	$valid = PhabricatorUser::describeValidUsername();
	throw new Exception(pht('Username is invalid! %s', $valid));
	}

	// Always set a new user's email address to primary.
	$email->setIsPrimary(1);

	// If the primary address is already verified, also set the verified flag
	// on the user themselves.
	if ($email->getIsVerified()) {
	$user->setIsEmailVerified(1);
	}

	$this->willAddEmail($email);

	$user->openTransaction();
	try {
	$user->save();
	$email->setUserPHID($user->getPHID());
	$email->save();
	} catch (AphrontDuplicateKeyQueryException $ex) {
	// We might have written the user but failed to write the email; if
	// so, erase the IDs we attached.
	$user->setID(null);
	$user->setPHID(null);

	$user->killTransaction();
	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CREATE);
	$log->setNewValue($email->getAddress());
	$log->save();

	if ($is_reassign) {
	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_REASSIGN);
	$log->setNewValue($email->getAddress());
	$log->save();
	}

	$user->saveTransaction();

	if ($email->getIsVerified()) {
	$this->didVerifyEmail($user, $email);
	}

	return $this;
	}


	/**
	* @task edit
	*/
	public function updateUser(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null) {

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->save();
	if ($email) {
	$email->save();
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EDIT);
	$log->save();

	$user->saveTransaction();

	return $this;
	}


	/**
	* @task edit
	*/
	public function changePassword(
	PhabricatorUser $user,
	PhutilOpaqueEnvelope $envelope) {

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->reload();

	$user->setPassword($envelope);
	$user->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CHANGE_PASSWORD);
	$log->save();

	$user->saveTransaction();
	}


	/**
	* @task edit
	*/
	public function changeUsername(PhabricatorUser $user, $username) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	if (!PhabricatorUser::validateUsername($username)) {
	$valid = PhabricatorUser::describeValidUsername();
	throw new Exception(pht('Username is invalid! %s', $valid));
	}

	$old_username = $user->getUsername();

	$user->openTransaction();
	$user->reload();
	$user->setUsername($username);

	try {
	$user->save();
	} catch (AphrontDuplicateKeyQueryException $ex) {
	$user->setUsername($old_username);
	$user->killTransaction();
	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CHANGE_USERNAME);
	$log->setOldValue($old_username);
	$log->setNewValue($username);
	$log->save();

	$user->saveTransaction();

	$user->sendUsernameChangeEmail($actor, $old_username);
	}


	/* -( Editing Roles )------------------------------------------------------ */


	/**
	* @task role
	*/
	public function makeAdminUser(PhabricatorUser $user, $admin) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsAdmin() == $admin) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_ADMIN);
	$log->setOldValue($user->getIsAdmin());
	$log->setNewValue($admin);

	$user->setIsAdmin((int)$admin);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}

	/**
	* @task role
	*/
	public function makeSystemAgentUser(PhabricatorUser $user, $system_agent) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsSystemAgent() == $system_agent) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_SYSTEM_AGENT);
	$log->setOldValue($user->getIsSystemAgent());
	$log->setNewValue($system_agent);

	$user->setIsSystemAgent((int)$system_agent);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}

	/**
	* @task role
	*/
	public function makeMailingListUser(PhabricatorUser $user, $mailing_list) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsMailingList() == $mailing_list) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_MAILING_LIST);
	$log->setOldValue($user->getIsMailingList());
	$log->setNewValue($mailing_list);

	$user->setIsMailingList((int)$mailing_list);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}

	/**
	* @task role
	*/
	public function disableUser(PhabricatorUser $user, $disable) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsDisabled() == $disable) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_DISABLE);
	$log->setOldValue($user->getIsDisabled());
	$log->setNewValue($disable);

	$user->setIsDisabled((int)$disable);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/**
	* @task role
	*/
	public function approveUser(PhabricatorUser $user, $approve) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsApproved() == $approve) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_APPROVE);
	$log->setOldValue($user->getIsApproved());
	$log->setNewValue($approve);

	$user->setIsApproved($approve);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/* -( Adding, Removing and Changing Email )-------------------------------- */


	/**
	* @task email
	*/
	public function addEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}
	if ($email->getID()) {
	throw new Exception(pht('Email has already been created!'));
	}

	// Use changePrimaryEmail() to change primary email.
	$email->setIsPrimary(0);
	$email->setUserPHID($user->getPHID());

	$this->willAddEmail($email);

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();

	try {
	$email->save();
	} catch (AphrontDuplicateKeyQueryException $ex) {
	$user->endWriteLocking();
	$user->killTransaction();

	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_ADD);
	$log->setNewValue($email->getAddress());
	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/**
	* @task email
	*/
	public function removeEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}
	if (!$email->getID()) {
	throw new Exception(pht('Email has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getIsPrimary()) {
	throw new Exception(pht("Can't remove primary email!"));
	}
	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception(pht('Email not owned by user!'));
	}

	$email->delete();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_REMOVE);
	$log->setOldValue($email->getAddress());
	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	$this->revokePasswordResetLinks($user);

	return $this;
	}


	/**
	* @task email
	*/
	public function changePrimaryEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}
	if (!$email->getID()) {
	throw new Exception(pht('Email has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception(pht('User does not own email!'));
	}

	if ($email->getIsPrimary()) {
	throw new Exception(pht('Email is already primary!'));
	}

	if (!$email->getIsVerified()) {
	throw new Exception(pht('Email is not verified!'));
	}

	$old_primary = $user->loadPrimaryEmail();
	if ($old_primary) {
	$old_primary->setIsPrimary(0);
	$old_primary->save();
	}

	$email->setIsPrimary(1);
	$email->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_PRIMARY);
	$log->setOldValue($old_primary ? $old_primary->getAddress() : null);
	$log->setNewValue($email->getAddress());

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	if ($old_primary) {
	$old_primary->sendOldPrimaryEmail($user, $email);
	}
	$email->sendNewPrimaryEmail($user);


	$this->revokePasswordResetLinks($user);

	return $this;
	}


	/**
	* Verify a user's email address.
	*
	* This verifies an individual email address. If the address is the user's
	* primary address and their account was not previously verified, their
	* account is marked as email verified.
	*
	* @task email
	*/
	public function verifyEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}
	if (!$email->getID()) {
	throw new Exception(pht('Email has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception(pht('User does not own email!'));
	}

	if (!$email->getIsVerified()) {
	$email->setIsVerified(1);
	$email->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_VERIFY);
	$log->setNewValue($email->getAddress());
	$log->save();
	}

	if (!$user->getIsEmailVerified()) {
	// If the user just verified their primary email address, mark their
	// account as email verified.
	$user_primary = $user->loadPrimaryEmail();
	if ($user_primary->getID() == $email->getID()) {
	$user->setIsEmailVerified(1);
	$user->save();
	}
	}

	$user->endWriteLocking();
	$user->saveTransaction();

	$this->didVerifyEmail($user, $email);
	}


	/**
	* Reassign an unverified email address.
	*/
	public function reassignEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception(pht('User has not been created yet!'));
	}

	if (!$email->getID()) {
	throw new Exception(pht('Email has not been created yet!'));
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	$old_user = $email->getUserPHID();

	if ($old_user != $user->getPHID()) {
	if ($email->getIsVerified()) {
	throw new Exception(
	pht('Verified email addresses can not be reassigned.'));
	}
	if ($email->getIsPrimary()) {
	throw new Exception(
	pht('Primary email addresses can not be reassigned.'));
	}

	$email->setUserPHID($user->getPHID());
	$email->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_REASSIGN);
	$log->setNewValue($email->getAddress());
	$log->save();
	}

	$user->endWriteLocking();
	$user->saveTransaction();
	}


	/* -( Internals )---------------------------------------------------------- */


	/**
	* @task internal
	*/
	private function willAddEmail(PhabricatorUserEmail $email) {

	// Hard check before write to prevent creation of disallowed email
	// addresses. Normally, the application does checks and raises more
	// user friendly errors for us, but we omit the courtesy checks on some
	// pathways like administrative scripts for simplicity.

	if (!PhabricatorUserEmail::isValidAddress($email->getAddress())) {
	throw new Exception(PhabricatorUserEmail::describeValidAddresses());
	}

	if (!PhabricatorUserEmail::isAllowedAddress($email->getAddress())) {
	throw new Exception(PhabricatorUserEmail::describeAllowedAddresses());
	}

	$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withAddresses(array($email->getAddress()))
	->executeOne();
	if ($application_email) {
	throw new Exception($application_email->getInUseMessage());
	}
	}

	- private function revokePasswordResetLinks(PhabricatorUser $user) {
	+ public function revokePasswordResetLinks(PhabricatorUser $user) {
	// Revoke any outstanding password reset links. If an attacker compromises
	// an account, changes the email address, and sends themselves a password
	// reset link, it could otherwise remain live for a short period of time
	// and allow them to compromise the account again later.

	PhabricatorAuthTemporaryToken::revokeTokens(
	$user,
	array($user->getPHID()),
	array(
	- PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE,
	- PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE,
	+ PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE,
	+ PhabricatorAuthPasswordResetTemporaryTokenType::TOKENTYPE,
	));
	}

	private function didVerifyEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	$event_type = PhabricatorEventType::TYPE_AUTH_DIDVERIFYEMAIL;
	$event_data = array(
	'user' => $user,
	'email' => $email,
	);

	$event = id(new PhabricatorEvent($event_type, $event_data))
	->setUser($user);
	PhutilEventEngine::dispatchEvent($event);
	}


	}
	diff --git a/src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php b/src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
	index 56b8fad76a..dd26890fc2 100644
	--- a/src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
	+++ b/src/applications/settings/panel/PhabricatorPasswordSettingsPanel.php
	@@ -1,216 +1,217 @@
	<?php

	final class PhabricatorPasswordSettingsPanel extends PhabricatorSettingsPanel {

	public function getPanelKey() {
	return 'password';
	}

	public function getPanelName() {
	return pht('Password');
	}

	public function getPanelGroup() {
	return pht('Authentication');
	}

	public function isEnabled() {
	// There's no sense in showing a change password panel if this install
	// doesn't support password authentication.
	if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
	return false;
	}

	return true;
	}

	public function processRequest(AphrontRequest $request) {
	$user = $request->getUser();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$user,
	$request,
	'/settings/');

	$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length');
	$min_len = (int)$min_len;

	// NOTE: To change your password, you need to prove you own the account,
	// either by providing the old password or by carrying a token to
	// the workflow from a password reset email.

	$key = $request->getStr('key');
	+ $password_type = PhabricatorAuthPasswordResetTemporaryTokenType::TOKENTYPE;
	+
	$token = null;
	if ($key) {
	$token = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($user)
	->withObjectPHIDs(array($user->getPHID()))
	- ->withTokenTypes(
	- array(PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE))
	+ ->withTokenTypes(array($password_type))
	->withTokenCodes(array(PhabricatorHash::digest($key)))
	->withExpired(false)
	->executeOne();
	}

	$e_old = true;
	$e_new = true;
	$e_conf = true;

	$errors = array();
	if ($request->isFormPost()) {
	if (!$token) {
	$envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw'));
	if (!$user->comparePassword($envelope)) {
	$errors[] = pht('The old password you entered is incorrect.');
	$e_old = pht('Invalid');
	}
	}

	$pass = $request->getStr('new_pw');
	$conf = $request->getStr('conf_pw');

	if (strlen($pass) < $min_len) {
	$errors[] = pht('Your new password is too short.');
	$e_new = pht('Too Short');
	} else if ($pass !== $conf) {
	$errors[] = pht('New password and confirmation do not match.');
	$e_conf = pht('Invalid');
	} else if (PhabricatorCommonPasswords::isCommonPassword($pass)) {
	$e_new = pht('Very Weak');
	$e_conf = pht('Very Weak');
	$errors[] = pht(
	'Your new password is very weak: it is one of the most common '.
	'passwords in use. Choose a stronger password.');
	}

	if (!$errors) {
	// This write is unguarded because the CSRF token has already
	// been checked in the call to $request->isFormPost() and
	// the CSRF token depends on the password hash, so when it
	// is changed here the CSRF token check will fail.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

	$envelope = new PhutilOpaqueEnvelope($pass);
	id(new PhabricatorUserEditor())
	->setActor($user)
	->changePassword($user, $envelope);

	unset($unguarded);

	if ($token) {
	// Destroy the token.
	$token->delete();

	// If this is a password set/reset, kick the user to the home page
	// after we update their account.
	$next = '/';
	} else {
	$next = $this->getPanelURI('?saved=true');
	}

	id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(
	$user,
	$request->getCookie(PhabricatorCookies::COOKIE_SESSION));

	return id(new AphrontRedirectResponse())->setURI($next);
	}
	}

	$hash_envelope = new PhutilOpaqueEnvelope($user->getPasswordHash());
	if (strlen($hash_envelope->openEnvelope())) {
	try {
	$can_upgrade = PhabricatorPasswordHasher::canUpgradeHash(
	$hash_envelope);
	} catch (PhabricatorPasswordHasherUnavailableException $ex) {
	$can_upgrade = false;

	// Only show this stuff if we aren't on the reset workflow. We can
	// do resets regardless of the old hasher's availability.
	if (!$token) {
	$errors[] = pht(
	'Your password is currently hashed using an algorithm which is '.
	'no longer available on this install.');
	$errors[] = pht(
	'Because the algorithm implementation is missing, your password '.
	'can not be used or updated.');
	$errors[] = pht(
	'To set a new password, request a password reset link from the '.
	'login screen and then follow the instructions.');
	}
	}

	if ($can_upgrade) {
	$errors[] = pht(
	'The strength of your stored password hash can be upgraded. '.
	'To upgrade, either: log out and log in using your password; or '.
	'change your password.');
	}
	}

	$len_caption = null;
	if ($min_len) {
	$len_caption = pht('Minimum password length: %d characters.', $min_len);
	}

	$form = new AphrontFormView();
	$form
	->setUser($user)
	->addHiddenInput('key', $key);

	if (!$token) {
	$form->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel(pht('Old Password'))
	->setError($e_old)
	->setName('old_pw'));
	}

	$form
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setDisableAutocomplete(true)
	->setLabel(pht('New Password'))
	->setError($e_new)
	->setName('new_pw'));
	$form
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setDisableAutocomplete(true)
	->setLabel(pht('Confirm Password'))
	->setCaption($len_caption)
	->setError($e_conf)
	->setName('conf_pw'));
	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Change Password')));

	$form->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel(pht('Current Algorithm'))
	->setValue(PhabricatorPasswordHasher::getCurrentAlgorithmName(
	new PhutilOpaqueEnvelope($user->getPasswordHash()))));

	$form->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel(pht('Best Available Algorithm'))
	->setValue(PhabricatorPasswordHasher::getBestAlgorithmName()));

	$form->appendRemarkupInstructions(
	pht(
	'NOTE: Changing your password will terminate any other outstanding '.
	'login sessions.'));

	$form_box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Change Password'))
	->setFormSaved($request->getStr('saved'))
	->setFormErrors($errors)
	->setForm($form);

	return array(
	$form_box,
	);
	}


	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Mar 17, 1:16 AM (19 h, 3 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 964034
Default Alt Text: (57 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions