No OneTemporary
Actions

Size

41 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/controller/PhabricatorAuthUnlinkController.php b/src/applications/auth/controller/PhabricatorAuthUnlinkController.php
	index 822f203bce..a5bdf90b70 100644
	--- a/src/applications/auth/controller/PhabricatorAuthUnlinkController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthUnlinkController.php
	@@ -1,140 +1,149 @@
	<?php

	final class PhabricatorAuthUnlinkController
	extends PhabricatorAuthController {

	private $providerKey;

	public function willProcessRequest(array $data) {
	$this->providerKey = $data['pkey'];
	}

	public function processRequest() {
	$request = $this->getRequest();
	$viewer = $request->getUser();

	list($type, $domain) = explode(':', $this->providerKey, 2);

	// Check that this account link actually exists. We don't require the
	// provider to exist because we want users to be able to delete links to
	// dead accounts if they want.
	$account = id(new PhabricatorExternalAccount())->loadOneWhere(
	'accountType = %s AND accountDomain = %s AND userPHID = %s',
	$type,
	$domain,
	$viewer->getPHID());
	if (!$account) {
	return $this->renderNoAccountErrorDialog();
	}

	// Check that the provider (if it exists) allows accounts to be unlinked.
	$provider_key = $this->providerKey;
	$provider = PhabricatorAuthProvider::getEnabledProviderByKey($provider_key);
	if ($provider) {
	if (!$provider->shouldAllowAccountUnlink()) {
	return $this->renderNotUnlinkableErrorDialog($provider);
	}
	}

	// Check that this account isn't the last account which can be used to
	// login. We prevent you from removing the last account.
	if ($account->isUsableForLogin()) {
	$other_accounts = id(new PhabricatorExternalAccount())->loadAllWhere(
	'userPHID = %s',
	$viewer->getPHID());

	$valid_accounts = 0;
	foreach ($other_accounts as $other_account) {
	if ($other_account->isUsableForLogin()) {
	$valid_accounts++;
	}
	}

	if ($valid_accounts < 2) {
	return $this->renderLastUsableAccountErrorDialog();
	}
	}

	if ($request->isDialogFormPost()) {
	$account->delete();
	+
	+ id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(
	+ $viewer,
	+ $request->getCookie(PhabricatorCookies::COOKIE_SESSION));
	+
	return id(new AphrontRedirectResponse())->setURI($this->getDoneURI());
	}

	return $this->renderConfirmDialog($account);
	}

	private function getDoneURI() {
	return '/settings/panel/external/';
	}

	private function renderNoAccountErrorDialog() {
	$dialog = id(new AphrontDialogView())
	->setUser($this->getRequest()->getUser())
	->setTitle(pht('No Such Account'))
	->appendChild(
	pht(
	'You can not unlink this account because it is not linked.'))
	->addCancelButton($this->getDoneURI());

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function renderNotUnlinkableErrorDialog(
	PhabricatorAuthProvider $provider) {

	$dialog = id(new AphrontDialogView())
	->setUser($this->getRequest()->getUser())
	->setTitle(pht('Permanent Account Link'))
	->appendChild(
	pht(
	'You can not unlink this account because the administrator has '.
	'configured Phabricator to make links to %s accounts permanent.',
	$provider->getProviderName()))
	->addCancelButton($this->getDoneURI());

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function renderLastUsableAccountErrorDialog() {
	$dialog = id(new AphrontDialogView())
	->setUser($this->getRequest()->getUser())
	->setTitle(pht('Last Valid Account'))
	->appendChild(
	pht(
	'You can not unlink this account because you have no other '.
	'valid login accounts. If you removed it, you would be unable '.
	'to login. Add another authentication method before removing '.
	'this one.'))
	->addCancelButton($this->getDoneURI());

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function renderConfirmDialog() {
	$provider_key = $this->providerKey;
	$provider = PhabricatorAuthProvider::getEnabledProviderByKey($provider_key);

	if ($provider) {
	$title = pht('Unlink "%s" Account?', $provider->getProviderName());
	$body = pht(
	'You will no longer be able to use your %s account to '.
	'log in to Phabricator.',
	$provider->getProviderName());
	} else {
	$title = pht('Unlink Account?');
	$body = pht(
	'You will no longer be able to use this account to log in '.
	'to Phabricator.');
	}

	$dialog = id(new AphrontDialogView())
	->setUser($this->getRequest()->getUser())
	->setTitle($title)
	- ->appendChild($body)
	+ ->appendParagraph($body)
	+ ->appendParagraph(
	+ pht(
	+ 'Note: Unlinking an authentication provider will terminate any '.
	+ 'other active login sessions.'))
	->addSubmitButton(pht('Unlink Account'))
	->addCancelButton($this->getDoneURI());

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	}
	diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	index a6e243f086..53de32376b 100644
	--- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	+++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php
	@@ -1,621 +1,658 @@
	<?php

	/**
	*
	* @task use Using Sessions
	* @task new Creating Sessions
	* @task hisec High Security
	* @task partial Partial Sessions
	* @task onetime One Time Login URIs
	*/
	final class PhabricatorAuthSessionEngine extends Phobject {

	/**
	* Session issued to normal users after they login through a standard channel.
	* Associates the client with a standard user identity.
	*/
	const KIND_USER = 'U';


	/**
	* Session issued to users who login with some sort of credentials but do not
	* have full accounts. These are sometimes called "grey users".
	*
	* TODO: We do not currently issue these sessions, see T4310.
	*/
	const KIND_EXTERNAL = 'X';


	/**
	* Session issued to logged-out users which has no real identity information.
	* Its purpose is to protect logged-out users from CSRF.
	*/
	const KIND_ANONYMOUS = 'A';


	/**
	* Session kind isn't known.
	*/
	const KIND_UNKNOWN = '?';


	/**
	* Temporary tokens for one time logins.
	*/
	const ONETIME_TEMPORARY_TOKEN_TYPE = 'login:onetime';


	/**
	* Temporary tokens for password recovery after one time login.
	*/
	const PASSWORD_TEMPORARY_TOKEN_TYPE = 'login:password';

	const ONETIME_RECOVER = 'recover';
	const ONETIME_RESET = 'reset';
	const ONETIME_WELCOME = 'welcome';
	const ONETIME_USERNAME = 'rename';


	/**
	* Get the session kind (e.g., anonymous, user, external account) from a
	* session token. Returns a `KIND_` constant.
	*
	* @param string Session token.
	* @return const Session kind constant.
	*/
	public static function getSessionKindFromToken($session_token) {
	if (strpos($session_token, '/') === false) {
	// Old-style session, these are all user sessions.
	return self::KIND_USER;
	}

	list($kind, $key) = explode('/', $session_token, 2);

	switch ($kind) {
	case self::KIND_ANONYMOUS:
	case self::KIND_USER:
	case self::KIND_EXTERNAL:
	return $kind;
	default:
	return self::KIND_UNKNOWN;
	}
	}


	/**
	* Load the user identity associated with a session of a given type,
	* identified by token.
	*
	* When the user presents a session token to an API, this method verifies
	* it is of the correct type and loads the corresponding identity if the
	* session exists and is valid.
	*
	* NOTE: `$session_type` is the type of session that is required by the
	* loading context. This prevents use of a Conduit sesssion as a Web
	* session, for example.
	*
	* @param const The type of session to load.
	* @param string The session token.
	* @return PhabricatorUser\|null
	* @task use
	*/
	public function loadUserForSession($session_type, $session_token) {
	$session_kind = self::getSessionKindFromToken($session_token);
	switch ($session_kind) {
	case self::KIND_ANONYMOUS:
	// Don't bother trying to load a user for an anonymous session, since
	// neither the session nor the user exist.
	return null;
	case self::KIND_UNKNOWN:
	// If we don't know what kind of session this is, don't go looking for
	// it.
	return null;
	case self::KIND_USER:
	break;
	case self::KIND_EXTERNAL:
	// TODO: Implement these (T4310).
	return null;
	}

	$session_table = new PhabricatorAuthSession();
	$user_table = new PhabricatorUser();
	$conn_r = $session_table->establishConnection('r');
	$session_key = PhabricatorHash::digest($session_token);

	// NOTE: We're being clever here because this happens on every page load,
	// and by joining we can save a query. This might be getting too clever
	// for its own good, though...

	$info = queryfx_one(
	$conn_r,
	'SELECT
	s.id AS s_id,
	s.sessionExpires AS s_sessionExpires,
	s.sessionStart AS s_sessionStart,
	s.highSecurityUntil AS s_highSecurityUntil,
	s.isPartial AS s_isPartial,
	u.*
	FROM %T u JOIN %T s ON u.phid = s.userPHID
	AND s.type = %s AND s.sessionKey = %s',
	$user_table->getTableName(),
	$session_table->getTableName(),
	$session_type,
	$session_key);

	if (!$info) {
	return null;
	}

	$session_dict = array(
	'userPHID' => $info['phid'],
	'sessionKey' => $session_key,
	'type' => $session_type,
	);
	foreach ($info as $key => $value) {
	if (strncmp($key, 's_', 2) === 0) {
	unset($info[$key]);
	$session_dict[substr($key, 2)] = $value;
	}
	}
	$session = id(new PhabricatorAuthSession())->loadFromArray($session_dict);

	$ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	// If more than 20% of the time on this session has been used, refresh the
	// TTL back up to the full duration. The idea here is that sessions are
	// good forever if used regularly, but get GC'd when they fall out of use.

	if (time() + (0.80 * $ttl) > $session->getSessionExpires()) {
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$conn_w = $session_table->establishConnection('w');
	queryfx(
	$conn_w,
	'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d',
	$session->getTableName(),
	$ttl,
	$session->getID());
	unset($unguarded);
	}

	$user = $user_table->loadFromArray($info);
	$user->attachSession($session);
	return $user;
	}


	/**
	* Issue a new session key for a given identity. Phabricator supports
	* different types of sessions (like "web" and "conduit") and each session
	* type may have multiple concurrent sessions (this allows a user to be
	* logged in on multiple browsers at the same time, for instance).
	*
	* Note that this method is transport-agnostic and does not set cookies or
	* issue other types of tokens, it ONLY generates a new session key.
	*
	* You can configure the maximum number of concurrent sessions for various
	* session types in the Phabricator configuration.
	*
	* @param const Session type constant (see
	* @{class:PhabricatorAuthSession}).
	* @param phid\|null Identity to establish a session for, usually a user
	* PHID. With `null`, generates an anonymous session.
	* @param bool True to issue a partial session.
	* @return string Newly generated session key.
	*/
	public function establishSession($session_type, $identity_phid, $partial) {
	// Consume entropy to generate a new session key, forestalling the eventual
	// heat death of the universe.
	$session_key = Filesystem::readRandomCharacters(40);

	if ($identity_phid === null) {
	return self::KIND_ANONYMOUS.'/'.$session_key;
	}

	$session_table = new PhabricatorAuthSession();
	$conn_w = $session_table->establishConnection('w');

	// This has a side effect of validating the session type.
	$session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type);

	$digest_key = PhabricatorHash::digest($session_key);

	// Logging-in users don't have CSRF stuff yet, so we have to unguard this
	// write.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthSession())
	->setUserPHID($identity_phid)
	->setType($session_type)
	->setSessionKey($digest_key)
	->setSessionStart(time())
	->setSessionExpires(time() + $session_ttl)
	->setIsPartial($partial ? 1 : 0)
	->save();

	$log = PhabricatorUserLog::initializeNewLog(
	null,
	$identity_phid,
	($partial
	? PhabricatorUserLog::ACTION_LOGIN_PARTIAL
	: PhabricatorUserLog::ACTION_LOGIN));

	$log->setDetails(
	array(
	'session_type' => $session_type,
	));
	$log->setSession($digest_key);
	$log->save();
	unset($unguarded);

	return $session_key;
	}


	+ /**
	+ * Terminate all of a user's login sessions.
	+ *
	+ * This is used when users change passwords, linked accounts, or add
	+ * multifactor authentication.
	+ *
	+ * @param PhabricatorUser User whose sessions should be terminated.
	+ * @param string\|null Optionally, one session to keep. Normally, the current
	+ * login session.
	+ *
	+ * @return void
	+ */
	+ public function terminateLoginSessions(
	+ PhabricatorUser $user,
	+ $except_session = null) {
	+
	+ $sessions = id(new PhabricatorAuthSessionQuery())
	+ ->setViewer($user)
	+ ->withIdentityPHIDs(array($user->getPHID()))
	+ ->execute();
	+
	+ if ($except_session !== null) {
	+ $except_session = PhabricatorHash::digest($except_session);
	+ }
	+
	+ foreach ($sessions as $key => $session) {
	+ if ($except_session !== null) {
	+ if ($except_session == $session->getSessionKey()) {
	+ continue;
	+ }
	+ }
	+
	+ $session->delete();
	+ }
	+ }
	+
	+
	/* -( High Security )------------------------------------------------------ */


	/**
	* Require high security, or prompt the user to enter high security.
	*
	* If the user's session is in high security, this method will return a
	* token. Otherwise, it will throw an exception which will eventually
	* be converted into a multi-factor authentication workflow.
	*
	* @param PhabricatorUser User whose session needs to be in high security.
	* @param AphrontReqeust Current request.
	* @param string URI to return the user to if they cancel.
	* @param bool True to jump partial sessions directly into high
	* security instead of just upgrading them to full
	* sessions.
	* @return PhabricatorAuthHighSecurityToken Security token.
	* @task hisec
	*/
	public function requireHighSecuritySession(
	PhabricatorUser $viewer,
	AphrontRequest $request,
	$cancel_uri,
	$jump_into_hisec = false) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Requiring a high-security session from a user with no session!'));
	}

	$session = $viewer->getSession();

	// Check if the session is already in high security mode.
	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	// Load the multi-factor auth sources attached to this account.
	$factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
	'userPHID = %s',
	$viewer->getPHID());

	// If the account has no associated multi-factor auth, just issue a token
	// without putting the session into high security mode. This is generally
	// easier for users. A minor but desirable side effect is that when a user
	// adds an auth factor, existing sessions won't get a free pass into hisec,
	// since they never actually got marked as hisec.
	if (!$factors) {
	return $this->issueHighSecurityToken($session, true);
	}

	// Check for a rate limit without awarding points, so the user doesn't
	// get partway through the workflow only to get blocked.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	0);

	$validation_results = array();
	if ($request->isHTTPPost()) {
	$request->validateCSRF();
	if ($request->getExists(AphrontRequest::TYPE_HISEC)) {

	// Limit factor verification rates to prevent brute force attacks.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	1);

	$ok = true;
	foreach ($factors as $factor) {
	$id = $factor->getID();
	$impl = $factor->requireImplementation();

	$validation_results[$id] = $impl->processValidateFactorForm(
	$factor,
	$viewer,
	$request);

	if (!$impl->isFactorValid($factor, $validation_results[$id])) {
	$ok = false;
	}
	}

	if ($ok) {
	// Give the user a credit back for a successful factor verification.
	PhabricatorSystemActionEngine::willTakeAction(
	array($viewer->getPHID()),
	new PhabricatorAuthTryFactorAction(),
	-1);

	if ($session->getIsPartial() && !$jump_into_hisec) {
	// If we have a partial session and are not jumping directly into
	// hisec, just issue a token without putting it in high security
	// mode.
	return $this->issueHighSecurityToken($session, true);
	}

	$until = time() + phutil_units('15 minutes in seconds');
	$session->setHighSecurityUntil($until);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = %d WHERE id = %d',
	$session->getTableName(),
	$until,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_ENTER_HISEC);
	$log->save();
	} else {
	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_FAIL_HISEC);
	$log->save();
	}
	}
	}

	$token = $this->issueHighSecurityToken($session);
	if ($token) {
	return $token;
	}

	throw id(new PhabricatorAuthHighSecurityRequiredException())
	->setCancelURI($cancel_uri)
	->setFactors($factors)
	->setFactorValidationResults($validation_results);
	}


	/**
	* Issue a high security token for a session, if authorized.
	*
	* @param PhabricatorAuthSession Session to issue a token for.
	* @param bool Force token issue.
	* @return PhabricatorAuthHighSecurityToken\|null Token, if authorized.
	* @task hisec
	*/
	private function issueHighSecurityToken(
	PhabricatorAuthSession $session,
	$force = false) {

	$until = $session->getHighSecurityUntil();
	if ($until > time() \|\| $force) {
	return new PhabricatorAuthHighSecurityToken();
	}

	return null;
	}


	/**
	* Render a form for providing relevant multi-factor credentials.
	*
	* @param PhabricatorUser Viewing user.
	* @param AphrontRequest Current request.
	* @return AphrontFormView Renderable form.
	* @task hisec
	*/
	public function renderHighSecurityForm(
	array $factors,
	array $validation_results,
	PhabricatorUser $viewer,
	AphrontRequest $request) {

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendRemarkupInstructions('');

	foreach ($factors as $factor) {
	$factor->requireImplementation()->renderValidateFactorForm(
	$factor,
	$form,
	$viewer,
	idx($validation_results, $factor->getID()));
	}

	$form->appendRemarkupInstructions('');

	return $form;
	}


	/**
	* Strip the high security flag from a session.
	*
	* Kicks a session out of high security and logs the exit.
	*
	* @param PhabricatorUser Acting user.
	* @param PhabricatorAuthSession Session to return to normal security.
	* @return void
	* @task hisec
	*/
	public function exitHighSecurity(
	PhabricatorUser $viewer,
	PhabricatorAuthSession $session) {

	if (!$session->getHighSecurityUntil()) {
	return;
	}

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',
	$session->getTableName(),
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_EXIT_HISEC);
	$log->save();
	}


	/* -( Partial Sessions )--------------------------------------------------- */


	/**
	* Upgrade a partial session to a full session.
	*
	* @param PhabricatorAuthSession Session to upgrade.
	* @return void
	* @task partial
	*/
	public function upgradePartialSession(PhabricatorUser $viewer) {

	if (!$viewer->hasSession()) {
	throw new Exception(
	pht('Upgrading partial session of user with no session!'));
	}

	$session = $viewer->getSession();

	if (!$session->getIsPartial()) {
	throw new Exception(pht('Session is not partial!'));
	}

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$session->setIsPartial(0);

	queryfx(
	$session->establishConnection('w'),
	'UPDATE %T SET isPartial = %d WHERE id = %d',
	$session->getTableName(),
	0,
	$session->getID());

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$viewer->getPHID(),
	PhabricatorUserLog::ACTION_LOGIN_FULL);
	$log->save();
	unset($unguarded);
	}


	/* -( One Time Login URIs )------------------------------------------------ */


	/**
	* Retrieve a temporary, one-time URI which can log in to an account.
	*
	* These URIs are used for password recovery and to regain access to accounts
	* which users have been locked out of.
	*
	* @param PhabricatorUser User to generate a URI for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Optional context string for the URI. This is purely cosmetic
	* and used only to customize workflow and error messages.
	* @return string Login URI.
	* @task onetime
	*/
	public function getOneTimeLoginURI(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$type = self::ONETIME_RESET) {

	$key = Filesystem::readRandomCharacters(32);
	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	id(new PhabricatorAuthTemporaryToken())
	->setObjectPHID($user->getPHID())
	->setTokenType(self::ONETIME_TEMPORARY_TOKEN_TYPE)
	->setTokenExpires(time() + phutil_units('1 day in seconds'))
	->setTokenCode($key_hash)
	->save();
	unset($unguarded);

	$uri = '/login/once/'.$type.'/'.$user->getID().'/'.$key.'/';
	if ($email) {
	$uri = $uri.$email->getID().'/';
	}

	try {
	$uri = PhabricatorEnv::getProductionURI($uri);
	} catch (Exception $ex) {
	// If a user runs `bin/auth recover` before configuring the base URI,
	// just show the path. We don't have any way to figure out the domain.
	// See T4132.
	}

	return $uri;
	}


	/**
	* Load the temporary token associated with a given one-time login key.
	*
	* @param PhabricatorUser User to load the token for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string Key user is presenting as a valid one-time login key.
	* @return PhabricatorAuthTemporaryToken\|null Token, if one exists.
	* @task onetime
	*/
	public function loadOneTimeLoginKey(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key);

	return id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($user)
	->withObjectPHIDs(array($user->getPHID()))
	->withTokenTypes(array(self::ONETIME_TEMPORARY_TOKEN_TYPE))
	->withTokenCodes(array($key_hash))
	->withExpired(false)
	->executeOne();
	}


	/**
	* Hash a one-time login key for storage as a temporary token.
	*
	* @param PhabricatorUser User this key is for.
	* @param PhabricatorUserEmail Optionally, email to verify when
	* link is used.
	* @param string The one time login key.
	* @return string Hash of the key.
	* task onetime
	*/
	private function getOneTimeLoginKeyHash(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null,
	$key = null) {

	$parts = array(
	$key,
	$user->getAccountSecret(),
	);

	if ($email) {
	$parts[] = $email->getVerificationCode();
	}

	return PhabricatorHash::digest(implode(':', $parts));
	}

	}
	diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelMultiFactor.php b/src/applications/settings/panel/PhabricatorSettingsPanelMultiFactor.php
	index 4ec8c0f54e..427abcf0b7 100644
	--- a/src/applications/settings/panel/PhabricatorSettingsPanelMultiFactor.php
	+++ b/src/applications/settings/panel/PhabricatorSettingsPanelMultiFactor.php
	@@ -1,322 +1,329 @@
	<?php

	final class PhabricatorSettingsPanelMultiFactor
	extends PhabricatorSettingsPanel {

	public function getPanelKey() {
	return 'multifactor';
	}

	public function getPanelName() {
	return pht('Multi-Factor Auth');
	}

	public function getPanelGroup() {
	return pht('Authentication');
	}

	public function processRequest(AphrontRequest $request) {
	if ($request->getExists('new')) {
	return $this->processNew($request);
	}

	if ($request->getExists('edit')) {
	return $this->processEdit($request);
	}

	if ($request->getExists('delete')) {
	return $this->processDelete($request);
	}

	$user = $this->getUser();
	$viewer = $request->getUser();

	$factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere(
	'userPHID = %s',
	$user->getPHID());

	$rows = array();
	$rowc = array();

	$highlight_id = $request->getInt('id');
	foreach ($factors as $factor) {

	$impl = $factor->getImplementation();
	if ($impl) {
	$type = $impl->getFactorName();
	} else {
	$type = $factor->getFactorKey();
	}

	if ($factor->getID() == $highlight_id) {
	$rowc[] = 'highlighted';
	} else {
	$rowc[] = null;
	}

	$rows[] = array(
	javelin_tag(
	'a',
	array(
	'href' => $this->getPanelURI('?edit='.$factor->getID()),
	'sigil' => 'workflow',
	),
	$factor->getFactorName()),
	$type,
	phabricator_datetime($factor->getDateCreated(), $viewer),
	javelin_tag(
	'a',
	array(
	'href' => $this->getPanelURI('?delete='.$factor->getID()),
	'sigil' => 'workflow',
	'class' => 'small grey button',
	),
	pht('Remove')),
	);
	}

	$table = new AphrontTableView($rows);
	$table->setNoDataString(
	pht("You haven't added any authentication factors to your account yet."));
	$table->setHeaders(
	array(
	pht('Name'),
	pht('Type'),
	pht('Created'),
	'',
	));
	$table->setColumnClasses(
	array(
	'wide pri',
	'',
	'right',
	'action',
	));
	$table->setRowClasses($rowc);
	$table->setDeviceVisibility(
	array(
	true,
	false,
	false,
	true,
	));

	$panel = new PHUIObjectBoxView();
	$header = new PHUIHeaderView();

	$help_uri = PhabricatorEnv::getDoclink(
	'User Guide: Multi-Factor Authentication');

	$help_icon = id(new PHUIIconView())
	->setIconFont('fa-info-circle');
	$help_button = id(new PHUIButtonView())
	->setText(pht('Help'))
	->setHref($help_uri)
	->setTag('a')
	->setIcon($help_icon);

	$create_icon = id(new PHUIIconView())
	->setIconFont('fa-plus');
	$create_button = id(new PHUIButtonView())
	->setText(pht('Add Authentication Factor'))
	->setHref($this->getPanelURI('?new=true'))
	->setTag('a')
	->setWorkflow(true)
	->setIcon($create_icon);

	$header->setHeader(pht('Authentication Factors'));
	$header->addActionLink($help_button);
	$header->addActionLink($create_button);

	$panel->setHeader($header);
	$panel->appendChild($table);

	return $panel;
	}

	private function processNew(AphrontRequest $request) {
	$viewer = $request->getUser();
	$user = $this->getUser();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$viewer,
	$request,
	$this->getPanelURI());

	$factors = PhabricatorAuthFactor::getAllFactors();

	$form = id(new AphrontFormView())
	->setUser($viewer);

	$type = $request->getStr('type');
	if (empty($factors[$type]) \|\| !$request->isFormPost()) {
	$factor = null;
	} else {
	$factor = $factors[$type];
	}

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->addHiddenInput('new', true);

	if ($factor === null) {
	$choice_control = id(new AphrontFormRadioButtonControl())
	->setName('type')
	->setValue(key($factors));

	foreach ($factors as $available_factor) {
	$choice_control->addButton(
	$available_factor->getFactorKey(),
	$available_factor->getFactorName(),
	$available_factor->getFactorDescription());
	}

	$dialog->appendParagraph(
	pht(
	'Adding an additional authentication factor improves the security '.
	'of your account. Choose the type of factor to add:'));

	$form
	->appendChild($choice_control);

	} else {
	$dialog->addHiddenInput('type', $type);

	$config = $factor->processAddFactorForm(
	$form,
	$request,
	$user);

	if ($config) {
	$config->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_MULTI_ADD);
	$log->save();

	$user->updateMultiFactorEnrollment();

	+ // Terminate other sessions so they must log in and survive the
	+ // multi-factor auth check.
	+
	+ id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(
	+ $user,
	+ $request->getCookie(PhabricatorCookies::COOKIE_SESSION));
	+
	return id(new AphrontRedirectResponse())
	->setURI($this->getPanelURI('?id='.$config->getID()));
	}
	}

	$dialog
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->setTitle(pht('Add Authentication Factor'))
	->appendChild($form->buildLayoutView())
	->addSubmitButton(pht('Continue'))
	->addCancelButton($this->getPanelURI());

	return id(new AphrontDialogResponse())
	->setDialog($dialog);
	}

	private function processEdit(AphrontRequest $request) {
	$viewer = $request->getUser();
	$user = $this->getUser();

	$factor = id(new PhabricatorAuthFactorConfig())->loadOneWhere(
	'id = %d AND userPHID = %s',
	$request->getInt('edit'),
	$user->getPHID());
	if (!$factor) {
	return new Aphront404Response();
	}

	$e_name = true;
	$errors = array();
	if ($request->isFormPost()) {
	$name = $request->getStr('name');
	if (!strlen($name)) {
	$e_name = pht('Required');
	$errors[] = pht(
	'Authentication factors must have a name to identify them.');
	}

	if (!$errors) {
	$factor->setFactorName($name);
	$factor->save();

	$user->updateMultiFactorEnrollment();

	return id(new AphrontRedirectResponse())
	->setURI($this->getPanelURI('?id='.$factor->getID()));
	}
	} else {
	$name = $factor->getFactorName();
	}

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendChild(
	id(new AphrontFormTextControl())
	->setName('name')
	->setLabel(pht('Name'))
	->setValue($name)
	->setError($e_name));

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->addHiddenInput('edit', $factor->getID())
	->setTitle(pht('Edit Authentication Factor'))
	->setErrors($errors)
	->appendChild($form->buildLayoutView())
	->addSubmitButton(pht('Save'))
	->addCancelButton($this->getPanelURI());

	return id(new AphrontDialogResponse())
	->setDialog($dialog);
	}

	private function processDelete(AphrontRequest $request) {
	$viewer = $request->getUser();
	$user = $this->getUser();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$viewer,
	$request,
	$this->getPanelURI());

	$factor = id(new PhabricatorAuthFactorConfig())->loadOneWhere(
	'id = %d AND userPHID = %s',
	$request->getInt('delete'),
	$user->getPHID());
	if (!$factor) {
	return new Aphront404Response();
	}

	if ($request->isFormPost()) {
	$factor->delete();

	$log = PhabricatorUserLog::initializeNewLog(
	$viewer,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_MULTI_REMOVE);
	$log->save();

	$user->updateMultiFactorEnrollment();

	return id(new AphrontRedirectResponse())
	->setURI($this->getPanelURI());
	}

	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->addHiddenInput('delete', $factor->getID())
	->setTitle(pht('Delete Authentication Factor'))
	->appendParagraph(
	pht(
	'Really remove the authentication factor %s from your account?',
	phutil_tag('strong', array(), $factor->getFactorName())))
	->addSubmitButton(pht('Remove Factor'))
	->addCancelButton($this->getPanelURI());

	return id(new AphrontDialogResponse())
	->setDialog($dialog);
	}


	}
	diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php b/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php
	index 14872a227e..0c7fc81934 100644
	--- a/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php
	+++ b/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php
	@@ -1,190 +1,201 @@
	<?php

	final class PhabricatorSettingsPanelPassword
	extends PhabricatorSettingsPanel {

	public function getPanelKey() {
	return 'password';
	}

	public function getPanelName() {
	return pht('Password');
	}

	public function getPanelGroup() {
	return pht('Authentication');
	}

	public function isEnabled() {
	// There's no sense in showing a change password panel if the user
	// can't change their password...

	if (!PhabricatorEnv::getEnvConfig('account.editable')) {
	return false;
	}

	// ...or this install doesn't support password authentication at all.

	if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
	return false;
	}

	return true;
	}

	public function processRequest(AphrontRequest $request) {
	$user = $request->getUser();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$user,
	$request,
	'/settings/');

	$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length');
	$min_len = (int)$min_len;

	// NOTE: To change your password, you need to prove you own the account,
	// either by providing the old password or by carrying a token to
	// the workflow from a password reset email.

	$key = $request->getStr('key');
	$token = null;
	if ($key) {
	$token = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($user)
	->withObjectPHIDs(array($user->getPHID()))
	->withTokenTypes(
	array(PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE))
	->withTokenCodes(array(PhabricatorHash::digest($key)))
	->withExpired(false)
	->executeOne();
	}

	$e_old = true;
	$e_new = true;
	$e_conf = true;

	$errors = array();
	if ($request->isFormPost()) {
	if (!$token) {
	$envelope = new PhutilOpaqueEnvelope($request->getStr('old_pw'));
	if (!$user->comparePassword($envelope)) {
	$errors[] = pht('The old password you entered is incorrect.');
	$e_old = pht('Invalid');
	}
	}

	$pass = $request->getStr('new_pw');
	$conf = $request->getStr('conf_pw');

	if (strlen($pass) < $min_len) {
	$errors[] = pht('Your new password is too short.');
	$e_new = pht('Too Short');
	} else if ($pass !== $conf) {
	$errors[] = pht('New password and confirmation do not match.');
	$e_conf = pht('Invalid');
	} else if (PhabricatorCommonPasswords::isCommonPassword($pass)) {
	$e_new = pht('Very Weak');
	$e_conf = pht('Very Weak');
	$errors[] = pht(
	'Your new password is very weak: it is one of the most common '.
	'passwords in use. Choose a stronger password.');
	}

	if (!$errors) {
	// This write is unguarded because the CSRF token has already
	// been checked in the call to $request->isFormPost() and
	// the CSRF token depends on the password hash, so when it
	// is changed here the CSRF token check will fail.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

	$envelope = new PhutilOpaqueEnvelope($pass);
	id(new PhabricatorUserEditor())
	->setActor($user)
	->changePassword($user, $envelope);

	unset($unguarded);

	if ($token) {
	// Destroy the token.
	$token->delete();

	// If this is a password set/reset, kick the user to the home page
	// after we update their account.
	$next = '/';
	} else {
	$next = $this->getPanelURI('?saved=true');
	}

	+ id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(
	+ $user,
	+ $request->getCookie(PhabricatorCookies::COOKIE_SESSION));
	+
	return id(new AphrontRedirectResponse())->setURI($next);
	}
	}

	$hash_envelope = new PhutilOpaqueEnvelope($user->getPasswordHash());
	if (strlen($hash_envelope->openEnvelope())) {
	if (PhabricatorPasswordHasher::canUpgradeHash($hash_envelope)) {
	$errors[] = pht(
	'The strength of your stored password hash can be upgraded. '.
	'To upgrade, either: log out and log in using your password; or '.
	'change your password.');
	}
	}

	$len_caption = null;
	if ($min_len) {
	$len_caption = pht('Minimum password length: %d characters.', $min_len);
	}

	$form = new AphrontFormView();
	$form
	->setUser($user)
	->addHiddenInput('key', $key);

	if (!$token) {
	$form->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel(pht('Old Password'))
	->setError($e_old)
	->setName('old_pw'));
	}

	$form
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel(pht('New Password'))
	->setError($e_new)
	->setName('new_pw'));
	$form
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel(pht('Confirm Password'))
	->setCaption($len_caption)
	->setError($e_conf)
	->setName('conf_pw'));
	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Change Password')));

	$form->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel(pht('Current Algorithm'))
	->setValue(PhabricatorPasswordHasher::getCurrentAlgorithmName(
	new PhutilOpaqueEnvelope($user->getPasswordHash()))));

	$form->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel(pht('Best Available Algorithm'))
	->setValue(PhabricatorPasswordHasher::getBestAlgorithmName()));

	+ $form->appendRemarkupInstructions(
	+ pht(
	+ 'NOTE: Changing your password will terminate any other outstanding '.
	+ 'login sessions.'));
	+
	$form_box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Change Password'))
	->setFormSaved($request->getStr('saved'))
	->setFormErrors($errors)
	->setForm($form);

	return array(
	$form_box,
	);
	}
	+
	+
	}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Jul 28, 8:03 AM (1 w, 19 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 186531
Default Alt Text: (41 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions