No OneTemporary
Actions

Size

32 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/controller/PhabricatorAuthRevokeTokenController.php b/src/applications/auth/controller/PhabricatorAuthRevokeTokenController.php
	index 1b78a9c829..27981eee27 100644
	--- a/src/applications/auth/controller/PhabricatorAuthRevokeTokenController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthRevokeTokenController.php
	@@ -1,78 +1,78 @@
	<?php

	final class PhabricatorAuthRevokeTokenController
	extends PhabricatorAuthController {

	private $id;

	public function willProcessRequest(array $data) {
	$this->id = $data['id'];
	}

	public function processRequest() {
	$request = $this->getRequest();
	$viewer = $request->getUser();

	$is_all = ($this->id === 'all');

	$query = id(new PhabricatorAuthTemporaryTokenQuery())
	->setViewer($viewer)
	->withObjectPHIDs(array($viewer->getPHID()));
	if (!$is_all) {
	$query->withIDs(array($this->id));
	}

	$tokens = $query->execute();
	foreach ($tokens as $key => $token) {
	if (!$token->isRevocable()) {
	// Don't revoke unrevocable tokens.
	unset($tokens[$key]);
	}
	}

	$panel_uri = '/settings/panel/tokens/';

	if (!$tokens) {
	return $this->newDialog()
	->setTitle(pht('No Matching Tokens'))
	->appendParagraph(
	pht('There are no matching tokens to revoke.'))
	->appendParagraph(
	pht(
	'(Some types of token can not be revoked, and you can not revoke '.
	'tokens which have already expired.)'))
	->addCancelButton($panel_uri);
	}

	if ($request->isDialogFormPost()) {
	foreach ($tokens as $token) {
	- $token->setTokenExpires(PhabricatorTime::getNow() - 1)->save();
	+ $token->revokeToken();
	}
	return id(new AphrontRedirectResponse())->setURI($panel_uri);
	}

	if ($is_all) {
	$title = pht('Revoke Tokens?');
	$short = pht('Revoke Tokens');
	$body = pht(
	'Really revoke all tokens? Among other temporary authorizations, '.
	'this will disable any outstanding password reset or account '.
	'recovery links.');
	} else {
	$title = pht('Revoke Token?');
	$short = pht('Revoke Token');
	$body = pht(
	'Really revoke this token? Any temporary authorization it enables '.
	'will be disabled.');
	}

	return $this->newDialog()
	->setTitle($title)
	->setShortTitle($short)
	->appendParagraph($body)
	->addSubmitButton(pht('Revoke'))
	->addCancelButton($panel_uri);
	}


	}
	diff --git a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
	index 970ea7ef2b..167ec39350 100644
	--- a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
	+++ b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php
	@@ -1,70 +1,94 @@
	<?php

	final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO
	implements PhabricatorPolicyInterface {

	// TODO: OAuth1 stores a client identifier here, which is not a real PHID.
	// At some point, we should rename this column to be a little more generic.
	protected $objectPHID;

	protected $tokenType;
	protected $tokenExpires;
	protected $tokenCode;

	public function getConfiguration() {
	return array(
	self::CONFIG_TIMESTAMPS => false,
	) + parent::getConfiguration();
	}

	public function getTokenReadableTypeName() {
	// Eventually, it would be nice to let applications implement token types
	// so we can put this in modular subclasses.
	switch ($this->tokenType) {
	case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
	return pht('One-Time Login Token');
	case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
	return pht('Password Reset Token');
	}

	return $this->tokenType;
	}

	public function isRevocable() {
	if ($this->tokenExpires < time()) {
	return false;
	}

	switch ($this->tokenType) {
	case PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE:
	case PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE:
	return true;
	}

	return false;
	}

	+ public function revokeToken() {
	+ if ($this->isRevocable()) {
	+ $this->setTokenExpires(PhabricatorTime::getNow() - 1)->save();
	+ }
	+ return $this;
	+ }
	+
	+ public static function revokeTokens(
	+ PhabricatorUser $viewer,
	+ array $object_phids,
	+ array $token_types) {
	+
	+ $tokens = id(new PhabricatorAuthTemporaryTokenQuery())
	+ ->setViewer($viewer)
	+ ->withObjectPHIDs($object_phids)
	+ ->withTokenTypes($token_types)
	+ ->withExpired(false)
	+ ->execute();
	+
	+ foreach ($tokens as $token) {
	+ $token->revokeToken();
	+ }
	+ }
	+
	/* -( PhabricatorPolicyInterface )----------------------------------------- */


	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	);
	}

	public function getPolicy($capability) {
	// We're just implement this interface to get access to the standard
	// query infrastructure.
	return PhabricatorPolicies::getMostOpenPolicy();
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	return false;
	}

	public function describeAutomaticCapability($capability) {
	return null;
	}

	}
	diff --git a/src/applications/people/editor/PhabricatorUserEditor.php b/src/applications/people/editor/PhabricatorUserEditor.php
	index 4f2c5ed8a7..aafb20a7e2 100644
	--- a/src/applications/people/editor/PhabricatorUserEditor.php
	+++ b/src/applications/people/editor/PhabricatorUserEditor.php
	@@ -1,578 +1,598 @@
	<?php

	/**
	* Editor class for creating and adjusting users. This class guarantees data
	* integrity and writes logs when user information changes.
	*
	* @task config Configuration
	* @task edit Creating and Editing Users
	* @task role Editing Roles
	* @task email Adding, Removing and Changing Email
	* @task internal Internals
	*/
	final class PhabricatorUserEditor extends PhabricatorEditor {

	private $logs = array();


	/* -( Creating and Editing Users )----------------------------------------- */


	/**
	* @task edit
	*/
	public function createNewUser(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	if ($user->getID()) {
	throw new Exception('User has already been created!');
	}

	if ($email->getID()) {
	throw new Exception('Email has already been created!');
	}

	if (!PhabricatorUser::validateUsername($user->getUsername())) {
	$valid = PhabricatorUser::describeValidUsername();
	throw new Exception("Username is invalid! {$valid}");
	}

	// Always set a new user's email address to primary.
	$email->setIsPrimary(1);

	// If the primary address is already verified, also set the verified flag
	// on the user themselves.
	if ($email->getIsVerified()) {
	$user->setIsEmailVerified(1);
	}

	$this->willAddEmail($email);

	$user->openTransaction();
	try {
	$user->save();
	$email->setUserPHID($user->getPHID());
	$email->save();
	} catch (AphrontQueryDuplicateKeyException $ex) {
	// We might have written the user but failed to write the email; if
	// so, erase the IDs we attached.
	$user->setID(null);
	$user->setPHID(null);

	$user->killTransaction();
	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CREATE);
	$log->setNewValue($email->getAddress());
	$log->save();

	$user->saveTransaction();

	return $this;
	}


	/**
	* @task edit
	*/
	public function updateUser(
	PhabricatorUser $user,
	PhabricatorUserEmail $email = null) {
	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->save();
	if ($email) {
	$email->save();
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EDIT);
	$log->save();

	$user->saveTransaction();

	return $this;
	}


	/**
	* @task edit
	*/
	public function changePassword(
	PhabricatorUser $user,
	PhutilOpaqueEnvelope $envelope) {

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->reload();

	$user->setPassword($envelope);
	$user->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$this->requireActor(),
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CHANGE_PASSWORD);
	$log->save();

	$user->saveTransaction();
	}


	/**
	* @task edit
	*/
	public function changeUsername(PhabricatorUser $user, $username) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	if (!PhabricatorUser::validateUsername($username)) {
	$valid = PhabricatorUser::describeValidUsername();
	throw new Exception("Username is invalid! {$valid}");
	}

	$old_username = $user->getUsername();

	$user->openTransaction();
	$user->reload();
	$user->setUsername($username);

	try {
	$user->save();
	} catch (AphrontQueryDuplicateKeyException $ex) {
	$user->setUsername($old_username);
	$user->killTransaction();
	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_CHANGE_USERNAME);
	$log->setOldValue($old_username);
	$log->setNewValue($username);
	$log->save();

	$user->saveTransaction();

	$user->sendUsernameChangeEmail($actor, $old_username);
	}


	/* -( Editing Roles )------------------------------------------------------ */


	/**
	* @task role
	*/
	public function makeAdminUser(PhabricatorUser $user, $admin) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsAdmin() == $admin) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_ADMIN);
	$log->setOldValue($user->getIsAdmin());
	$log->setNewValue($admin);

	$user->setIsAdmin((int)$admin);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}

	/**
	* @task role
	*/
	public function makeSystemAgentUser(PhabricatorUser $user, $system_agent) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsSystemAgent() == $system_agent) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_SYSTEM_AGENT);
	$log->setOldValue($user->getIsSystemAgent());
	$log->setNewValue($system_agent);

	$user->setIsSystemAgent((int)$system_agent);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/**
	* @task role
	*/
	public function disableUser(PhabricatorUser $user, $disable) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsDisabled() == $disable) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_DISABLE);
	$log->setOldValue($user->getIsDisabled());
	$log->setNewValue($disable);

	$user->setIsDisabled((int)$disable);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/**
	* @task role
	*/
	public function approveUser(PhabricatorUser $user, $approve) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	if ($user->getIsApproved() == $approve) {
	$user->endWriteLocking();
	$user->killTransaction();
	return $this;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_APPROVE);
	$log->setOldValue($user->getIsApproved());
	$log->setNewValue($approve);

	$user->setIsApproved($approve);
	$user->save();

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/* -( Adding, Removing and Changing Email )-------------------------------- */


	/**
	* @task email
	*/
	public function addEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}
	if ($email->getID()) {
	throw new Exception('Email has already been created!');
	}

	// Use changePrimaryEmail() to change primary email.
	$email->setIsPrimary(0);
	$email->setUserPHID($user->getPHID());

	$this->willAddEmail($email);

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();

	try {
	$email->save();
	} catch (AphrontQueryDuplicateKeyException $ex) {
	$user->endWriteLocking();
	$user->killTransaction();

	throw $ex;
	}

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_ADD);
	$log->setNewValue($email->getAddress());
	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	return $this;
	}


	/**
	* @task email
	*/
	public function removeEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {

	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}
	if (!$email->getID()) {
	throw new Exception('Email has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getIsPrimary()) {
	throw new Exception("Can't remove primary email!");
	}
	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception('Email not owned by user!');
	}

	$email->delete();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_REMOVE);
	$log->setOldValue($email->getAddress());
	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	+ $this->revokePasswordResetLinks($user);
	+
	return $this;
	}


	/**
	* @task email
	*/
	public function changePrimaryEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}
	if (!$email->getID()) {
	throw new Exception('Email has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception('User does not own email!');
	}

	if ($email->getIsPrimary()) {
	throw new Exception('Email is already primary!');
	}

	if (!$email->getIsVerified()) {
	throw new Exception('Email is not verified!');
	}

	$old_primary = $user->loadPrimaryEmail();
	if ($old_primary) {
	$old_primary->setIsPrimary(0);
	$old_primary->save();
	}

	$email->setIsPrimary(1);
	$email->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_PRIMARY);
	$log->setOldValue($old_primary ? $old_primary->getAddress() : null);
	$log->setNewValue($email->getAddress());

	$log->save();

	$user->endWriteLocking();
	$user->saveTransaction();

	if ($old_primary) {
	$old_primary->sendOldPrimaryEmail($user, $email);
	}
	$email->sendNewPrimaryEmail($user);

	+
	+ $this->revokePasswordResetLinks($user);
	+
	return $this;
	}


	/**
	* Verify a user's email address.
	*
	* This verifies an individual email address. If the address is the user's
	* primary address and their account was not previously verified, their
	* account is marked as email verified.
	*
	* @task email
	*/
	public function verifyEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $email) {
	$actor = $this->requireActor();

	if (!$user->getID()) {
	throw new Exception('User has not been created yet!');
	}
	if (!$email->getID()) {
	throw new Exception('Email has not been created yet!');
	}

	$user->openTransaction();
	$user->beginWriteLocking();

	$user->reload();
	$email->reload();

	if ($email->getUserPHID() != $user->getPHID()) {
	throw new Exception(pht('User does not own email!'));
	}

	if (!$email->getIsVerified()) {
	$email->setIsVerified(1);
	$email->save();

	$log = PhabricatorUserLog::initializeNewLog(
	$actor,
	$user->getPHID(),
	PhabricatorUserLog::ACTION_EMAIL_VERIFY);
	$log->setNewValue($email->getAddress());
	$log->save();
	}

	if (!$user->getIsEmailVerified()) {
	// If the user just verified their primary email address, mark their
	// account as email verified.
	$user_primary = $user->loadPrimaryEmail();
	if ($user_primary->getID() == $email->getID()) {
	$user->setIsEmailVerified(1);
	$user->save();
	}
	}

	$user->endWriteLocking();
	$user->saveTransaction();

	}


	/* -( Internals )---------------------------------------------------------- */


	/**
	* @task internal
	*/
	private function willAddEmail(PhabricatorUserEmail $email) {

	// Hard check before write to prevent creation of disallowed email
	// addresses. Normally, the application does checks and raises more
	// user friendly errors for us, but we omit the courtesy checks on some
	// pathways like administrative scripts for simplicity.

	if (!PhabricatorUserEmail::isValidAddress($email->getAddress())) {
	throw new Exception(PhabricatorUserEmail::describeValidAddresses());
	}

	if (!PhabricatorUserEmail::isAllowedAddress($email->getAddress())) {
	throw new Exception(PhabricatorUserEmail::describeAllowedAddresses());
	}
	}

	+ private function revokePasswordResetLinks(PhabricatorUser $user) {
	+ // Revoke any outstanding password reset links. If an attacker compromises
	+ // an account, changes the email address, and sends themselves a password
	+ // reset link, it could otherwise remain live for a short period of time
	+ // and allow them to compromise the account again later.
	+
	+ PhabricatorAuthTemporaryToken::revokeTokens(
	+ $user,
	+ array($user->getPHID()),
	+ array(
	+ PhabricatorAuthSessionEngine::ONETIME_TEMPORARY_TOKEN_TYPE,
	+ PhabricatorAuthSessionEngine::PASSWORD_TEMPORARY_TOKEN_TYPE,
	+ ));
	+ }
	+
	}
	diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php
	index 50ff17e3e6..c4a7ecf419 100644
	--- a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php
	+++ b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php
	@@ -1,372 +1,382 @@
	<?php

	final class PhabricatorSettingsPanelEmailAddresses
	extends PhabricatorSettingsPanel {

	public function getPanelKey() {
	return 'email';
	}

	public function getPanelName() {
	return pht('Email Addresses');
	}

	public function getPanelGroup() {
	return pht('Email');
	}

	public function processRequest(AphrontRequest $request) {
	$user = $request->getUser();
	$editable = PhabricatorEnv::getEnvConfig('account.editable');

	$uri = $request->getRequestURI();
	$uri->setQueryParams(array());

	if ($editable) {
	$new = $request->getStr('new');
	if ($new) {
	return $this->returnNewAddressResponse($request, $uri, $new);
	}

	$delete = $request->getInt('delete');
	if ($delete) {
	return $this->returnDeleteAddressResponse($request, $uri, $delete);
	}
	}

	$verify = $request->getInt('verify');
	if ($verify) {
	return $this->returnVerifyAddressResponse($request, $uri, $verify);
	}

	$primary = $request->getInt('primary');
	if ($primary) {
	return $this->returnPrimaryAddressResponse($request, $uri, $primary);
	}

	$emails = id(new PhabricatorUserEmail())->loadAllWhere(
	'userPHID = %s ORDER BY address',
	$user->getPHID());

	$rowc = array();
	$rows = array();
	foreach ($emails as $email) {

	$button_verify = javelin_tag(
	'a',
	array(
	'class' => 'button small grey',
	'href' => $uri->alter('verify', $email->getID()),
	'sigil' => 'workflow',
	),
	pht('Verify'));

	$button_make_primary = javelin_tag(
	'a',
	array(
	'class' => 'button small grey',
	'href' => $uri->alter('primary', $email->getID()),
	'sigil' => 'workflow',
	),
	pht('Make Primary'));

	$button_remove = javelin_tag(
	'a',
	array(
	'class' => 'button small grey',
	'href' => $uri->alter('delete', $email->getID()),
	'sigil' => 'workflow'
	),
	pht('Remove'));

	$button_primary = phutil_tag(
	'a',
	array(
	'class' => 'button small disabled',
	),
	pht('Primary'));

	if (!$email->getIsVerified()) {
	$action = $button_verify;
	} else if ($email->getIsPrimary()) {
	$action = $button_primary;
	} else {
	$action = $button_make_primary;
	}

	if ($email->getIsPrimary()) {
	$remove = $button_primary;
	$rowc[] = 'highlighted';
	} else {
	$remove = $button_remove;
	$rowc[] = null;
	}

	$rows[] = array(
	$email->getAddress(),
	$action,
	$remove,
	);
	}

	$table = new AphrontTableView($rows);
	$table->setHeaders(
	array(
	pht('Email'),
	pht('Status'),
	pht('Remove'),
	));
	$table->setColumnClasses(
	array(
	'wide',
	'action',
	'action',
	));
	$table->setRowClasses($rowc);
	$table->setColumnVisibility(
	array(
	true,
	true,
	$editable,
	));

	$view = new PHUIObjectBoxView();
	$header = new PHUIHeaderView();
	$header->setHeader(pht('Email Addresses'));

	if ($editable) {
	$icon = id(new PHUIIconView())
	->setIconFont('fa-plus');

	$button = new PHUIButtonView();
	$button->setText(pht('Add New Address'));
	$button->setTag('a');
	$button->setHref($uri->alter('new', 'true'));
	$button->setIcon($icon);
	$button->addSigil('workflow');
	$header->addActionLink($button);
	}
	$view->setHeader($header);
	$view->appendChild($table);

	return $view;
	}

	private function returnNewAddressResponse(
	AphrontRequest $request,
	PhutilURI $uri,
	$new) {

	$user = $request->getUser();

	$e_email = true;
	$email = null;
	$errors = array();
	if ($request->isDialogFormPost()) {
	$email = trim($request->getStr('email'));

	if ($new == 'verify') {
	// The user clicked "Done" from the "an email has been sent" dialog.
	return id(new AphrontReloadResponse())->setURI($uri);
	}

	PhabricatorSystemActionEngine::willTakeAction(
	array($user->getPHID()),
	new PhabricatorSettingsAddEmailAction(),
	1);

	if (!strlen($email)) {
	$e_email = pht('Required');
	$errors[] = pht('Email is required.');
	} else if (!PhabricatorUserEmail::isValidAddress($email)) {
	$e_email = pht('Invalid');
	$errors[] = PhabricatorUserEmail::describeValidAddresses();
	} else if (!PhabricatorUserEmail::isAllowedAddress($email)) {
	$e_email = pht('Disallowed');
	$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
	}

	if (!$errors) {
	$object = id(new PhabricatorUserEmail())
	->setAddress($email)
	->setIsVerified(0);

	try {

	id(new PhabricatorUserEditor())
	->setActor($user)
	->addEmail($user, $object);

	$object->sendVerificationEmail($user);

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->addHiddenInput('new', 'verify')
	->setTitle(pht('Verification Email Sent'))
	->appendChild(phutil_tag('p', array(), pht(
	'A verification email has been sent. Click the link in the '.
	'email to verify your address.')))
	->setSubmitURI($uri)
	->addSubmitButton(pht('Done'));

	return id(new AphrontDialogResponse())->setDialog($dialog);
	} catch (AphrontQueryDuplicateKeyException $ex) {
	$email = pht('Duplicate');
	$errors[] = pht('Another user already has this email.');
	}
	}
	}

	if ($errors) {
	$errors = id(new AphrontErrorView())
	->setErrors($errors);
	}

	$form = id(new PHUIFormLayoutView())
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email'))
	->setName('email')
	->setValue($email)
	->setCaption(PhabricatorUserEmail::describeAllowedAddresses())
	->setError($e_email));

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->addHiddenInput('new', 'true')
	->setTitle(pht('New Address'))
	->appendChild($errors)
	->appendChild($form)
	->addSubmitButton(pht('Save'))
	->addCancelButton($uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function returnDeleteAddressResponse(
	AphrontRequest $request,
	PhutilURI $uri,
	$email_id) {

	$user = $request->getUser();

	// NOTE: You can only delete your own email addresses, and you can not
	// delete your primary address.
	$email = id(new PhabricatorUserEmail())->loadOneWhere(
	'id = %d AND userPHID = %s AND isPrimary = 0',
	$email_id,
	$user->getPHID());

	if (!$email) {
	return new Aphront404Response();
	}

	if ($request->isFormPost()) {

	id(new PhabricatorUserEditor())
	->setActor($user)
	->removeEmail($user, $email);

	return id(new AphrontRedirectResponse())->setURI($uri);
	}

	$address = $email->getAddress();

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->addHiddenInput('delete', $email_id)
	->setTitle(pht("Really delete address '%s'?", $address))
	- ->appendChild(phutil_tag('p', array(), pht(
	- 'Are you sure you want to delete this address? You will no '.
	- 'longer be able to use it to login.')))
	+ ->appendParagraph(
	+ pht(
	+ 'Are you sure you want to delete this address? You will no '.
	+ 'longer be able to use it to login.'))
	+ ->appendParagraph(
	+ pht(
	+ 'Note: Removing an email address from your account will invalidate '.
	+ 'any outstanding password reset links.'))
	->addSubmitButton(pht('Delete'))
	->addCancelButton($uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function returnVerifyAddressResponse(
	AphrontRequest $request,
	PhutilURI $uri,
	$email_id) {

	$user = $request->getUser();

	// NOTE: You can only send more email for your unverified addresses.
	$email = id(new PhabricatorUserEmail())->loadOneWhere(
	'id = %d AND userPHID = %s AND isVerified = 0',
	$email_id,
	$user->getPHID());

	if (!$email) {
	return new Aphront404Response();
	}

	if ($request->isFormPost()) {
	$email->sendVerificationEmail($user);
	return id(new AphrontRedirectResponse())->setURI($uri);
	}

	$address = $email->getAddress();

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->addHiddenInput('verify', $email_id)
	->setTitle(pht('Send Another Verification Email?'))
	->appendChild(phutil_tag('p', array(), pht(
	'Send another copy of the verification email to %s?',
	$address)))
	->addSubmitButton(pht('Send Email'))
	->addCancelButton($uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	private function returnPrimaryAddressResponse(
	AphrontRequest $request,
	PhutilURI $uri,
	$email_id) {

	$user = $request->getUser();

	$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$user,
	$request,
	$this->getPanelURI());

	// NOTE: You can only make your own verified addresses primary.
	$email = id(new PhabricatorUserEmail())->loadOneWhere(
	'id = %d AND userPHID = %s AND isVerified = 1 AND isPrimary = 0',
	$email_id,
	$user->getPHID());

	if (!$email) {
	return new Aphront404Response();
	}

	if ($request->isFormPost()) {

	id(new PhabricatorUserEditor())
	->setActor($user)
	->changePrimaryEmail($user, $email);

	return id(new AphrontRedirectResponse())->setURI($uri);
	}

	$address = $email->getAddress();

	$dialog = id(new AphrontDialogView())
	->setUser($user)
	->addHiddenInput('primary', $email_id)
	->setTitle(pht('Change primary email address?'))
	- ->appendChild(phutil_tag('p', array(), pht(
	- 'If you change your primary address, Phabricator will send'.
	- ' all email to %s.',
	- $address)))
	+ ->appendParagraph(
	+ pht(
	+ 'If you change your primary address, Phabricator will send all '.
	+ 'email to %s.',
	+ $address))
	+ ->appendParagraph(
	+ pht(
	+ 'Note: Changing your primary email address will invalidate any '.
	+ 'outstanding password reset links.'))
	->addSubmitButton(pht('Change Primary Address'))
	->addCancelButton($uri);

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Wed, May 21, 1:57 PM (1 d, 13 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 126333
Default Alt Text: (32 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions