forked from phacility/phabricator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPhabricatorHighSecurityRequestExceptionHandler.php
133 lines (108 loc) · 3.67 KB
/
PhabricatorHighSecurityRequestExceptionHandler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
final class PhabricatorHighSecurityRequestExceptionHandler
extends PhabricatorRequestExceptionHandler {
public function getRequestExceptionHandlerPriority() {
return 310000;
}
public function getRequestExceptionHandlerDescription() {
return pht(
'Handles high security exceptions which occur when a user needs '.
'to present MFA credentials to take an action.');
}
public function canHandleRequestThrowable(
AphrontRequest $request,
$throwable) {
if (!$this->isPhabricatorSite($request)) {
return false;
}
return ($throwable instanceof PhabricatorAuthHighSecurityRequiredException);
}
public function handleRequestThrowable(
AphrontRequest $request,
$throwable) {
$viewer = $this->getViewer($request);
$results = $throwable->getFactorValidationResults();
$form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm(
$throwable->getFactors(),
$results,
$viewer,
$request);
$is_wait = false;
$is_continue = false;
foreach ($results as $result) {
if ($result->getIsWait()) {
$is_wait = true;
}
if ($result->getIsContinue()) {
$is_continue = true;
}
}
$is_upgrade = $throwable->getIsSessionUpgrade();
if ($is_upgrade) {
$title = pht('Enter High Security');
} else {
$title = pht('Provide MFA Credentials');
}
if ($is_wait) {
$submit = pht('Wait Patiently');
} else if ($is_upgrade && !$is_continue) {
$submit = pht('Enter High Security');
} else {
$submit = pht('Continue');
}
$dialog = id(new AphrontDialogView())
->setUser($viewer)
->setTitle($title)
->setShortTitle(pht('Security Checkpoint'))
->setWidth(AphrontDialogView::WIDTH_FORM)
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
->setSubmitURI($request->getPath())
->addCancelButton($throwable->getCancelURI())
->addSubmitButton($submit);
$form_layout = $form->buildLayoutView();
if ($is_upgrade) {
$message = pht(
'You are taking an action which requires you to enter '.
'high security.');
$info_view = id(new PHUIInfoView())
->setSeverity(PHUIInfoView::SEVERITY_MFA)
->setErrors(array($message));
$dialog
->appendChild($info_view)
->appendParagraph(
pht(
'To enter high security mode, confirm your credentials:'))
->appendChild($form_layout)
->appendParagraph(
pht(
'Your account will remain in high security mode for a short '.
'period of time. When you are finished taking sensitive '.
'actions, you should leave high security.'));
} else {
$message = pht(
'You are taking an action which requires you to provide '.
'multi-factor credentials.');
$info_view = id(new PHUIInfoView())
->setSeverity(PHUIInfoView::SEVERITY_MFA)
->setErrors(array($message));
$dialog
->appendChild($info_view)
->setErrors(
array(
))
->appendChild($form_layout);
}
$request_parameters = $request->getPassthroughRequestParameters(
$respect_quicksand = true);
foreach ($request_parameters as $key => $value) {
$dialog->addHiddenInput($key, $value);
}
// See T13289. If the user hit a "some transactions have no effect" dialog
// and elected to continue, we want to pass that flag through the MFA
// dialog even though it is not normally a passthrough request parameter.
if ($request->isContinueRequest()) {
$dialog->addHiddenInput(AphrontRequest::TYPE_CONTINUE, 1);
}
return $dialog;
}
}