public function importEventsFromSource(PhabricatorUser $viewer, PhabricatorCalendarImport $import, $should_queue)
{
$uri_key = PhabricatorCalendarImportICSURITransaction::PARAMKEY_URI;
$uri = $import->getParameter($uri_key);
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorFilesOutboundRequestAction(), 1);
$file = PhabricatorFile::newFromFileDownload($uri, array('viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'authorPHID' => $import->getAuthorPHID(), 'canCDN' => true));
$import->newLogMessage(PhabricatorCalendarImportFetchLogType::LOGTYPE, array('file.phid' => $file->getPHID()));
$data = $file->loadFileData();
if ($should_queue && $this->shouldQueueDataImport($data)) {
return $this->queueDataImport($import, $data);
}
return $this->importICSData($viewer, $import, $data);
}
public function handleRequest(AphrontRequest $request)
{
$show_prototypes = PhabricatorEnv::getEnvConfig('phabricator.show-prototypes');
if (!$show_prototypes) {
throw new Exception(pht('Show prototypes is disabled.
Set `phabricator.show-prototypes` to `true` to use the image proxy'));
}
$viewer = $request->getViewer();
$img_uri = $request->getStr('uri');
// Validate the URI before doing anything
PhabricatorEnv::requireValidRemoteURIForLink($img_uri);
$uri = new PhutilURI($img_uri);
$proto = $uri->getProtocol();
if (!in_array($proto, array('http', 'https'))) {
throw new Exception(pht('The provided image URI must be either http or https'));
}
// Check if we already have the specified image URI downloaded
$cached_request = id(new PhabricatorFileExternalRequest())->loadOneWhere('uriIndex = %s', PhabricatorHash::digestForIndex($img_uri));
if ($cached_request) {
return $this->getExternalResponse($cached_request);
}
$ttl = PhabricatorTime::getNow() + phutil_units('7 days in seconds');
$external_request = id(new PhabricatorFileExternalRequest())->setURI($img_uri)->setTTL($ttl);
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// Cache missed so we'll need to validate and download the image
try {
// Rate limit outbound fetches to make this mechanism less useful for
// scanning networks and ports.
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorFilesOutboundRequestAction(), 1);
$file = PhabricatorFile::newFromFileDownload($uri, array('viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'canCDN' => true));
if (!$file->isViewableImage()) {
$mime_type = $file->getMimeType();
$engine = new PhabricatorDestructionEngine();
$engine->destroyObject($file);
$file = null;
throw new Exception(pht('The URI "%s" does not correspond to a valid image file, got ' . 'a file with MIME type "%s". You must specify the URI of a ' . 'valid image file.', $uri, $mime_type));
} else {
$file->save();
}
$external_request->setIsSuccessful(true)->setFilePHID($file->getPHID())->save();
unset($unguarded);
return $this->getExternalResponse($external_request);
} catch (HTTPFutureHTTPResponseStatus $status) {
$external_request->setIsSuccessful(false)->setResponseMessage($status->getMessage())->save();
return $this->getExternalResponse($external_request);
} catch (Exception $ex) {
// Not actually saving the request in this case
$external_request->setResponseMessage($ex->getMessage());
return $this->getExternalResponse($external_request);
}
}
public function execute(PhutilArgumentParser $args)
{
$username = $args->getArg('user');
if (!strlen($username)) {
throw new PhutilArgumentUsageException(pht('Use %s to choose a user to reset actions for.', '--user'));
}
$user = id(new PhabricatorPeopleQuery())->setViewer($this->getViewer())->withUsernames(array($username))->executeOne();
if (!$user) {
throw new PhutilArgumentUsageException(pht('No user exists with username "%s".', $username));
}
$all = $args->getArg('all');
if (!$all) {
// TODO: Eventually, let users reset specific actions. For now, we
// require `--all` so that usage won't change when you can reset in a
// more tailored way.
throw new PhutilArgumentUsageException(pht('Specify %s to reset all action counters.', '--all'));
}
$count = PhabricatorSystemActionEngine::resetActions(array($user->getPHID()));
echo pht('Reset %s action(s).', new PhutilNumber($count)) . "\n";
return 0;
}
private function returnNewAddressResponse(AphrontRequest $request, PhutilURI $uri, $new)
{
$user = $this->getUser();
$viewer = $this->getViewer();
$e_email = true;
$email = null;
$errors = array();
if ($request->isDialogFormPost()) {
$email = trim($request->getStr('email'));
if ($new == 'verify') {
// The user clicked "Done" from the "an email has been sent" dialog.
return id(new AphrontReloadResponse())->setURI($uri);
}
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorSettingsAddEmailAction(), 1);
if (!strlen($email)) {
$e_email = pht('Required');
$errors[] = pht('Email is required.');
} else {
if (!PhabricatorUserEmail::isValidAddress($email)) {
$e_email = pht('Invalid');
$errors[] = PhabricatorUserEmail::describeValidAddresses();
} else {
if (!PhabricatorUserEmail::isAllowedAddress($email)) {
$e_email = pht('Disallowed');
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
}
}
}
if ($e_email === true) {
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withAddresses(array($email))->executeOne();
if ($application_email) {
$e_email = pht('In Use');
$errors[] = $application_email->getInUseMessage();
}
}
if (!$errors) {
$object = id(new PhabricatorUserEmail())->setAddress($email)->setIsVerified(0);
// If an administrator is editing a mailing list, automatically verify
// the address.
if ($viewer->getPHID() != $user->getPHID()) {
if ($viewer->getIsAdmin()) {
$object->setIsVerified(1);
}
}
try {
id(new PhabricatorUserEditor())->setActor($viewer)->addEmail($user, $object);
if ($object->getIsVerified()) {
// If we autoverified the address, just reload the page.
return id(new AphrontReloadResponse())->setURI($uri);
}
$object->sendVerificationEmail($user);
$dialog = id(new AphrontDialogView())->setUser($user)->addHiddenInput('new', 'verify')->setTitle(pht('Verification Email Sent'))->appendChild(phutil_tag('p', array(), pht('A verification email has been sent. Click the link in the ' . 'email to verify your address.')))->setSubmitURI($uri)->addSubmitButton(pht('Done'));
return id(new AphrontDialogResponse())->setDialog($dialog);
} catch (AphrontDuplicateKeyQueryException $ex) {
$e_email = pht('Duplicate');
$errors[] = pht('Another user already has this email.');
}
}
}
if ($errors) {
$errors = id(new PHUIInfoView())->setErrors($errors);
}
$form = id(new PHUIFormLayoutView())->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Email'))->setName('email')->setValue($email)->setCaption(PhabricatorUserEmail::describeAllowedAddresses())->setError($e_email));
$dialog = id(new AphrontDialogView())->setUser($viewer)->addHiddenInput('new', 'true')->setTitle(pht('New Address'))->appendChild($errors)->appendChild($form)->addSubmitButton(pht('Save'))->addCancelButton($uri);
return id(new AphrontDialogResponse())->setDialog($dialog);
}
/**
* Require high security, or prompt the user to enter high security.
*
* If the user's session is in high security, this method will return a
* token. Otherwise, it will throw an exception which will eventually
* be converted into a multi-factor authentication workflow.
*
* @param PhabricatorUser User whose session needs to be in high security.
* @param AphrontReqeust Current request.
* @param string URI to return the user to if they cancel.
* @param bool True to jump partial sessions directly into high
* security instead of just upgrading them to full
* sessions.
* @return PhabricatorAuthHighSecurityToken Security token.
* @task hisec
*/
public function requireHighSecuritySession(PhabricatorUser $viewer, AphrontRequest $request, $cancel_uri, $jump_into_hisec = false)
{
if (!$viewer->hasSession()) {
throw new Exception(pht('Requiring a high-security session from a user with no session!'));
}
$session = $viewer->getSession();
// Check if the session is already in high security mode.
$token = $this->issueHighSecurityToken($session);
if ($token) {
return $token;
}
// Load the multi-factor auth sources attached to this account.
$factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere('userPHID = %s', $viewer->getPHID());
// If the account has no associated multi-factor auth, just issue a token
// without putting the session into high security mode. This is generally
// easier for users. A minor but desirable side effect is that when a user
// adds an auth factor, existing sessions won't get a free pass into hisec,
// since they never actually got marked as hisec.
if (!$factors) {
return $this->issueHighSecurityToken($session, true);
}
// Check for a rate limit without awarding points, so the user doesn't
// get partway through the workflow only to get blocked.
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorAuthTryFactorAction(), 0);
$validation_results = array();
if ($request->isHTTPPost()) {
$request->validateCSRF();
if ($request->getExists(AphrontRequest::TYPE_HISEC)) {
// Limit factor verification rates to prevent brute force attacks.
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorAuthTryFactorAction(), 1);
$ok = true;
foreach ($factors as $factor) {
$id = $factor->getID();
$impl = $factor->requireImplementation();
$validation_results[$id] = $impl->processValidateFactorForm($factor, $viewer, $request);
if (!$impl->isFactorValid($factor, $validation_results[$id])) {
$ok = false;
}
}
if ($ok) {
// Give the user a credit back for a successful factor verification.
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorAuthTryFactorAction(), -1);
if ($session->getIsPartial() && !$jump_into_hisec) {
// If we have a partial session and are not jumping directly into
// hisec, just issue a token without putting it in high security
// mode.
return $this->issueHighSecurityToken($session, true);
}
$until = time() + phutil_units('15 minutes in seconds');
$session->setHighSecurityUntil($until);
queryfx($session->establishConnection('w'), 'UPDATE %T SET highSecurityUntil = %d WHERE id = %d', $session->getTableName(), $until, $session->getID());
$log = PhabricatorUserLog::initializeNewLog($viewer, $viewer->getPHID(), PhabricatorUserLog::ACTION_ENTER_HISEC);
$log->save();
} else {
$log = PhabricatorUserLog::initializeNewLog($viewer, $viewer->getPHID(), PhabricatorUserLog::ACTION_FAIL_HISEC);
$log->save();
}
}
}
$token = $this->issueHighSecurityToken($session);
if ($token) {
return $token;
}
throw id(new PhabricatorAuthHighSecurityRequiredException())->setCancelURI($cancel_uri)->setFactors($factors)->setFactorValidationResults($validation_results);
}
private function shouldRateLimitMail(array $all_recipients)
{
try {
PhabricatorSystemActionEngine::willTakeAction($all_recipients, new PhabricatorMetaMTAErrorMailAction(), 1);
return false;
} catch (PhabricatorSystemActionRateLimitException $ex) {
return true;
}
}
public function handleRequest(AphrontRequest $request)
{
$viewer = $request->getViewer();
$id = $request->getURIData('id');
$this->requireApplicationCapability(PhabricatorMacroManageCapability::CAPABILITY);
if ($id) {
$macro = id(new PhabricatorMacroQuery())->setViewer($viewer)->withIDs(array($id))->needFiles(true)->executeOne();
if (!$macro) {
return new Aphront404Response();
}
} else {
$macro = new PhabricatorFileImageMacro();
$macro->setAuthorPHID($viewer->getPHID());
}
$errors = array();
$e_name = true;
$e_file = null;
$file = null;
if ($request->isFormPost()) {
$original = clone $macro;
$new_name = null;
if ($request->getBool('name_form') || !$macro->getID()) {
$new_name = $request->getStr('name');
$macro->setName($new_name);
if (!strlen($macro->getName())) {
$errors[] = pht('Macro name is required.');
$e_name = pht('Required');
} else {
if (!preg_match('/^[a-z0-9:_-]{3,}\\z/', $macro->getName())) {
$errors[] = pht('Macro must be at least three characters long and contain only ' . 'lowercase letters, digits, hyphens, colons and underscores.');
$e_name = pht('Invalid');
} else {
$e_name = null;
}
}
}
$uri = $request->getStr('url');
$engine = new PhabricatorDestructionEngine();
$file = null;
if ($request->getFileExists('file')) {
$file = PhabricatorFile::newFromPHPUpload($_FILES['file'], array('name' => $request->getStr('name'), 'authorPHID' => $viewer->getPHID(), 'isExplicitUpload' => true, 'canCDN' => true));
} else {
if ($uri) {
try {
// Rate limit outbound fetches to make this mechanism less useful for
// scanning networks and ports.
PhabricatorSystemActionEngine::willTakeAction(array($viewer->getPHID()), new PhabricatorFilesOutboundRequestAction(), 1);
$file = PhabricatorFile::newFromFileDownload($uri, array('name' => $request->getStr('name'), 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'isExplicitUpload' => true, 'canCDN' => true));
if (!$file->isViewableInBrowser()) {
$mime_type = $file->getMimeType();
$engine->destroyObject($file);
$file = null;
throw new Exception(pht('The URI "%s" does not correspond to a valid image file, got ' . 'a file with MIME type "%s". You must specify the URI of a ' . 'valid image file.', $uri, $mime_type));
} else {
$file->setAuthorPHID($viewer->getPHID())->save();
}
} catch (HTTPFutureHTTPResponseStatus $status) {
$errors[] = pht('The URI "%s" could not be loaded, got %s error.', $uri, $status->getStatusCode());
} catch (Exception $ex) {
$errors[] = $ex->getMessage();
}
} else {
if ($request->getStr('phid')) {
$file = id(new PhabricatorFileQuery())->setViewer($viewer)->withPHIDs(array($request->getStr('phid')))->executeOne();
}
}
}
if ($file) {
if (!$file->isViewableInBrowser()) {
$errors[] = pht('You must upload an image.');
$e_file = pht('Invalid');
} else {
$macro->setFilePHID($file->getPHID());
$macro->attachFile($file);
$e_file = null;
}
}
if (!$macro->getID() && !$file) {
$errors[] = pht('You must upload an image to create a macro.');
$e_file = pht('Required');
}
if (!$errors) {
try {
$xactions = array();
if ($new_name !== null) {
$xactions[] = id(new PhabricatorMacroTransaction())->setTransactionType(PhabricatorMacroTransaction::TYPE_NAME)->setNewValue($new_name);
}
if ($file) {
$xactions[] = id(new PhabricatorMacroTransaction())->setTransactionType(PhabricatorMacroTransaction::TYPE_FILE)->setNewValue($file->getPHID());
}
$editor = id(new PhabricatorMacroEditor())->setActor($viewer)->setContinueOnNoEffect(true)->setContentSourceFromRequest($request);
$xactions = $editor->applyTransactions($original, $xactions);
$view_uri = $this->getApplicationURI('/view/' . $original->getID() . '/');
return id(new AphrontRedirectResponse())->setURI($view_uri);
} catch (AphrontDuplicateKeyQueryException $ex) {
throw $ex;
$errors[] = pht('Macro name is not unique!');
$e_name = pht('Duplicate');
}
}
}
$current_file = null;
if ($macro->getFilePHID()) {
$current_file = $macro->getFile();
}
$form = new AphrontFormView();
$form->addHiddenInput('name_form', 1);
$form->setUser($request->getUser());
$form->setEncType('multipart/form-data')->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Name'))->setName('name')->setValue($macro->getName())->setCaption(pht('This word or phrase will be replaced with the image.'))->setError($e_name));
if (!$macro->getID()) {
if ($current_file) {
$current_file_view = id(new PhabricatorFileLinkView())->setFilePHID($current_file->getPHID())->setFileName($current_file->getName())->setFileViewable(true)->setFileViewURI($current_file->getBestURI())->render();
$form->addHiddenInput('phid', $current_file->getPHID());
$form->appendChild(id(new AphrontFormMarkupControl())->setLabel(pht('Selected File'))->setValue($current_file_view));
$other_label = pht('Change File');
} else {
$other_label = pht('File');
}
$form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('URL'))->setName('url')->setValue($request->getStr('url'))->setError($request->getFileExists('file') ? false : $e_file));
$form->appendChild(id(new AphrontFormFileControl())->setLabel($other_label)->setName('file')->setError($request->getStr('url') ? false : $e_file));
}
$view_uri = $this->getApplicationURI('/view/' . $macro->getID() . '/');
if ($macro->getID()) {
$cancel_uri = $view_uri;
} else {
$cancel_uri = $this->getApplicationURI();
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue(pht('Save Image Macro'))->addCancelButton($cancel_uri));
$crumbs = $this->buildApplicationCrumbs();
if ($macro->getID()) {
$title = pht('Edit Image Macro');
$crumb = pht('Edit Macro');
$crumbs->addTextCrumb(pht('Macro "%s"', $macro->getName()), $view_uri);
} else {
$title = pht('Create Image Macro');
$crumb = pht('Create Macro');
}
$crumbs->addTextCrumb($crumb, $request->getRequestURI());
$upload = null;
if ($macro->getID()) {
$upload_form = id(new AphrontFormView())->setEncType('multipart/form-data')->setUser($request->getUser());
$upload_form->appendChild(id(new AphrontFormTextControl())->setLabel(pht('URL'))->setName('url')->setValue($request->getStr('url')));
$upload_form->appendChild(id(new AphrontFormFileControl())->setLabel(pht('File'))->setName('file'))->appendChild(id(new AphrontFormSubmitControl())->setValue(pht('Upload File')));
$upload = id(new PHUIObjectBoxView())->setHeaderText(pht('Upload New File'))->setForm($upload_form);
}
$form_box = id(new PHUIObjectBoxView())->setHeaderText($title)->setFormErrors($errors)->setForm($form);
return $this->buildApplicationPage(array($crumbs, $form_box, $upload), array('title' => $title));
}
