public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $adapter = $this->getAdapter();
     $account = null;
     $response = null;
     $error = $request->getStr('error');
     if ($error) {
         $response = $controller->buildProviderErrorResponse($this, pht('The OAuth provider returned an error: %s', $error));
         return array($account, $response);
     }
     $this->verifyAuthCSRFCode($request, $request->getStr('state'));
     $code = $request->getStr('code');
     if (!strlen($code)) {
         $response = $controller->buildProviderErrorResponse($this, pht('The OAuth provider did not return a "code" parameter in its ' . 'response.'));
         return array($account, $response);
     }
     $adapter->setCode($code);
     // NOTE: As a side effect, this will cause the OAuth adapter to request
     // an access token.
     try {
         $account_id = $adapter->getAccountID();
     } catch (Exception $ex) {
         // TODO: Handle this in a more user-friendly way.
         throw $ex;
     }
     if (!strlen($account_id)) {
         $response = $controller->buildProviderErrorResponse($this, pht('The OAuth provider failed to retrieve an account ID.'));
         return array($account, $response);
     }
     return array($this->loadOrCreateAccount($account_id), $response);
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $adapter = $this->getAdapter();
     $account = null;
     $response = null;
     if ($request->isHTTPPost()) {
         // Add a CSRF code to the callback URI, which we'll verify when
         // performing the login.
         $client_code = $this->getAuthCSRFCode($request);
         $callback_uri = $adapter->getCallbackURI();
         $callback_uri = $callback_uri . $client_code . '/';
         $adapter->setCallbackURI($callback_uri);
         $uri = $adapter->getClientRedirectURI();
         $this->saveHandshakeTokenSecret($client_code, $adapter->getTokenSecret());
         $response = id(new AphrontRedirectResponse())->setIsExternal(true)->setURI($uri);
         return array($account, $response);
     }
     $denied = $request->getStr('denied');
     if (strlen($denied)) {
         // Twitter indicates that the user cancelled the login attempt by
         // returning "denied" as a parameter.
         throw new PhutilAuthUserAbortedException();
     }
     // NOTE: You can get here via GET, this should probably be a bit more
     // user friendly.
     $this->verifyAuthCSRFCode($request, $controller->getExtraURIData());
     $token = $request->getStr('oauth_token');
     $verifier = $request->getStr('oauth_verifier');
     if (!$token) {
         throw new Exception("Expected 'oauth_token' in request!");
     }
     if (!$verifier) {
         throw new Exception("Expected 'oauth_verifier' in request!");
     }
     $adapter->setToken($token);
     $adapter->setVerifier($verifier);
     $client_code = $this->getAuthCSRFCode($request);
     $token_secret = $this->loadHandshakeTokenSecret($client_code);
     $adapter->setTokenSecret($token_secret);
     // NOTE: As a side effect, this will cause the OAuth adapter to request
     // an access token.
     try {
         $account_id = $adapter->getAccountID();
     } catch (Exception $ex) {
         // TODO: Handle this in a more user-friendly way.
         throw $ex;
     }
     if (!strlen($account_id)) {
         $response = $controller->buildProviderErrorResponse($this, pht('The OAuth provider failed to retrieve an account ID.'));
         return array($account, $response);
     }
     return array($this->loadOrCreateAccount($account_id), $response);
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $adapter = $this->getAdapter();
     $account = null;
     $response = null;
     try {
         $account_id = $adapter->getAccountID();
     } catch (Exception $ex) {
         // TODO: Handle this in a more user-friendly way.
         throw $ex;
     }
     if (!strlen($account_id)) {
         $response = $controller->buildProviderErrorResponse($this, pht('The web server failed to provide an account ID.'));
         return array($account, $response);
     }
     return array($this->loadOrCreateAccount($account_id), $response);
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $viewer = $request->getUser();
     $response = null;
     $account = null;
     $username = $request->getStr('ldap_username');
     $password = $request->getStr('ldap_password');
     $has_password = strlen($password);
     $password = new PhutilOpaqueEnvelope($password);
     if (!strlen($username) || !$has_password) {
         $response = $controller->buildProviderPageResponse($this, $this->renderLoginForm($request, 'login'));
         return array($account, $response);
     }
     if ($request->isFormPost()) {
         try {
             if (strlen($username) && $has_password) {
                 $adapter = $this->getAdapter();
                 $adapter->setLoginUsername($username);
                 $adapter->setLoginPassword($password);
                 // TODO: This calls ldap_bind() eventually, which dumps cleartext
                 // passwords to the error log. See note in PhutilLDAPAuthAdapter.
                 // See T3351.
                 DarkConsoleErrorLogPluginAPI::enableDiscardMode();
                 $account_id = $adapter->getAccountID();
                 DarkConsoleErrorLogPluginAPI::disableDiscardMode();
             } else {
                 throw new Exception(pht('Username and password are required!'));
             }
         } catch (PhutilAuthCredentialException $ex) {
             $response = $controller->buildProviderPageResponse($this, $this->renderLoginForm($request, 'login'));
             return array($account, $response);
         } catch (Exception $ex) {
             // TODO: Make this cleaner.
             throw $ex;
         }
     }
     return array($this->loadOrCreateAccount($account_id), $response);
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $adapter = $this->getAdapter();
     $account = null;
     $response = null;
     if (!$request->isAjax()) {
         throw new Exception(pht('Expected this request to come via Ajax.'));
     }
     $assertion = $request->getStr('assertion');
     if (!$assertion) {
         throw new Exception(pht('Expected identity assertion.'));
     }
     $adapter->setAssertion($assertion);
     $adapter->setAudience(PhabricatorEnv::getURI('/'));
     try {
         $account_id = $adapter->getAccountID();
     } catch (Exception $ex) {
         // TODO: Handle this in a more user-friendly way.
         throw $ex;
     }
     return array($this->loadOrCreateAccount($account_id), $response);
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $viewer = $request->getUser();
     $require_captcha = false;
     $captcha_valid = false;
     if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
         $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_LOGIN_FAILURE, 60 * 15);
         if (count($failed_attempts) > 5) {
             $require_captcha = true;
             $captcha_valid = AphrontFormRecaptchaControl::processCaptcha($request);
         }
     }
     $response = null;
     $account = null;
     $log_user = null;
     if ($request->isFormPost()) {
         if (!$require_captcha || $captcha_valid) {
             $username_or_email = $request->getStr('username');
             if (strlen($username_or_email)) {
                 $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
                 if (!$user) {
                     $user = PhabricatorUser::loadOneWithEmailAddress($username_or_email);
                 }
                 if ($user) {
                     $envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
                     if ($user->comparePassword($envelope)) {
                         $account = $this->loadOrCreateAccount($user->getPHID());
                         $log_user = $user;
                         // If the user's password is stored using a less-than-optimal
                         // hash, upgrade them to the strongest available hash.
                         $hash_envelope = new PhutilOpaqueEnvelope($user->getPasswordHash());
                         if (PhabricatorPasswordHasher::canUpgradeHash($hash_envelope)) {
                             $user->setPassword($envelope);
                             $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
                             $user->save();
                             unset($unguarded);
                         }
                     }
                 }
             }
         }
     }
     if (!$account) {
         if ($request->isFormPost()) {
             $log = PhabricatorUserLog::initializeNewLog(null, $log_user ? $log_user->getPHID() : null, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
             $log->save();
         }
         $request->clearCookie(PhabricatorCookies::COOKIE_USERNAME);
         $response = $controller->buildProviderPageResponse($this, $this->renderPasswordLoginForm($request, $require_captcha, $captcha_valid));
     }
     return array($account, $response);
 }