public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); if ($request->isFormPost()) { $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT); $log->save(); $request->clearCookie('phsid'); return id(new AphrontRedirectResponse())->setURI('/login/'); } return id(new AphrontRedirectResponse())->setURI('/'); }
public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); if ($request->isFormPost()) { $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT); $log->save(); // Destroy the user's session in the database so logout works even if // their cookies have some issues. We'll detect cookie issues when they // try to login again and tell them to clear any junk. $phsid = $request->getCookie('phsid'); if ($phsid) { $user->destroySession($phsid); } $request->clearCookie('phsid'); return id(new AphrontRedirectResponse())->setURI('/login/'); } return id(new AphrontRedirectResponse())->setURI('/'); }
public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); if ($request->isFormPost()) { $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT); $log->save(); // Destroy the user's session in the database so logout works even if // their cookies have some issues. We'll detect cookie issues when they // try to login again and tell them to clear any junk. $phsid = $request->getCookie('phsid'); if ($phsid) { $user->destroySession($phsid); } $request->clearCookie('phsid'); return id(new AphrontRedirectResponse())->setURI('/login/'); } if ($user->getPHID()) { $dialog = id(new AphrontDialogView())->setUser($user)->setTitle('Log out of Phabricator?')->appendChild('<p>Are you sure you want to log out?</p>')->addSubmitButton('Log Out')->addCancelButton('/'); return id(new AphrontDialogResponse())->setDialog($dialog); } return id(new AphrontRedirectResponse())->setURI('/'); }
private function processRoleRequest(PhabricatorUser $user) { $request = $this->getRequest(); $admin = $request->getUser(); $is_self = $user->getID() == $admin->getID(); $errors = array(); if ($request->isFormPost()) { $log_template = PhabricatorUserLog::newLog($admin, $user, null); $logs = array(); if ($is_self) { $errors[] = "You can not edit your own role."; } else { $new_admin = (bool) $request->getBool('is_admin'); $old_admin = (bool) $user->getIsAdmin(); if ($new_admin != $old_admin) { id(new PhabricatorUserEditor())->setActor($admin)->makeAdminUser($user, $new_admin); } $new_disabled = (bool) $request->getBool('is_disabled'); $old_disabled = (bool) $user->getIsDisabled(); if ($new_disabled != $old_disabled) { id(new PhabricatorUserEditor())->setActor($admin)->disableUser($user, $new_disabled); } } if (!$errors) { return id(new AphrontRedirectResponse())->setURI($request->getRequestURI()->alter('saved', 'true')); } } $error_view = null; if ($errors) { $error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors); } $form = id(new AphrontFormView())->setUser($admin)->setAction($request->getRequestURI()->alter('saved', null)); if ($is_self) { $form->appendChild('<p class="aphront-form-instructions">NOTE: You can not edit your own ' . 'role.</p>'); } $form->appendChild($this->getRoleInstructions())->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_admin', 1, 'Administrator', $user->getIsAdmin())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_disabled', 1, 'Disabled', $user->getIsDisabled())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_agent', 1, 'System Agent (Bot/Script User)', $user->getIsSystemAgent())->setDisabled(true)); if (!$is_self) { $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Edit Role')); } $panel = new AphrontPanelView(); $panel->setHeader('Edit Role'); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->appendChild($form); return array($error_view, $panel); }
/** * @task email */ public function changePrimaryEmail(PhabricatorUser $user, PhabricatorUserEmail $email) { $actor = $this->requireActor(); if (!$user->getID()) { throw new Exception("User has not been created yet!"); } if (!$email->getID()) { throw new Exception("Email has not been created yet!"); } $user->openTransaction(); $user->beginWriteLocking(); $user->reload(); $email->reload(); if ($email->getUserPHID() != $user->getPHID()) { throw new Exception("User does not own email!"); } if ($email->getIsPrimary()) { throw new Exception("Email is already primary!"); } if (!$email->getIsVerified()) { throw new Exception("Email is not verified!"); } $old_primary = $user->loadPrimaryEmail(); if ($old_primary) { $old_primary->setIsPrimary(0); $old_primary->save(); } $email->setIsPrimary(1); $email->save(); $log = PhabricatorUserLog::newLog($actor, $user, PhabricatorUserLog::ACTION_EMAIL_PRIMARY); $log->setOldValue($old_primary ? $old_primary->getAddress() : null); $log->setNewValue($email->getAddress()); $log->save(); $user->endWriteLocking(); $user->saveTransaction(); if ($old_primary) { $old_primary->sendOldPrimaryEmail($user, $email); } $email->sendNewPrimaryEmail($user); return $this; }
/** * Issue a new session key to this user. Phabricator supports different * types of sessions (like "web" and "conduit") and each session type may * have multiple concurrent sessions (this allows a user to be logged in on * multiple browsers at the same time, for instance). * * Note that this method is transport-agnostic and does not set cookies or * issue other types of tokens, it ONLY generates a new session key. * * You can configure the maximum number of concurrent sessions for various * session types in the Phabricator configuration. * * @param string Session type, like "web". * @return string Newly generated session key. */ public function establishSession($session_type) { $conn_w = $this->establishConnection('w'); if (strpos($session_type, '-') !== false) { throw new Exception("Session type must not contain hyphen ('-')!"); } // We allow multiple sessions of the same type, so when a caller requests // a new session of type "web", we give them the first available session in // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none // of these sessions is available, we overwrite the oldest session and // reissue a new one in its place. $session_limit = 1; switch ($session_type) { case 'web': $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web'); break; case 'conduit': $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit'); break; default: throw new Exception("Unknown session type '{$session_type}'!"); } $session_limit = (int) $session_limit; if ($session_limit <= 0) { throw new Exception("Session limit for '{$session_type}' must be at least 1!"); } // Load all the currently active sessions. $sessions = queryfx_all($conn_w, 'SELECT type, sessionStart FROM %T WHERE userPHID = %s AND type LIKE %>', PhabricatorUser::SESSION_TABLE, $this->getPHID(), $session_type . '-'); // Choose which 'type' we'll actually establish, i.e. what number we're // going to append to the basic session type. To do this, just check all // the numbers sequentially until we find an available session. $establish_type = null; $sessions = ipull($sessions, null, 'type'); for ($ii = 1; $ii <= $session_limit; $ii++) { if (empty($sessions[$session_type . '-' . $ii])) { $establish_type = $session_type . '-' . $ii; break; } } // If we didn't find an available session, choose the oldest session and // overwrite it. if (!$establish_type) { $sessions = isort($sessions, 'sessionStart'); $oldest = reset($sessions); $establish_type = $oldest['type']; } // Consume entropy to generate a new session key, forestalling the eventual // heat death of the universe. $entropy = Filesystem::readRandomBytes(20); $session_key = sha1($entropy); // UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet. $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); queryfx($conn_w, 'INSERT INTO %T ' . '(userPHID, type, sessionKey, sessionStart)' . ' VALUES ' . '(%s, %s, %s, UNIX_TIMESTAMP()) ' . 'ON DUPLICATE KEY UPDATE ' . 'sessionKey = VALUES(sessionKey), ' . 'sessionStart = VALUES(sessionStart)', self::SESSION_TABLE, $this->getPHID(), $establish_type, $session_key); $log = PhabricatorUserLog::newLog($this, $this, PhabricatorUserLog::ACTION_LOGIN); $log->setDetails(array('session_type' => $session_type, 'session_issued' => $establish_type)); $log->setSession($session_key); $log->save(); return $session_key; }
public function processRequest() { $request = $this->getRequest(); if ($request->getUser()->getPHID()) { // Kick the user out if they're already logged in. return id(new AphrontRedirectResponse())->setURI('/'); } $next_uri = $this->getRequest()->getPath(); $request->setCookie('next_uri', $next_uri); if ($next_uri == '/login/' && !$request->isFormPost()) { // The user went straight to /login/, so presumably they want to go // to the dashboard upon logging in. Because, you know, that's logical. // And people are logical. Sometimes... Fine, no they're not. // We check for POST here because getPath() would get reset to /login/. $request->setCookie('next_uri', '/'); } // Always use $request->getCookie('next_uri', '/') after the above. $password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled'); $forms = array(); $error_view = null; if ($password_auth) { $error = false; $username_or_email = $request->getCookie('phusr'); if ($request->isFormPost()) { $username_or_email = $request->getStr('username_or_email'); $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email); if (!$user) { $user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email); } $okay = false; if ($user) { if ($user->comparePassword($request->getStr('password'))) { $session_key = $user->establishSession('web'); $request->setCookie('phusr', $user->getUsername()); $request->setCookie('phsid', $session_key); return id(new AphrontRedirectResponse())->setURI($request->getCookie('next_uri', '/')); } else { $log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE); $log->save(); } } if (!$okay) { $request->clearCookie('phusr'); $request->clearCookie('phsid'); } $error = true; } if ($error) { $error_view = new AphrontErrorView(); $error_view->setTitle('Bad username/password.'); } $form = new AphrontFormView(); $form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>'))->appendChild(id(new AphrontFormSubmitControl())->setValue('Login')); // $panel->setCreateButton('Register New Account', '/login/register/'); $forms['Phabricator Login'] = $form; } $providers = PhabricatorOAuthProvider::getAllProviders(); foreach ($providers as $provider) { $enabled = $provider->isProviderEnabled(); if (!$enabled) { continue; } $auth_uri = $provider->getAuthURI(); $redirect_uri = $provider->getRedirectURI(); $client_id = $provider->getClientID(); $provider_name = $provider->getProviderName(); $minimum_scope = $provider->getMinimumScope(); $extra_auth = $provider->getExtraAuthParameters(); // TODO: In theory we should use 'state' to prevent CSRF, but the total // effect of the CSRF attack is that an attacker can cause a user to login // to Phabricator if they're already logged into some OAuth provider. This // does not seem like the most severe threat in the world, and generating // CSRF for logged-out users is vaugely tricky. if ($provider->isProviderRegistrationEnabled()) { $title = "Login or Register with {$provider_name}"; $body = "Login or register for Phabricator using your " . "{$provider_name} account."; $button = "Login or Register with {$provider_name}"; } else { $title = "Login with {$provider_name}"; $body = "Login to your existing Phabricator account using your " . "{$provider_name} account.<br /><br /><strong>You can not use " . "{$provider_name} to register a new account.</strong>"; $button = "Login with {$provider_name}"; } $auth_form = new AphrontFormView(); $auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope); foreach ($extra_auth as $key => $value) { $auth_form->addHiddenInput($key, $value); } $auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »")); $forms[$title] = $auth_form; } $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); foreach ($forms as $name => $form) { $panel->appendChild('<h1>' . $name . '</h1>'); $panel->appendChild($form); $panel->appendChild('<br />'); } return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login')); }
/** * Issue a new session key to this user. Phabricator supports different * types of sessions (like "web" and "conduit") and each session type may * have multiple concurrent sessions (this allows a user to be logged in on * multiple browsers at the same time, for instance). * * Note that this method is transport-agnostic and does not set cookies or * issue other types of tokens, it ONLY generates a new session key. * * You can configure the maximum number of concurrent sessions for various * session types in the Phabricator configuration. * * @param string Session type, like "web". * @return string Newly generated session key. */ public function establishSession($session_type) { $conn_w = $this->establishConnection('w'); if (strpos($session_type, '-') !== false) { throw new Exception("Session type must not contain hyphen ('-')!"); } // We allow multiple sessions of the same type, so when a caller requests // a new session of type "web", we give them the first available session in // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none // of these sessions is available, we overwrite the oldest session and // reissue a new one in its place. $session_limit = 1; switch ($session_type) { case 'web': $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web'); break; case 'conduit': $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit'); break; default: throw new Exception("Unknown session type '{$session_type}'!"); } $session_limit = (int) $session_limit; if ($session_limit <= 0) { throw new Exception("Session limit for '{$session_type}' must be at least 1!"); } // NOTE: Session establishment is sensitive to race conditions, as when // piping `arc` to `arc`: // // arc export ... | arc paste ... // // To avoid this, we overwrite an old session only if it hasn't been // re-established since we read it. // Consume entropy to generate a new session key, forestalling the eventual // heat death of the universe. $session_key = Filesystem::readRandomCharacters(40); // Load all the currently active sessions. $sessions = queryfx_all($conn_w, 'SELECT type, sessionKey, sessionStart FROM %T WHERE userPHID = %s AND type LIKE %>', PhabricatorUser::SESSION_TABLE, $this->getPHID(), $session_type . '-'); $sessions = ipull($sessions, null, 'type'); $sessions = isort($sessions, 'sessionStart'); $existing_sessions = array_keys($sessions); $retries = 0; while (true) { // Choose which 'type' we'll actually establish, i.e. what number we're // going to append to the basic session type. To do this, just check all // the numbers sequentially until we find an available session. $establish_type = null; for ($ii = 1; $ii <= $session_limit; $ii++) { $try_type = $session_type . '-' . $ii; if (!in_array($try_type, $existing_sessions)) { $establish_type = $try_type; $expect_key = $session_key; $existing_sessions[] = $try_type; // Ensure the row exists so we can issue an update below. We don't // care if we race here or not. queryfx($conn_w, 'INSERT IGNORE INTO %T (userPHID, type, sessionKey, sessionStart) VALUES (%s, %s, %s, 0)', self::SESSION_TABLE, $this->getPHID(), $establish_type, $session_key); break; } } // If we didn't find an available session, choose the oldest session and // overwrite it. if (!$establish_type) { $oldest = reset($sessions); $establish_type = $oldest['type']; $expect_key = $oldest['sessionKey']; } // UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet. $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); // This is so that we'll only overwrite the session if it hasn't been // refreshed since we read it. If it has, the session key will be // different and we know we're racing other processes. Whichever one // won gets the session, we go back and try again. queryfx($conn_w, 'UPDATE %T SET sessionKey = %s, sessionStart = UNIX_TIMESTAMP() WHERE userPHID = %s AND type = %s AND sessionKey = %s', self::SESSION_TABLE, $session_key, $this->getPHID(), $establish_type, $expect_key); unset($unguarded); if ($conn_w->getAffectedRows()) { // The update worked, so the session is valid. break; } else { // We know this just got grabbed, so don't try it again. unset($sessions[$establish_type]); } if (++$retries > $session_limit) { throw new Exception("Failed to establish a session!"); } } $log = PhabricatorUserLog::newLog($this, $this, PhabricatorUserLog::ACTION_LOGIN); $log->setDetails(array('session_type' => $session_type, 'session_issued' => $establish_type)); $log->setSession($session_key); $log->save(); return $session_key; }
private function processRoleRequest(PhabricatorUser $user) { $request = $this->getRequest(); $admin = $request->getUser(); $is_self = $user->getID() == $admin->getID(); $errors = array(); if ($request->isFormPost()) { $log_template = PhabricatorUserLog::newLog($admin, $user, null); $logs = array(); if ($is_self) { $errors[] = "You can not edit your own role."; } else { $new_admin = (bool) $request->getBool('is_admin'); $old_admin = (bool) $user->getIsAdmin(); if ($new_admin != $old_admin) { $log = clone $log_template; $log->setAction(PhabricatorUserLog::ACTION_ADMIN); $log->setOldValue($old_admin); $log->setNewValue($new_admin); $user->setIsAdmin($new_admin); $logs[] = $log; } $new_disabled = (bool) $request->getBool('is_disabled'); $old_disabled = (bool) $user->getIsDisabled(); if ($new_disabled != $old_disabled) { $log = clone $log_template; $log->setAction(PhabricatorUserLog::ACTION_DISABLE); $log->setOldValue($old_disabled); $log->setNewValue($new_disabled); $user->setIsDisabled($new_disabled); $logs[] = $log; } } if (!$errors) { $user->save(); foreach ($logs as $log) { $log->save(); } return id(new AphrontRedirectResponse())->setURI($request->getRequestURI()->alter('saved', 'true')); } } $error_view = null; if ($errors) { $error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors); } $form = id(new AphrontFormView())->setUser($admin)->setAction($request->getRequestURI()->alter('saved', null)); if ($is_self) { $form->appendChild('<p class="aphront-form-instructions">NOTE: You can not edit your own ' . 'role.</p>'); } $form->appendChild($this->getRoleInstructions())->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_admin', 1, 'Admin: wields absolute power.', $user->getIsAdmin())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_disabled', 1, 'Disabled: can not login.', $user->getIsDisabled())->setDisabled($is_self)); if (!$is_self) { $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Edit Role')); } $panel = new AphrontPanelView(); $panel->setHeader('Edit Role'); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->appendChild($form); return array($error_view, $panel); }
public function processRequest() { $request = $this->getRequest(); if ($request->getUser()->getPHID()) { // Kick the user out if they're already logged in. return id(new AphrontRedirectResponse())->setURI('/'); } if ($request->isConduit()) { // A common source of errors in Conduit client configuration is getting // the request path wrong. The client will end up here, so make some // effort to give them a comprehensible error message. $request_path = $this->getRequest()->getPath(); $conduit_path = '/api/<method>'; $example_path = '/api/conduit.ping'; $message = "ERROR: You are making a Conduit API request to '{$request_path}', " . "but the correct HTTP request path to use in order to access a " . "Conduit method is '{$conduit_path}' (for example, " . "'{$example_path}'). Check your configuration."; return id(new AphrontPlainTextResponse())->setContent($message); } $error_view = null; if ($request->getCookie('phusr') && $request->getCookie('phsid')) { // The session cookie is invalid, so clear it. $request->clearCookie('phusr'); $request->clearCookie('phsid'); $error_view = new AphrontErrorView(); $error_view->setTitle('Invalid Session'); $error_view->setErrors(array("Your login session is invalid. Try logging in again. If that " . "doesn't work, clear your browser cookies.")); } $next_uri = $this->getRequest()->getPath(); if ($next_uri == '/login/') { $next_uri = '/'; } if (!$request->isFormPost()) { $request->setCookie('next_uri', $next_uri); } $password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled'); $forms = array(); $errors = array(); if ($password_auth) { $require_captcha = false; $e_captcha = true; $username_or_email = $request->getCookie('phusr'); if ($request->isFormPost()) { if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) { $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_LOGIN_FAILURE, 60 * 15); if (count($failed_attempts) > 5) { $require_captcha = true; if (!AphrontFormRecaptchaControl::processCaptcha($request)) { if (AphrontFormRecaptchaControl::hasCaptchaResponse($request)) { $e_captcha = 'Invalid'; $errors[] = 'CAPTCHA was not entered correctly.'; } else { $e_captcha = 'Required'; $errors[] = 'Too many login failures recently. You must ' . 'submit a CAPTCHA with your login request.'; } } } } $username_or_email = $request->getStr('username_or_email'); $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email); if (!$user) { $user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email); } if (!$errors) { // Perform username/password tests only if we didn't get rate limited // by the CAPTCHA. if (!$user || !$user->comparePassword($request->getStr('password'))) { $errors[] = 'Bad username/password.'; } } if (!$errors) { $session_key = $user->establishSession('web'); $request->setCookie('phusr', $user->getUsername()); $request->setCookie('phsid', $session_key); $uri = new PhutilURI('/login/validate/'); $uri->setQueryParams(array('phusr' => $user->getUsername())); return id(new AphrontRedirectResponse())->setURI((string) $uri); } else { $log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE); $log->save(); $request->clearCookie('phusr'); $request->clearCookie('phsid'); } } if ($errors) { $error_view = new AphrontErrorView(); $error_view->setTitle('Login Failed'); $error_view->setErrors($errors); } $form = new AphrontFormView(); $form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>')); if ($require_captcha) { $form->appendChild(id(new AphrontFormRecaptchaControl())->setError($e_captcha)); } $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Login')); // $panel->setCreateButton('Register New Account', '/login/register/'); $forms['Phabricator Login'] = $form; } $providers = PhabricatorOAuthProvider::getAllProviders(); foreach ($providers as $provider) { $enabled = $provider->isProviderEnabled(); if (!$enabled) { continue; } $auth_uri = $provider->getAuthURI(); $redirect_uri = $provider->getRedirectURI(); $client_id = $provider->getClientID(); $provider_name = $provider->getProviderName(); $minimum_scope = $provider->getMinimumScope(); $extra_auth = $provider->getExtraAuthParameters(); // TODO: In theory we should use 'state' to prevent CSRF, but the total // effect of the CSRF attack is that an attacker can cause a user to login // to Phabricator if they're already logged into some OAuth provider. This // does not seem like the most severe threat in the world, and generating // CSRF for logged-out users is vaugely tricky. if ($provider->isProviderRegistrationEnabled()) { $title = "Login or Register with {$provider_name}"; $body = 'Login or register for Phabricator using your ' . phutil_escape_html($provider_name) . ' account.'; $button = "Login or Register with {$provider_name}"; } else { $title = "Login with {$provider_name}"; $body = 'Login to your existing Phabricator account using your ' . phutil_escape_html($provider_name) . ' account.<br /><br />' . '<strong>You can not use ' . phutil_escape_html($provider_name) . ' to register a new ' . 'account.</strong>'; $button = "Login with {$provider_name}"; } $auth_form = new AphrontFormView(); $auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope); foreach ($extra_auth as $key => $value) { $auth_form->addHiddenInput($key, $value); } $auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »")); $forms[$title] = $auth_form; } $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); foreach ($forms as $name => $form) { $panel->appendChild('<h1>' . $name . '</h1>'); $panel->appendChild($form); $panel->appendChild('<br />'); } return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login')); }