public function processRequest()
{
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
if ($request->getUser()->getPHID()) {
$view = new AphrontRequestFailureView();
$view->setHeader('Already Logged In');
$view->appendChild('<p>You are already logged in.</p>');
$view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/">Return Home</a>' . '</div>');
return $this->buildStandardPageResponse($view, array('title' => 'Already Logged In'));
}
$token = $this->token;
$email = $request->getStr('email');
$target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email);
if (!$target_user || !$target_user->validateEmailToken($token)) {
$view = new AphrontRequestFailureView();
$view->setHeader('Unable to Login');
$view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>');
$view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>');
return $this->buildStandardPageResponse($view, array('title' => 'Email Sent'));
}
$session_key = $target_user->establishSession('web');
$request->setCookie('phusr', $target_user->getUsername());
$request->setCookie('phsid', $session_key);
if (PhabricatorEnv::getEnvConfig('account.editable')) {
$next = '/settings/page/password/?token=' . $token;
} else {
$next = '/';
}
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(array('phusr' => $target_user->getUsername(), 'next' => $next));
return id(new AphrontRedirectResponse())->setURI((string) $uri);
}
public function processRequest()
{
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
$token = $this->token;
$email = $request->getStr('email');
$target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email);
if (!$target_user || !$target_user->validateEmailToken($token)) {
$view = new AphrontRequestFailureView();
$view->setHeader('Unable to Login');
$view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>');
$view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>');
return $this->buildStandardPageResponse($view, array('title' => 'Email Sent'));
}
if ($request->getUser()->getPHID() != $target_user->getPHID()) {
$session_key = $target_user->establishSession('web');
$request->setCookie('phusr', $target_user->getUsername());
$request->setCookie('phsid', $session_key);
}
$errors = array();
$e_pass = true;
$e_confirm = true;
if ($request->isFormPost()) {
$e_pass = '******';
$e_confirm = 'Error';
$pass = $request->getStr('password');
$confirm = $request->getStr('confirm');
if (strlen($pass) < 3) {
$errors[] = 'That password is ridiculously short.';
}
if ($pass !== $confirm) {
$errors[] = "Passwords do not match.";
}
if (!$errors) {
$target_user->setPassword($pass);
$target_user->save();
return id(new AphrontRedirectResponse())->setURI('/');
}
}
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Password Reset Failed');
$error_view->setErrors($errors);
} else {
$error_view = null;
}
$form = new AphrontFormView();
$form->setUser($target_user)->setAction('/login/etoken/' . $token . '/')->addHiddenInput('email', $email)->appendChild(id(new AphrontFormPasswordControl())->setLabel('New Password')->setName('password')->setError($e_pass))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Confirm Password')->setName('confirm')->setError($e_confirm))->appendChild(id(new AphrontFormSubmitControl())->setValue('Reset Password')->addCancelButton('/', 'Skip'));
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->setHeader('Reset Password');
$panel->appendChild($form);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
public function render()
{
$request = $this->request;
$provider = $this->provider;
$provider_name = $provider->getProviderName();
$diagnose = null;
$view = new AphrontRequestFailureView();
$view->setHeader($provider_name . ' Auth Failed');
if ($this->request) {
$view->appendChild(hsprintf('<p><strong>Description:</strong> %s</p>', $request->getStr('error_description')));
$view->appendChild(hsprintf('<p><strong>Error:</strong> %s</p>', $request->getStr('error')));
$view->appendChild(hsprintf('<p><strong>Error Reason:</strong> %s</p>', $request->getStr('error_reason')));
} else {
if ($this->exception) {
$view->appendChild(hsprintf('<p><strong>Error Details:</strong> %s</p>', $this->exception->getMessage()));
} else {
// TODO: We can probably refine this.
$view->appendChild(hsprintf('<p>Unable to authenticate with %s. ' . 'There are several reasons this might happen:</p>' . '<ul>' . '<li>Phabricator may be configured with the wrong Application ' . 'Secret; or</li>' . '<li>the %s OAuth access token may have expired; or</li>' . '<li>%s may have revoked authorization for the Application; ' . 'or</li>' . '<li>%s may be having technical problems.</li>' . '</ul>' . '<p>You can try again, or login using another method.</p>', $provider_name, $provider_name, $provider_name, $provider_name));
$provider_key = $provider->getProviderKey();
$diagnose = hsprintf('<a href="/oauth/' . $provider_key . '/diagnose/" class="button green">' . 'Diagnose %s OAuth Problems' . '</a>', $provider_name);
}
}
$view->appendChild('<div class="aphront-failure-continue">' . $diagnose . '<a href="/login/" class="button">Continue</a>' . '</div>');
return $view->render();
}
public function buildResponseString()
{
$failure = new AphrontRequestFailureView();
$failure->setHeader('404 Not Found');
$failure->appendChild('<p>The page you requested was not found.</p>');
$view = new PhabricatorStandardPageView();
$view->setTitle('404 Not Found');
$view->setRequest($this->getRequest());
$view->appendChild($failure);
return $view->render();
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
if (!$user->getIsDisabled()) {
return new Aphront404Response();
}
$failure_view = new AphrontRequestFailureView();
$failure_view->setHeader('Account Disabled');
$failure_view->appendChild('<p>Your account has been disabled.</p>');
return $this->buildStandardPageResponse($failure_view, array('title' => 'Account Disabled'));
}
public function buildResponseString()
{
$forbidden_text = $this->getForbiddenText();
if (!$forbidden_text) {
$forbidden_text = 'You do not have privileges to access the requested page.';
}
$failure = new AphrontRequestFailureView();
$failure->setHeader('403 Forbidden');
$failure->appendChild('<p>' . $forbidden_text . '</p>');
$view = new PhabricatorStandardPageView();
$view->setTitle('403 Forbidden');
$view->setRequest($this->getRequest());
$view->appendChild($failure);
return $view->render();
}
public function processRequest()
{
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
$token = $this->token;
$email = $request->getStr('email');
// NOTE: We need to bind verification to **addresses**, not **users**,
// because we verify addresses when they're used to login this way, and if
// we have a user-based verification you can:
//
// - Add some address you do not own;
// - request a password reset;
// - change the URI in the email to the address you don't own;
// - login via the email link; and
// - get a "verified" address you don't control.
$target_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $email);
$target_user = null;
if ($target_email) {
$target_user = id(new PhabricatorUser())->loadOneWhere('phid = %s', $target_email->getUserPHID());
}
if (!$target_email || !$target_user || !$target_user->validateEmailToken($target_email, $token)) {
$view = new AphrontRequestFailureView();
$view->setHeader('Unable to Login');
$view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>');
$view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>');
return $this->buildStandardPageResponse($view, array('title' => 'Login Failure'));
}
// Verify email so that clicking the link in the "Welcome" email is good
// enough, without requiring users to go through a second round of email
// verification.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$target_email->setIsVerified(1);
$target_email->save();
$session_key = $target_user->establishSession('web');
unset($unguarded);
$request->setCookie('phusr', $target_user->getUsername());
$request->setCookie('phsid', $session_key);
if (PhabricatorEnv::getEnvConfig('account.editable')) {
$next = (string) id(new PhutilURI('/settings/panel/password/'))->setQueryParams(array('token' => $token, 'email' => $email));
} else {
$next = '/';
}
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(array('phusr' => $target_user->getUsername(), 'next' => $next));
return id(new AphrontRedirectResponse())->setURI((string) $uri);
}
public function processRequest()
{
$request = $this->getRequest();
$failures = array();
if (!$request->getStr('phusr')) {
throw new Exception("Login validation is missing expected parameters!");
}
$expect_phusr = $request->getStr('phusr');
$actual_phusr = $request->getCookie('phusr');
if ($actual_phusr != $expect_phusr) {
if ($actual_phusr) {
$cookie_info = "sent back a cookie with the value '{$actual_phusr}'.";
} else {
$cookie_info = "did not accept the cookie.";
}
$failures[] = "Attempted to set 'phusr' cookie to '{$expect_phusr}', but your " . "browser {$cookie_info}";
}
if (!$failures) {
if (!$request->getUser()->getPHID()) {
$failures[] = "Cookies were set correctly, but your session " . "isn't valid.";
}
}
if ($failures) {
$list = array();
foreach ($failures as $failure) {
$list[] = '<li>' . phutil_escape_html($failure) . '</li>';
}
$list = '<ul>' . implode("\n", $list) . '</ul>';
$view = new AphrontRequestFailureView();
$view->setHeader('Login Failed');
$view->appendChild('<p>Login failed:</p>' . $list . '<p><strong>Clear your cookies</strong> and try again.</p>');
$view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/">Try Again</a>' . '</div>');
return $this->buildStandardPageResponse($view, array('title' => 'Login Failed'));
}
$next = nonempty($request->getStr('next'), $request->getCookie('next_uri'));
$request->clearCookie('next_uri');
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
$next = '/';
}
return id(new AphrontRedirectResponse())->setURI($next);
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
$email = $user->loadPrimaryEmail();
if ($email->getIsVerified()) {
return id(new AphrontRedirectResponse())->setURI('/');
}
$email_address = $email->getAddress();
$sent = null;
if ($request->isFormPost()) {
$email->sendVerificationEmail($user);
$sent = new AphrontErrorView();
$sent->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
$sent->setTitle('Email Sent');
$sent->appendChild('<p>Another verification email was sent to <strong>' . phutil_escape_html($email_address) . '</strong>.</p>');
}
$error_view = new AphrontRequestFailureView();
$error_view->setHeader('Check Your Email');
$error_view->appendChild('<p>You must verify your email address to login. You should have a new ' . 'email message from Phabricator with verification instructions in your ' . 'inbox (<strong>' . phutil_escape_html($email_address) . '</strong>).</p>');
$error_view->appendChild('<p>If you did not receive an email, you can click the button below ' . 'to try sending another one.</p>');
$error_view->appendChild('<div class="aphront-failure-continue">' . phabricator_render_form($user, array('action' => '/login/mustverify/', 'method' => 'POST'), phutil_render_tag('button', array(), 'Send Another Email')) . '</div>');
return $this->buildStandardPageResponse(array($sent, $error_view), array('title' => 'Must Verify Email'));
}
public function willSendResponse(AphrontResponse $response)
{
$request = $this->getRequest();
$response->setRequest($request);
if ($response instanceof AphrontDialogResponse) {
if (!$request->isAjax()) {
$view = new PhabricatorStandardPageView();
$view->setRequest($request);
$view->appendChild('<div style="padding: 2em 0;">' . $response->buildResponseString() . '</div>');
$response = new AphrontWebpageResponse();
$response->setContent($view->render());
return $response;
} else {
return id(new AphrontAjaxResponse())->setContent(array('dialog' => $response->buildResponseString()));
}
} else {
if ($response instanceof AphrontRedirectResponse) {
if ($request->isAjax()) {
return id(new AphrontAjaxResponse())->setContent(array('redirect' => $response->getURI()));
}
} else {
if ($response instanceof Aphront404Response) {
$failure = new AphrontRequestFailureView();
$failure->setHeader('404 Not Found');
$failure->appendChild('<p>The page you requested was not found.</p>');
$view = new PhabricatorStandardPageView();
$view->setTitle('404 Not Found');
$view->setRequest($this->getRequest());
$view->appendChild($failure);
$response = new AphrontWebpageResponse();
$response->setContent($view->render());
$response->setHTTPResponseCode(404);
return $response;
}
}
}
return $response;
}
public function processRequest()
{
$request = $this->getRequest();
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
return new Aphront400Response();
}
$e_email = true;
$e_captcha = true;
$errors = array();
if ($request->isFormPost()) {
$e_email = null;
$e_captcha = 'Again';
$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);
if (!$captcha_ok) {
$errors[] = "Captcha response is incorrect, try again.";
$e_captcha = 'Invalid';
}
$email = $request->getStr('email');
if (!strlen($email)) {
$errors[] = "You must provide an email address.";
$e_email = 'Required';
}
if (!$errors) {
// NOTE: Don't validate the email unless the captcha is good; this makes
// it expensive to fish for valid email addresses while giving the user
// a better error if they goof their email.
$target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email);
if (!$target_user) {
$errors[] = "There is no account associated with that email address.";
$e_email = "Invalid";
}
if (!$errors) {
$uri = $target_user->getEmailLoginURI();
$body = <<<EOBODY
Condolences on forgetting your password. You can use this link to reset it:
{$uri}
After you set a new password, consider writing it down on a sticky note and
attaching it to your monitor so you don't forget again! Choosing a very short,
easy-to-remember password like "cat" or "1234" might also help.
Best Wishes,
Phabricator
EOBODY;
$mail = new PhabricatorMetaMTAMail();
$mail->setSubject('[Phabricator] Password Reset');
$mail->setFrom($target_user->getPHID());
$mail->addTos(array($target_user->getPHID()));
$mail->setBody($body);
$mail->saveAndSend();
$view = new AphrontRequestFailureView();
$view->setHeader('Check Your Email');
$view->appendChild('<p>An email has been sent with a link you can use to login.</p>');
return $this->buildStandardPageResponse($view, array('title' => 'Email Sent'));
}
}
}
$email_auth = new AphrontFormView();
$email_auth->setAction('/login/email/')->setUser($request->getUser())->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email))->appendChild(id(new AphrontFormRecaptchaControl())->setLabel('Captcha')->setError($e_captcha))->appendChild(id(new AphrontFormSubmitControl())->setValue('Send Email'));
$error_view = null;
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Login Error');
$error_view->setErrors($errors);
}
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
$panel->appendChild('<h1>Forgot Password / Email Login</h1>');
$panel->appendChild($email_auth);
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account'));
}
