public function processRequest() { $request = $this->getRequest(); if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { return new Aphront400Response(); } if ($request->getUser()->getPHID()) { $view = new AphrontRequestFailureView(); $view->setHeader('Already Logged In'); $view->appendChild('<p>You are already logged in.</p>'); $view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/">Return Home</a>' . '</div>'); return $this->buildStandardPageResponse($view, array('title' => 'Already Logged In')); } $token = $this->token; $email = $request->getStr('email'); $target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email); if (!$target_user || !$target_user->validateEmailToken($token)) { $view = new AphrontRequestFailureView(); $view->setHeader('Unable to Login'); $view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>'); $view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>'); return $this->buildStandardPageResponse($view, array('title' => 'Email Sent')); } $session_key = $target_user->establishSession('web'); $request->setCookie('phusr', $target_user->getUsername()); $request->setCookie('phsid', $session_key); if (PhabricatorEnv::getEnvConfig('account.editable')) { $next = '/settings/page/password/?token=' . $token; } else { $next = '/'; } $uri = new PhutilURI('/login/validate/'); $uri->setQueryParams(array('phusr' => $target_user->getUsername(), 'next' => $next)); return id(new AphrontRedirectResponse())->setURI((string) $uri); }
public function processRequest() { $request = $this->getRequest(); if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { return new Aphront400Response(); } $token = $this->token; $email = $request->getStr('email'); $target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email); if (!$target_user || !$target_user->validateEmailToken($token)) { $view = new AphrontRequestFailureView(); $view->setHeader('Unable to Login'); $view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>'); $view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>'); return $this->buildStandardPageResponse($view, array('title' => 'Email Sent')); } if ($request->getUser()->getPHID() != $target_user->getPHID()) { $session_key = $target_user->establishSession('web'); $request->setCookie('phusr', $target_user->getUsername()); $request->setCookie('phsid', $session_key); } $errors = array(); $e_pass = true; $e_confirm = true; if ($request->isFormPost()) { $e_pass = '******'; $e_confirm = 'Error'; $pass = $request->getStr('password'); $confirm = $request->getStr('confirm'); if (strlen($pass) < 3) { $errors[] = 'That password is ridiculously short.'; } if ($pass !== $confirm) { $errors[] = "Passwords do not match."; } if (!$errors) { $target_user->setPassword($pass); $target_user->save(); return id(new AphrontRedirectResponse())->setURI('/'); } } if ($errors) { $error_view = new AphrontErrorView(); $error_view->setTitle('Password Reset Failed'); $error_view->setErrors($errors); } else { $error_view = null; } $form = new AphrontFormView(); $form->setUser($target_user)->setAction('/login/etoken/' . $token . '/')->addHiddenInput('email', $email)->appendChild(id(new AphrontFormPasswordControl())->setLabel('New Password')->setName('password')->setError($e_pass))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Confirm Password')->setName('confirm')->setError($e_confirm))->appendChild(id(new AphrontFormSubmitControl())->setValue('Reset Password')->addCancelButton('/', 'Skip')); $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->setHeader('Reset Password'); $panel->appendChild($form); return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account')); }
public function render() { $request = $this->request; $provider = $this->provider; $provider_name = $provider->getProviderName(); $diagnose = null; $view = new AphrontRequestFailureView(); $view->setHeader($provider_name . ' Auth Failed'); if ($this->request) { $view->appendChild(hsprintf('<p><strong>Description:</strong> %s</p>', $request->getStr('error_description'))); $view->appendChild(hsprintf('<p><strong>Error:</strong> %s</p>', $request->getStr('error'))); $view->appendChild(hsprintf('<p><strong>Error Reason:</strong> %s</p>', $request->getStr('error_reason'))); } else { if ($this->exception) { $view->appendChild(hsprintf('<p><strong>Error Details:</strong> %s</p>', $this->exception->getMessage())); } else { // TODO: We can probably refine this. $view->appendChild(hsprintf('<p>Unable to authenticate with %s. ' . 'There are several reasons this might happen:</p>' . '<ul>' . '<li>Phabricator may be configured with the wrong Application ' . 'Secret; or</li>' . '<li>the %s OAuth access token may have expired; or</li>' . '<li>%s may have revoked authorization for the Application; ' . 'or</li>' . '<li>%s may be having technical problems.</li>' . '</ul>' . '<p>You can try again, or login using another method.</p>', $provider_name, $provider_name, $provider_name, $provider_name)); $provider_key = $provider->getProviderKey(); $diagnose = hsprintf('<a href="/oauth/' . $provider_key . '/diagnose/" class="button green">' . 'Diagnose %s OAuth Problems' . '</a>', $provider_name); } } $view->appendChild('<div class="aphront-failure-continue">' . $diagnose . '<a href="/login/" class="button">Continue</a>' . '</div>'); return $view->render(); }
public function buildResponseString() { $failure = new AphrontRequestFailureView(); $failure->setHeader('404 Not Found'); $failure->appendChild('<p>The page you requested was not found.</p>'); $view = new PhabricatorStandardPageView(); $view->setTitle('404 Not Found'); $view->setRequest($this->getRequest()); $view->appendChild($failure); return $view->render(); }
public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); if (!$user->getIsDisabled()) { return new Aphront404Response(); } $failure_view = new AphrontRequestFailureView(); $failure_view->setHeader('Account Disabled'); $failure_view->appendChild('<p>Your account has been disabled.</p>'); return $this->buildStandardPageResponse($failure_view, array('title' => 'Account Disabled')); }
public function buildResponseString() { $forbidden_text = $this->getForbiddenText(); if (!$forbidden_text) { $forbidden_text = 'You do not have privileges to access the requested page.'; } $failure = new AphrontRequestFailureView(); $failure->setHeader('403 Forbidden'); $failure->appendChild('<p>' . $forbidden_text . '</p>'); $view = new PhabricatorStandardPageView(); $view->setTitle('403 Forbidden'); $view->setRequest($this->getRequest()); $view->appendChild($failure); return $view->render(); }
public function processRequest() { $request = $this->getRequest(); if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { return new Aphront400Response(); } $token = $this->token; $email = $request->getStr('email'); // NOTE: We need to bind verification to **addresses**, not **users**, // because we verify addresses when they're used to login this way, and if // we have a user-based verification you can: // // - Add some address you do not own; // - request a password reset; // - change the URI in the email to the address you don't own; // - login via the email link; and // - get a "verified" address you don't control. $target_email = id(new PhabricatorUserEmail())->loadOneWhere('address = %s', $email); $target_user = null; if ($target_email) { $target_user = id(new PhabricatorUser())->loadOneWhere('phid = %s', $target_email->getUserPHID()); } if (!$target_email || !$target_user || !$target_user->validateEmailToken($target_email, $token)) { $view = new AphrontRequestFailureView(); $view->setHeader('Unable to Login'); $view->appendChild('<p>The authentication information in the link you clicked is ' . 'invalid or out of date. Make sure you are copy-and-pasting the ' . 'entire link into your browser. You can try again, or request ' . 'a new email.</p>'); $view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/email/">Send Another Email</a>' . '</div>'); return $this->buildStandardPageResponse($view, array('title' => 'Login Failure')); } // Verify email so that clicking the link in the "Welcome" email is good // enough, without requiring users to go through a second round of email // verification. $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $target_email->setIsVerified(1); $target_email->save(); $session_key = $target_user->establishSession('web'); unset($unguarded); $request->setCookie('phusr', $target_user->getUsername()); $request->setCookie('phsid', $session_key); if (PhabricatorEnv::getEnvConfig('account.editable')) { $next = (string) id(new PhutilURI('/settings/panel/password/'))->setQueryParams(array('token' => $token, 'email' => $email)); } else { $next = '/'; } $uri = new PhutilURI('/login/validate/'); $uri->setQueryParams(array('phusr' => $target_user->getUsername(), 'next' => $next)); return id(new AphrontRedirectResponse())->setURI((string) $uri); }
public function processRequest() { $request = $this->getRequest(); $failures = array(); if (!$request->getStr('phusr')) { throw new Exception("Login validation is missing expected parameters!"); } $expect_phusr = $request->getStr('phusr'); $actual_phusr = $request->getCookie('phusr'); if ($actual_phusr != $expect_phusr) { if ($actual_phusr) { $cookie_info = "sent back a cookie with the value '{$actual_phusr}'."; } else { $cookie_info = "did not accept the cookie."; } $failures[] = "Attempted to set 'phusr' cookie to '{$expect_phusr}', but your " . "browser {$cookie_info}"; } if (!$failures) { if (!$request->getUser()->getPHID()) { $failures[] = "Cookies were set correctly, but your session " . "isn't valid."; } } if ($failures) { $list = array(); foreach ($failures as $failure) { $list[] = '<li>' . phutil_escape_html($failure) . '</li>'; } $list = '<ul>' . implode("\n", $list) . '</ul>'; $view = new AphrontRequestFailureView(); $view->setHeader('Login Failed'); $view->appendChild('<p>Login failed:</p>' . $list . '<p><strong>Clear your cookies</strong> and try again.</p>'); $view->appendChild('<div class="aphront-failure-continue">' . '<a class="button" href="/login/">Try Again</a>' . '</div>'); return $this->buildStandardPageResponse($view, array('title' => 'Login Failed')); } $next = nonempty($request->getStr('next'), $request->getCookie('next_uri')); $request->clearCookie('next_uri'); if (!PhabricatorEnv::isValidLocalWebResource($next)) { $next = '/'; } return id(new AphrontRedirectResponse())->setURI($next); }
public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); $email = $user->loadPrimaryEmail(); if ($email->getIsVerified()) { return id(new AphrontRedirectResponse())->setURI('/'); } $email_address = $email->getAddress(); $sent = null; if ($request->isFormPost()) { $email->sendVerificationEmail($user); $sent = new AphrontErrorView(); $sent->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $sent->setTitle('Email Sent'); $sent->appendChild('<p>Another verification email was sent to <strong>' . phutil_escape_html($email_address) . '</strong>.</p>'); } $error_view = new AphrontRequestFailureView(); $error_view->setHeader('Check Your Email'); $error_view->appendChild('<p>You must verify your email address to login. You should have a new ' . 'email message from Phabricator with verification instructions in your ' . 'inbox (<strong>' . phutil_escape_html($email_address) . '</strong>).</p>'); $error_view->appendChild('<p>If you did not receive an email, you can click the button below ' . 'to try sending another one.</p>'); $error_view->appendChild('<div class="aphront-failure-continue">' . phabricator_render_form($user, array('action' => '/login/mustverify/', 'method' => 'POST'), phutil_render_tag('button', array(), 'Send Another Email')) . '</div>'); return $this->buildStandardPageResponse(array($sent, $error_view), array('title' => 'Must Verify Email')); }
public function willSendResponse(AphrontResponse $response) { $request = $this->getRequest(); $response->setRequest($request); if ($response instanceof AphrontDialogResponse) { if (!$request->isAjax()) { $view = new PhabricatorStandardPageView(); $view->setRequest($request); $view->appendChild('<div style="padding: 2em 0;">' . $response->buildResponseString() . '</div>'); $response = new AphrontWebpageResponse(); $response->setContent($view->render()); return $response; } else { return id(new AphrontAjaxResponse())->setContent(array('dialog' => $response->buildResponseString())); } } else { if ($response instanceof AphrontRedirectResponse) { if ($request->isAjax()) { return id(new AphrontAjaxResponse())->setContent(array('redirect' => $response->getURI())); } } else { if ($response instanceof Aphront404Response) { $failure = new AphrontRequestFailureView(); $failure->setHeader('404 Not Found'); $failure->appendChild('<p>The page you requested was not found.</p>'); $view = new PhabricatorStandardPageView(); $view->setTitle('404 Not Found'); $view->setRequest($this->getRequest()); $view->appendChild($failure); $response = new AphrontWebpageResponse(); $response->setContent($view->render()); $response->setHTTPResponseCode(404); return $response; } } } return $response; }
public function processRequest() { $request = $this->getRequest(); if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { return new Aphront400Response(); } $e_email = true; $e_captcha = true; $errors = array(); if ($request->isFormPost()) { $e_email = null; $e_captcha = 'Again'; $captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request); if (!$captcha_ok) { $errors[] = "Captcha response is incorrect, try again."; $e_captcha = 'Invalid'; } $email = $request->getStr('email'); if (!strlen($email)) { $errors[] = "You must provide an email address."; $e_email = 'Required'; } if (!$errors) { // NOTE: Don't validate the email unless the captcha is good; this makes // it expensive to fish for valid email addresses while giving the user // a better error if they goof their email. $target_user = id(new PhabricatorUser())->loadOneWhere('email = %s', $email); if (!$target_user) { $errors[] = "There is no account associated with that email address."; $e_email = "Invalid"; } if (!$errors) { $uri = $target_user->getEmailLoginURI(); $body = <<<EOBODY Condolences on forgetting your password. You can use this link to reset it: {$uri} After you set a new password, consider writing it down on a sticky note and attaching it to your monitor so you don't forget again! Choosing a very short, easy-to-remember password like "cat" or "1234" might also help. Best Wishes, Phabricator EOBODY; $mail = new PhabricatorMetaMTAMail(); $mail->setSubject('[Phabricator] Password Reset'); $mail->setFrom($target_user->getPHID()); $mail->addTos(array($target_user->getPHID())); $mail->setBody($body); $mail->saveAndSend(); $view = new AphrontRequestFailureView(); $view->setHeader('Check Your Email'); $view->appendChild('<p>An email has been sent with a link you can use to login.</p>'); return $this->buildStandardPageResponse($view, array('title' => 'Email Sent')); } } } $email_auth = new AphrontFormView(); $email_auth->setAction('/login/email/')->setUser($request->getUser())->appendChild(id(new AphrontFormTextControl())->setLabel('Email')->setName('email')->setValue($request->getStr('email'))->setError($e_email))->appendChild(id(new AphrontFormRecaptchaControl())->setLabel('Captcha')->setError($e_captcha))->appendChild(id(new AphrontFormSubmitControl())->setValue('Send Email')); $error_view = null; if ($errors) { $error_view = new AphrontErrorView(); $error_view->setTitle('Login Error'); $error_view->setErrors($errors); } $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->appendChild('<h1>Forgot Password / Email Login</h1>'); $panel->appendChild($email_auth); return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Create New Account')); }