private function handleLoggedInInvite(PhabricatorAuthInvite $invite, PhabricatorUser $viewer, PhabricatorUserEmail $email = null)
{
if ($email && $email->getUserPHID() !== $viewer->getPHID()) {
$other_user = $this->loadUserForEmail($email);
if ($email->getIsVerified()) {
throw id(new PhabricatorAuthInviteAccountException(pht('Wrong Account'), pht('You are logged in as %s, but the email address you just ' . 'clicked a link from is already verified and associated ' . 'with another account (%s). Switch accounts, then try again.', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $other_user->getName()))))->setSubmitButtonText(pht('Log Out'))->setSubmitButtonURI($this->getLogoutURI())->setCancelButtonURI('/');
} else {
if ($email->getIsPrimary()) {
// NOTE: We never steal primary addresses from other accounts, even
// if they are unverified. This would leave the other account with
// no address. Users can use password recovery to access the other
// account if they really control the address.
throw id(new PhabricatorAuthInviteAccountException(pht('Wrong Acount'), pht('You are logged in as %s, but the email address you just ' . 'clicked a link from is already the primary email address ' . 'for another account (%s). Switch accounts, then try again.', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $other_user->getName()))))->setSubmitButtonText(pht('Log Out'))->setSubmitButtonURI($this->getLogoutURI())->setCancelButtonURI('/');
} else {
if (!$this->shouldVerify()) {
throw id(new PhabricatorAuthInviteVerifyException(pht('Verify Email'), pht('You are logged in as %s, but the email address (%s) you just ' . 'clicked a link from is already associated with another ' . 'account (%s). You can log out to switch accounts, or verify ' . 'the address and attach it to your current account. Attach ' . 'email address %s to user account %s?', phutil_tag('strong', array(), $viewer->getUsername()), phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $other_user->getName()), phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $viewer->getUsername()))))->setSubmitButtonText(pht('Verify %s', $invite->getEmailAddress()))->setCancelButtonText(pht('Log Out'))->setCancelButtonURI($this->getLogoutURI());
}
}
}
}
if (!$email) {
$email = id(new PhabricatorUserEmail())->setAddress($invite->getEmailAddress())->setIsVerified(0)->setIsPrimary(0);
}
if (!$email->getIsVerified()) {
// We're doing this check here so that we can verify the address if
// it's already attached to the viewer's account, just not verified.
if (!$this->shouldVerify()) {
throw id(new PhabricatorAuthInviteVerifyException(pht('Verify Email'), pht('Verify this email address (%s) and attach it to your ' . 'account (%s)?', phutil_tag('strong', array(), $invite->getEmailAddress()), phutil_tag('strong', array(), $viewer->getUsername()))))->setSubmitButtonText(pht('Verify %s', $invite->getEmailAddress()))->setCancelButtonURI('/');
}
$editor = id(new PhabricatorUserEditor())->setActor($viewer);
// If this is a new email, add it to the user's account.
if (!$email->getUserPHID()) {
$editor->addEmail($viewer, $email);
}
// If another user added this email (but has not verified it),
// take it from them.
$editor->reassignEmail($viewer, $email);
$editor->verifyEmail($viewer, $email);
}
$invite->setAcceptedByPHID($viewer->getPHID());
$invite->save();
// If we make it here, the user was already logged in with the email
// address attached to their account and verified, or we attached it to
// their account (if it was not already attached) and verified it.
throw new PhabricatorAuthInviteRegisteredException();
}
