public function processRequest()
{
$request = $this->getRequest();
$this->pages = array('account' => 'Account', 'profile' => 'Profile', 'email' => 'Email', 'password' => 'Password', 'preferences' => 'Preferences', 'conduit' => 'Conduit Certificate');
if (!PhabricatorEnv::getEnvConfig('account.editable') || !PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
unset($this->pages['password']);
}
if (PhabricatorUserSSHKeysSettingsPanelController::isEnabled()) {
$this->pages['sshkeys'] = 'SSH Public Keys';
}
$oauth_providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($oauth_providers as $provider) {
if (!$provider->isProviderEnabled()) {
continue;
}
$key = $provider->getProviderKey();
$name = $provider->getProviderName();
$this->pages[$key] = $name . ' Account';
}
if (empty($this->pages[$this->page])) {
$this->page = key($this->pages);
}
switch ($this->page) {
case 'account':
$delegate = new PhabricatorUserAccountSettingsPanelController($request);
break;
case 'profile':
$delegate = new PhabricatorUserProfileSettingsPanelController($request);
break;
case 'email':
$delegate = new PhabricatorUserEmailSettingsPanelController($request);
break;
case 'password':
$delegate = new PhabricatorUserPasswordSettingsPanelController($request);
break;
case 'conduit':
$delegate = new PhabricatorUserConduitSettingsPanelController($request);
break;
case 'sshkeys':
$delegate = new PhabricatorUserSSHKeysSettingsPanelController($request);
break;
case 'preferences':
$delegate = new PhabricatorUserPreferenceSettingsPanelController($request);
break;
default:
if (empty($this->pages[$this->page])) {
return new Aphront404Response();
}
$delegate = new PhabricatorUserOAuthSettingsPanelController($request);
$delegate->setOAuthProvider($oauth_providers[$this->page]);
}
$response = $this->delegateToController($delegate);
if ($response instanceof AphrontView) {
$sidenav = $this->renderSideNav();
$sidenav->appendChild($response);
return $this->buildStandardPageResponse($sidenav, array('title' => 'Account Settings'));
} else {
return $response;
}
}
public function buildPanels()
{
$panels = array();
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
$panel = clone $this;
$panel->setOAuthProvider($provider);
$panels[] = $panel;
}
return $panels;
}
public function processRequest()
{
$request = $this->getRequest();
$oauth_providers = PhabricatorOAuthProvider::getAllProviders();
$sidenav = $this->renderSideNav($oauth_providers);
$this->page = $sidenav->selectFilter($this->page, 'account');
switch ($this->page) {
case 'account':
$delegate = new PhabricatorUserAccountSettingsPanelController($request);
break;
case 'profile':
$delegate = new PhabricatorUserProfileSettingsPanelController($request);
break;
case 'email':
$delegate = new PhabricatorUserEmailSettingsPanelController($request);
break;
case 'emailpref':
$delegate = new PhabricatorUserEmailPreferenceSettingsPanelController($request);
break;
case 'password':
$delegate = new PhabricatorUserPasswordSettingsPanelController($request);
break;
case 'conduit':
$delegate = new PhabricatorUserConduitSettingsPanelController($request);
break;
case 'sshkeys':
$delegate = new PhabricatorUserSSHKeysSettingsPanelController($request);
break;
case 'preferences':
$delegate = new PhabricatorUserPreferenceSettingsPanelController($request);
break;
case 'search':
$delegate = new PhabricatorUserSearchSettingsPanelController($request);
break;
case 'ldap':
$delegate = new PhabricatorUserLDAPSettingsPanelController($request);
break;
default:
$delegate = new PhabricatorUserOAuthSettingsPanelController($request);
$delegate->setOAuthProvider($oauth_providers[$this->page]);
break;
}
$response = $this->delegateToController($delegate);
if ($response instanceof AphrontView) {
$sidenav->appendChild($response);
return $this->buildStandardPageResponse($sidenav, array('title' => 'Account Settings'));
} else {
return $response;
}
}
private function retrieveOAuthInfo(PhabricatorOAuthProvider $provider)
{
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere('oauthProvider = %s and oauthUID = %s', $provider->getProviderKey(), $provider->retrieveUserID());
if (!$oauth_info) {
$oauth_info = new PhabricatorUserOAuthInfo();
$oauth_info->setOAuthProvider($provider->getProviderKey());
$oauth_info->setOAuthUID($provider->retrieveUserID());
}
$oauth_info->setAccountURI($provider->retrieveUserAccountURI());
$oauth_info->setAccountName($provider->retrieveUserAccountName());
$oauth_info->setToken($provider->getAccessToken());
$oauth_info->setTokenStatus(PhabricatorUserOAuthInfo::TOKEN_STATUS_GOOD);
// If we have out-of-date expiration info, just clear it out. Then replace
// it with good info if the provider gave it to us.
$expires = $oauth_info->getTokenExpires();
if ($expires <= time()) {
$expires = null;
}
if ($this->tokenExpires) {
$expires = $this->tokenExpires;
}
$oauth_info->setTokenExpires($expires);
return $oauth_info;
}
public function willProcessRequest(array $data)
{
$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
}
public function processRequest()
{
$viewer = $this->getRequest()->getUser();
$user = id(new PhabricatorUser())->loadOneWhere('userName = %s', $this->username);
if (!$user) {
return new Aphront404Response();
}
$profile = id(new PhabricatorUserProfile())->loadOneWhere('userPHID = %s', $user->getPHID());
if (!$profile) {
$profile = new PhabricatorUserProfile();
}
$links = array();
if ($user->getPHID() == $viewer->getPHID()) {
$links[] = phutil_render_tag('a', array('href' => '/settings/page/profile/'), 'Edit Profile');
}
$oauths = id(new PhabricatorUserOAuthInfo())->loadAllWhere('userID = %d', $user->getID());
$oauths = mpull($oauths, null, 'getOAuthProvider');
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
if (!$provider->isProviderEnabled()) {
continue;
}
$provider_key = $provider->getProviderKey();
if (!isset($oauths[$provider_key])) {
continue;
}
$name = $provider->getProviderName() . ' Profile';
$href = $oauths[$provider_key]->getAccountURI();
if ($href) {
$links[] = phutil_render_tag('a', array('href' => $href), phutil_escape_html($name));
}
}
// TODO: perhaps, if someone wants to add to the profile of the user the
// ability to show the task/revisions where he is working/commenting
// on, this has to be changed to something like
// |$this->page = key($pages)|, since the "page" regexp was added to
// the aphrontconfiguration.
if (empty($links[$this->page])) {
$this->page = 'action';
}
switch ($this->page) {
default:
$content = $this->renderBasicInformation($user, $profile);
break;
}
$src_phid = $profile->getProfileImagePHID();
if (!$src_phid) {
$src_phid = $user->getProfileImagePHID();
}
$picture = PhabricatorFileURI::getViewURIForPHID($src_phid);
$title = nonempty($profile->getTitle(), 'Untitled Document');
$realname = '(' . $user->getRealName() . ')';
$profile = new PhabricatorProfileView();
$profile->setProfilePicture($picture);
$profile->setProfileNames($user->getUserName(), $realname, $title);
foreach ($links as $page => $name) {
if (is_integer($page)) {
$profile->addProfileItem(phutil_render_tag('span', array(), $name));
} else {
$profile->addProfileItem($page);
}
}
$profile->appendChild($content);
return $this->buildStandardPageResponse($profile, array('title' => $user->getUsername()));
}
public function processRequest()
{
$request = $this->getRequest();
if ($request->getUser()->getPHID()) {
// Kick the user out if they're already logged in.
return id(new AphrontRedirectResponse())->setURI('/');
}
$next_uri = $this->getRequest()->getPath();
$request->setCookie('next_uri', $next_uri);
if ($next_uri == '/login/' && !$request->isFormPost()) {
// The user went straight to /login/, so presumably they want to go
// to the dashboard upon logging in. Because, you know, that's logical.
// And people are logical. Sometimes... Fine, no they're not.
// We check for POST here because getPath() would get reset to /login/.
$request->setCookie('next_uri', '/');
}
// Always use $request->getCookie('next_uri', '/') after the above.
$password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
$forms = array();
$error_view = null;
if ($password_auth) {
$error = false;
$username_or_email = $request->getCookie('phusr');
if ($request->isFormPost()) {
$username_or_email = $request->getStr('username_or_email');
$user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
if (!$user) {
$user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email);
}
$okay = false;
if ($user) {
if ($user->comparePassword($request->getStr('password'))) {
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
return id(new AphrontRedirectResponse())->setURI($request->getCookie('next_uri', '/'));
} else {
$log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
$log->save();
}
}
if (!$okay) {
$request->clearCookie('phusr');
$request->clearCookie('phsid');
}
$error = true;
}
if ($error) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Bad username/password.');
}
$form = new AphrontFormView();
$form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>'))->appendChild(id(new AphrontFormSubmitControl())->setValue('Login'));
// $panel->setCreateButton('Register New Account', '/login/register/');
$forms['Phabricator Login'] = $form;
}
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
$enabled = $provider->isProviderEnabled();
if (!$enabled) {
continue;
}
$auth_uri = $provider->getAuthURI();
$redirect_uri = $provider->getRedirectURI();
$client_id = $provider->getClientID();
$provider_name = $provider->getProviderName();
$minimum_scope = $provider->getMinimumScope();
$extra_auth = $provider->getExtraAuthParameters();
// TODO: In theory we should use 'state' to prevent CSRF, but the total
// effect of the CSRF attack is that an attacker can cause a user to login
// to Phabricator if they're already logged into some OAuth provider. This
// does not seem like the most severe threat in the world, and generating
// CSRF for logged-out users is vaugely tricky.
if ($provider->isProviderRegistrationEnabled()) {
$title = "Login or Register with {$provider_name}";
$body = "Login or register for Phabricator using your " . "{$provider_name} account.";
$button = "Login or Register with {$provider_name}";
} else {
$title = "Login with {$provider_name}";
$body = "Login to your existing Phabricator account using your " . "{$provider_name} account.<br /><br /><strong>You can not use " . "{$provider_name} to register a new account.</strong>";
$button = "Login with {$provider_name}";
}
$auth_form = new AphrontFormView();
$auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope);
foreach ($extra_auth as $key => $value) {
$auth_form->addHiddenInput($key, $value);
}
$auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »"));
$forms[$title] = $auth_form;
}
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
foreach ($forms as $name => $form) {
$panel->appendChild('<h1>' . $name . '</h1>');
$panel->appendChild($form);
$panel->appendChild('<br />');
}
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login'));
}
public function processRequest()
{
$request = $this->getRequest();
if ($request->getUser()->getPHID()) {
// Kick the user out if they're already logged in.
return id(new AphrontRedirectResponse())->setURI('/');
}
if ($request->isConduit()) {
// A common source of errors in Conduit client configuration is getting
// the request path wrong. The client will end up here, so make some
// effort to give them a comprehensible error message.
$request_path = $this->getRequest()->getPath();
$conduit_path = '/api/<method>';
$example_path = '/api/conduit.ping';
$message = "ERROR: You are making a Conduit API request to '{$request_path}', " . "but the correct HTTP request path to use in order to access a " . "Conduit method is '{$conduit_path}' (for example, " . "'{$example_path}'). Check your configuration.";
return id(new AphrontPlainTextResponse())->setContent($message);
}
$error_view = null;
if ($request->getCookie('phusr') && $request->getCookie('phsid')) {
// The session cookie is invalid, so clear it.
$request->clearCookie('phusr');
$request->clearCookie('phsid');
$error_view = new AphrontErrorView();
$error_view->setTitle('Invalid Session');
$error_view->setErrors(array("Your login session is invalid. Try logging in again. If that " . "doesn't work, clear your browser cookies."));
}
$next_uri = $this->getRequest()->getPath();
if ($next_uri == '/login/') {
$next_uri = '/';
}
if (!$request->isFormPost()) {
$request->setCookie('next_uri', $next_uri);
}
$password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
$forms = array();
$errors = array();
if ($password_auth) {
$require_captcha = false;
$e_captcha = true;
$username_or_email = $request->getCookie('phusr');
if ($request->isFormPost()) {
if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_LOGIN_FAILURE, 60 * 15);
if (count($failed_attempts) > 5) {
$require_captcha = true;
if (!AphrontFormRecaptchaControl::processCaptcha($request)) {
if (AphrontFormRecaptchaControl::hasCaptchaResponse($request)) {
$e_captcha = 'Invalid';
$errors[] = 'CAPTCHA was not entered correctly.';
} else {
$e_captcha = 'Required';
$errors[] = 'Too many login failures recently. You must ' . 'submit a CAPTCHA with your login request.';
}
}
}
}
$username_or_email = $request->getStr('username_or_email');
$user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
if (!$user) {
$user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email);
}
if (!$errors) {
// Perform username/password tests only if we didn't get rate limited
// by the CAPTCHA.
if (!$user || !$user->comparePassword($request->getStr('password'))) {
$errors[] = 'Bad username/password.';
}
}
if (!$errors) {
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(array('phusr' => $user->getUsername()));
return id(new AphrontRedirectResponse())->setURI((string) $uri);
} else {
$log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
$log->save();
$request->clearCookie('phusr');
$request->clearCookie('phsid');
}
}
if ($errors) {
$error_view = new AphrontErrorView();
$error_view->setTitle('Login Failed');
$error_view->setErrors($errors);
}
$form = new AphrontFormView();
$form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>'));
if ($require_captcha) {
$form->appendChild(id(new AphrontFormRecaptchaControl())->setError($e_captcha));
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue('Login'));
// $panel->setCreateButton('Register New Account', '/login/register/');
$forms['Phabricator Login'] = $form;
}
$providers = PhabricatorOAuthProvider::getAllProviders();
foreach ($providers as $provider) {
$enabled = $provider->isProviderEnabled();
if (!$enabled) {
continue;
}
$auth_uri = $provider->getAuthURI();
$redirect_uri = $provider->getRedirectURI();
$client_id = $provider->getClientID();
$provider_name = $provider->getProviderName();
$minimum_scope = $provider->getMinimumScope();
$extra_auth = $provider->getExtraAuthParameters();
// TODO: In theory we should use 'state' to prevent CSRF, but the total
// effect of the CSRF attack is that an attacker can cause a user to login
// to Phabricator if they're already logged into some OAuth provider. This
// does not seem like the most severe threat in the world, and generating
// CSRF for logged-out users is vaugely tricky.
if ($provider->isProviderRegistrationEnabled()) {
$title = "Login or Register with {$provider_name}";
$body = 'Login or register for Phabricator using your ' . phutil_escape_html($provider_name) . ' account.';
$button = "Login or Register with {$provider_name}";
} else {
$title = "Login with {$provider_name}";
$body = 'Login to your existing Phabricator account using your ' . phutil_escape_html($provider_name) . ' account.<br /><br />' . '<strong>You can not use ' . phutil_escape_html($provider_name) . ' to register a new ' . 'account.</strong>';
$button = "Login with {$provider_name}";
}
$auth_form = new AphrontFormView();
$auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope);
foreach ($extra_auth as $key => $value) {
$auth_form->addHiddenInput($key, $value);
}
$auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »"));
$forms[$title] = $auth_form;
}
$panel = new AphrontPanelView();
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
foreach ($forms as $name => $form) {
$panel->appendChild('<h1>' . $name . '</h1>');
$panel->appendChild($form);
$panel->appendChild('<br />');
}
return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login'));
}
public function processRequest()
{
$viewer = $this->getRequest()->getUser();
$user = id(new PhabricatorUser())->loadOneWhere('userName = %s', $this->username);
if (!$user) {
return new Aphront404Response();
}
require_celerity_resource('phabricator-profile-css');
$profile = id(new PhabricatorUserProfile())->loadOneWhere('userPHID = %s', $user->getPHID());
if (!$profile) {
$profile = new PhabricatorUserProfile();
}
$username = phutil_escape_uri($user->getUserName());
$nav = new AphrontSideNavFilterView();
$nav->setBaseURI(new PhutilURI('/p/' . $username . '/'));
$nav->addFilter('feed', 'Feed');
$nav->addFilter('about', 'About');
$nav->addSpacer();
$nav->addLabel('Activity');
$external_arrow = "↗";
$nav->addFilter(null, "Revisions {$external_arrow}", '/differential/filter/revisions/' . $username . '/');
$nav->addFilter(null, "Tasks {$external_arrow}", '/maniphest/view/action/?users=' . $user->getPHID());
$nav->addFilter(null, "Commits {$external_arrow}", '/audit/view/author/' . $username . '/');
$oauths = id(new PhabricatorUserOAuthInfo())->loadAllWhere('userID = %d', $user->getID());
$oauths = mpull($oauths, null, 'getOAuthProvider');
$providers = PhabricatorOAuthProvider::getAllProviders();
$added_spacer = false;
foreach ($providers as $provider) {
if (!$provider->isProviderEnabled()) {
continue;
}
$provider_key = $provider->getProviderKey();
if (!isset($oauths[$provider_key])) {
continue;
}
$name = $provider->getProviderName() . ' Profile';
$href = $oauths[$provider_key]->getAccountURI();
if ($href) {
if (!$added_spacer) {
$nav->addSpacer();
$nav->addLabel('Linked Accounts');
$added_spacer = true;
}
$nav->addFilter(null, $name . ' ' . $external_arrow, $href);
}
}
$this->page = $nav->selectFilter($this->page, 'feed');
switch ($this->page) {
case 'feed':
$content = $this->renderUserFeed($user);
break;
case 'about':
$content = $this->renderBasicInformation($user, $profile);
break;
default:
throw new Exception("Unknown page '{$this->page}'!");
}
$picture = $user->loadProfileImageURI();
$header = new PhabricatorProfileHeaderView();
$header->setProfilePicture($picture)->setName($user->getUserName() . ' (' . $user->getRealName() . ')')->setDescription($profile->getTitle());
if ($user->getIsDisabled()) {
$header->setStatus('Disabled');
} else {
$statuses = id(new PhabricatorUserStatus())->loadCurrentStatuses(array($user->getPHID()));
if ($statuses) {
$header->setStatus(reset($statuses)->getStatusDescription($viewer));
}
}
$header->appendChild($nav);
$nav->appendChild('<div style="padding: 1em;">' . $content . '</div>');
if ($user->getPHID() == $viewer->getPHID()) {
$nav->addSpacer();
$nav->addFilter(null, 'Edit Profile...', '/settings/page/profile/');
}
if ($viewer->getIsAdmin()) {
$nav->addSpacer();
$nav->addFilter(null, 'Administrate User...', '/people/edit/' . $user->getID() . '/');
}
return $this->buildStandardPageResponse($header, array('title' => $user->getUsername()));
}
private function retrieveOAuthInfo(PhabricatorOAuthProvider $provider)
{
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere('oauthProvider = %s and oauthUID = %s', $provider->getProviderKey(), $provider->retrieveUserID());
$scope = $this->getRequest()->getStr('scope');
if (!$oauth_info) {
$oauth_info = new PhabricatorUserOAuthInfo();
$oauth_info->setOAuthProvider($provider->getProviderKey());
$oauth_info->setOAuthUID($provider->retrieveUserID());
// some providers don't tell you what scope you got, so default
// to the minimum Phabricator requires rather than assuming no scope
if (!$scope) {
$scope = $provider->getMinimumScope();
}
}
$oauth_info->setAccountURI($provider->retrieveUserAccountURI());
$oauth_info->setAccountName($provider->retrieveUserAccountName());
$oauth_info->setToken($provider->getAccessToken());
$oauth_info->setTokenStatus(PhabricatorUserOAuthInfo::TOKEN_STATUS_GOOD);
$oauth_info->setTokenScope($scope);
// If we have out-of-date expiration info, just clear it out. Then replace
// it with good info if the provider gave it to us.
$expires = $oauth_info->getTokenExpires();
if ($expires <= time()) {
$expires = null;
}
if ($this->tokenExpires) {
$expires = $this->tokenExpires;
}
$oauth_info->setTokenExpires($expires);
return $oauth_info;
}
