phorge-phorge/src/applications/auth/controller/PhabricatorAuthDowngradeSessionController.php

<?php

final class PhabricatorAuthDowngradeSessionController
  extends PhabricatorAuthController {

  public function processRequest() {
    $request = $this->getRequest();
    $viewer = $request->getUser();

    $panel_uri = '/settings/panel/sessions/';

    $session = $viewer->getSession();
    if ($session->getHighSecurityUntil() < time()) {
      return $this->newDialog()
        ->setTitle(pht('Normal Security Restored'))
        ->appendParagraph(
          pht('Your session is no longer in high security.'))
        ->addCancelButton($panel_uri, pht('Continue'));
    }

    if ($request->isFormPost()) {

      queryfx(
        $session->establishConnection('w'),
        'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',
        $session->getTableName(),
        $session->getID());

      return id(new AphrontRedirectResponse())
        ->setURI($this->getApplicationURI('session/downgrade/'));
    }

    return $this->newDialog()
      ->setTitle(pht('Leaving High Security'))
      ->appendParagraph(
        pht(
          'Leave high security and return your session to normal '.
          'security levels?'))
      ->appendParagraph(
        pht(
          'If you leave high security, you will need to authenticate '.
          'again the next time you try to take a high security action.'))
      ->appendParagraph(
        pht(
          'On the plus side, that purple notification bubble will '.
          'disappear.'))
      ->addSubmitButton(pht('Leave High Security'))
      ->addCancelButton($panel_uri, pht('Stay in High Security'));
  }


}
Add "High Security" mode to support multi-factor auth Summary: Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode". This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots. Test Plan: See guided walkthrough. Reviewers: chad, btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8851 2014-04-28 02:31:11 +02:00			`<?php`

			`final class PhabricatorAuthDowngradeSessionController`
			`extends PhabricatorAuthController {`

			`public function processRequest() {`
			`$request = $this->getRequest();`
			`$viewer = $request->getUser();`

			`$panel_uri = '/settings/panel/sessions/';`

			`$session = $viewer->getSession();`
			`if ($session->getHighSecurityUntil() < time()) {`
			`return $this->newDialog()`
			`->setTitle(pht('Normal Security Restored'))`
			`->appendParagraph(`
			`pht('Your session is no longer in high security.'))`
			`->addCancelButton($panel_uri, pht('Continue'));`
			`}`

			`if ($request->isFormPost()) {`

			`queryfx(`
			`$session->establishConnection('w'),`
			`'UPDATE %T SET highSecurityUntil = NULL WHERE id = %d',`
			`$session->getTableName(),`
			`$session->getID());`

			`return id(new AphrontRedirectResponse())`
			`->setURI($this->getApplicationURI('session/downgrade/'));`
			`}`

			`return $this->newDialog()`
			`->setTitle(pht('Leaving High Security'))`
			`->appendParagraph(`
			`pht(`
			`'Leave high security and return your session to normal '.`
			`'security levels?'))`
			`->appendParagraph(`
			`pht(`
			`'If you leave high security, you will need to authenticate '.`
			`'again the next time you try to take a high security action.'))`
			`->appendParagraph(`
			`pht(`
			`'On the plus side, that purple notification bubble will '.`
			`'disappear.'))`
			`->addSubmitButton(pht('Leave High Security'))`
			`->addCancelButton($panel_uri, pht('Stay in High Security'));`
			`}`


			`}`