2011-01-31 03:52:29 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
2012-03-10 00:46:25 +01:00
|
|
|
* Copyright 2012 Facebook, Inc.
|
2011-01-31 03:52:29 +01:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-03-10 00:46:25 +01:00
|
|
|
final class PhabricatorLogoutController
|
|
|
|
extends PhabricatorAuthController {
|
2011-01-31 03:52:29 +01:00
|
|
|
|
|
|
|
public function shouldRequireLogin() {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
public function shouldRequireEnabledUser() {
|
|
|
|
// Allow disabled users to logout.
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2011-01-31 03:52:29 +01:00
|
|
|
public function processRequest() {
|
|
|
|
$request = $this->getRequest();
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
$user = $request->getUser();
|
2011-01-31 03:52:29 +01:00
|
|
|
|
|
|
|
if ($request->isFormPost()) {
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
|
|
|
$log = PhabricatorUserLog::newLog(
|
|
|
|
$user,
|
|
|
|
$user,
|
|
|
|
PhabricatorUserLog::ACTION_LOGOUT);
|
|
|
|
$log->save();
|
|
|
|
|
2011-09-08 23:16:59 +02:00
|
|
|
// Destroy the user's session in the database so logout works even if
|
|
|
|
// their cookies have some issues. We'll detect cookie issues when they
|
|
|
|
// try to login again and tell them to clear any junk.
|
|
|
|
$phsid = $request->getCookie('phsid');
|
|
|
|
if ($phsid) {
|
|
|
|
$user->destroySession($phsid);
|
|
|
|
}
|
2011-01-31 03:52:29 +01:00
|
|
|
$request->clearCookie('phsid');
|
2011-09-08 23:16:59 +02:00
|
|
|
|
2011-01-31 03:52:29 +01:00
|
|
|
return id(new AphrontRedirectResponse())
|
|
|
|
->setURI('/login/');
|
|
|
|
}
|
|
|
|
|
|
|
|
return id(new AphrontRedirectResponse())->setURI('/');
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|