Add password authentication and registration to new registration
Summary:
Ref T1536. Ref T1930. Code is not reachable.
This provides password authentication and registration on the new provider/adapter framework.
I sort of cheated a little bit and don't really route any password logic through the adapter (instead, this provider uses an empty adapter and just sets the type/domain on it). I think the right way to do this //conceptually// is to treat username/passwords as an external black box which the adapter communicates with. However, this creates a lot of practical implementation and UX problems:
- There would basically be two steps -- in the first one, you interact with the "password black box", which behaves like an OAuth provider. This produces some ExternalAccount associated with the username/password pair, then we go into normal registration.
- In normal registration, we'd proceed normally.
This means:
- The registration flow would be split into two parts, one where you select a username/password (interacting with the black box) and one where you actually register (interacting with the generic flow). This is unusual and probably confusing for users.
- We would need to do a lot of re-hashing of passwords, since passwords currently depend on the username and user PHID, which won't exist yet during registration or the "black box" phase. This is a big mess I don't want to deal with.
- We hit a weird condition where two users complete step 1 with the same username but don't complete step 2 yet. The box knows about two different copies of the username, with two different passwords. When we arrive at step 2 the second time we have a lot of bad choices about how to reoslve it, most of which create security problems. The most stragihtforward and "pure" way to resolve the issues is to put password-auth usernames in a separate space, but this would be incredibly confusuing to users (your login name might not be the same as your username, which is bizarre).
- If we change this, we need to update all the other password-related code, which I don't want to bother with (at least for now).
Instead, let registration know about a "default" registration controller (which is always password, if enabled), and let it require a password. This gives us a much simpler (albeit slightly less pure) implementation:
- All the fields are on one form.
- Password adapter is just a shell.
- Password provider does the heavy lifting.
We might make this more pure at some point, but I'm generally pretty satisfied with this.
This doesn't implement the brute-force CAPTCHA protection, that will be coming soon.
Test Plan: Registered with password only and logged in with a password. Hit various error conditions.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, chad
Maniphest Tasks: T1536, T1930
Differential Revision: https://secure.phabricator.com/D6164
2013-06-16 19:15:49 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
final class PhabricatorAuthProviderPassword
|
|
|
|
|
extends PhabricatorAuthProvider {
|
|
|
|
|
|
|
|
|
|
private $adapter;
|
|
|
|
|
|
|
|
|
|
public function getProviderName() {
|
|
|
|
|
return pht('Username/Password');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isEnabled() {
|
2013-06-16 19:16:14 +02:00
|
|
|
return parent::isEnabled() &&
|
Add password authentication and registration to new registration
Summary:
Ref T1536. Ref T1930. Code is not reachable.
This provides password authentication and registration on the new provider/adapter framework.
I sort of cheated a little bit and don't really route any password logic through the adapter (instead, this provider uses an empty adapter and just sets the type/domain on it). I think the right way to do this //conceptually// is to treat username/passwords as an external black box which the adapter communicates with. However, this creates a lot of practical implementation and UX problems:
- There would basically be two steps -- in the first one, you interact with the "password black box", which behaves like an OAuth provider. This produces some ExternalAccount associated with the username/password pair, then we go into normal registration.
- In normal registration, we'd proceed normally.
This means:
- The registration flow would be split into two parts, one where you select a username/password (interacting with the black box) and one where you actually register (interacting with the generic flow). This is unusual and probably confusing for users.
- We would need to do a lot of re-hashing of passwords, since passwords currently depend on the username and user PHID, which won't exist yet during registration or the "black box" phase. This is a big mess I don't want to deal with.
- We hit a weird condition where two users complete step 1 with the same username but don't complete step 2 yet. The box knows about two different copies of the username, with two different passwords. When we arrive at step 2 the second time we have a lot of bad choices about how to reoslve it, most of which create security problems. The most stragihtforward and "pure" way to resolve the issues is to put password-auth usernames in a separate space, but this would be incredibly confusuing to users (your login name might not be the same as your username, which is bizarre).
- If we change this, we need to update all the other password-related code, which I don't want to bother with (at least for now).
Instead, let registration know about a "default" registration controller (which is always password, if enabled), and let it require a password. This gives us a much simpler (albeit slightly less pure) implementation:
- All the fields are on one form.
- Password adapter is just a shell.
- Password provider does the heavy lifting.
We might make this more pure at some point, but I'm generally pretty satisfied with this.
This doesn't implement the brute-force CAPTCHA protection, that will be coming soon.
Test Plan: Registered with password only and logged in with a password. Hit various error conditions.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, chad
Maniphest Tasks: T1536, T1930
Differential Revision: https://secure.phabricator.com/D6164
2013-06-16 19:15:49 +02:00
|
|
|
PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getAdapter() {
|
|
|
|
|
if (!$this->adapter) {
|
|
|
|
|
$adapter = new PhutilAuthAdapterEmpty();
|
|
|
|
|
$adapter->setAdapterType('password');
|
|
|
|
|
$adapter->setAdapterDomain('self');
|
|
|
|
|
$this->adapter = $adapter;
|
|
|
|
|
}
|
|
|
|
|
return $this->adapter;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function shouldAllowLogin() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function shouldAllowRegistration() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function shouldAllowAccountLink() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function shouldAllowAccountUnlink() {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isDefaultRegistrationProvider() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function buildLoginForm(
|
|
|
|
|
PhabricatorAuthStartController $controller) {
|
|
|
|
|
|
|
|
|
|
$request = $controller->getRequest();
|
|
|
|
|
|
|
|
|
|
return $this->renderLoginForm($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function renderLoginForm(
|
|
|
|
|
AphrontRequest $request,
|
|
|
|
|
$require_captcha = false,
|
|
|
|
|
$captcha_valid = false) {
|
|
|
|
|
|
|
|
|
|
$viewer = $request->getUser();
|
|
|
|
|
|
|
|
|
|
$submit = id(new AphrontFormSubmitControl())
|
|
|
|
|
->setValue(pht('Login'));
|
|
|
|
|
|
|
|
|
|
if ($this->shouldAllowRegistration()) {
|
|
|
|
|
$submit->addCancelButton(
|
|
|
|
|
'/auth/register/',
|
|
|
|
|
pht('Register New Account'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$header = id(new PhabricatorHeaderView())
|
|
|
|
|
->setHeader(pht('Login to Phabricator'));
|
|
|
|
|
|
|
|
|
|
$v_user = nonempty(
|
|
|
|
|
$request->getStr('username'),
|
|
|
|
|
$request->getCookie('phusr'));
|
|
|
|
|
|
|
|
|
|
$e_user = null;
|
|
|
|
|
$e_pass = null;
|
|
|
|
|
$e_captcha = null;
|
|
|
|
|
|
|
|
|
|
$errors = array();
|
|
|
|
|
if ($require_captcha && !$captcha_valid) {
|
|
|
|
|
if (AphrontFormRecaptchaControl::hasCaptchaResponse($request)) {
|
|
|
|
|
$e_captcha = pht('Invalid');
|
|
|
|
|
$errors[] = pht('CAPTCHA was not entered correctly.');
|
|
|
|
|
} else {
|
|
|
|
|
$e_captcha = pht('Required');
|
|
|
|
|
$errors[] = pht('Too many login failures recently. You must '.
|
|
|
|
|
'submit a CAPTCHA with your login request.');
|
|
|
|
|
}
|
|
|
|
|
} else if ($request->isHTTPPost()) {
|
|
|
|
|
// NOTE: This is intentionally vague so as not to disclose whether a
|
|
|
|
|
// given username or email is registered.
|
|
|
|
|
$e_user = pht('Invalid');
|
|
|
|
|
$e_pass = pht('Invalid');
|
|
|
|
|
$errors[] = pht('Username or password are incorrect.');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$form = id(new AphrontFormView())
|
|
|
|
|
->setAction($this->getLoginURI())
|
|
|
|
|
->setUser($viewer)
|
|
|
|
|
->setFlexible(true)
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
|
->setLabel('Username/Email')
|
|
|
|
|
->setName('username')
|
|
|
|
|
->setValue($v_user)
|
|
|
|
|
->setError($e_user))
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormPasswordControl())
|
|
|
|
|
->setLabel('Password')
|
|
|
|
|
->setName('password')
|
|
|
|
|
->setError($e_pass)
|
|
|
|
|
->setCaption(
|
|
|
|
|
phutil_tag(
|
|
|
|
|
'a',
|
|
|
|
|
array(
|
|
|
|
|
'href' => '/login/email/',
|
|
|
|
|
),
|
|
|
|
|
pht('Forgot your password?'))));
|
|
|
|
|
|
|
|
|
|
if ($require_captcha) {
|
|
|
|
|
$form->appendChild(
|
|
|
|
|
id(new AphrontFormRecaptchaControl())
|
|
|
|
|
->setError($e_captcha));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$form
|
|
|
|
|
->appendChild($submit);
|
|
|
|
|
|
|
|
|
|
if ($errors) {
|
|
|
|
|
$errors = id(new AphrontErrorView())->setErrors($errors);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array(
|
|
|
|
|
$errors,
|
|
|
|
|
$header,
|
|
|
|
|
$form,
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function processLoginRequest(
|
|
|
|
|
PhabricatorAuthLoginController $controller) {
|
|
|
|
|
|
|
|
|
|
$request = $controller->getRequest();
|
|
|
|
|
$viewer = $request->getUser();
|
|
|
|
|
|
|
|
|
|
$require_captcha = false;
|
|
|
|
|
$captcha_valid = false;
|
|
|
|
|
if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
|
|
|
|
|
$failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(
|
|
|
|
|
PhabricatorUserLog::ACTION_LOGIN_FAILURE,
|
|
|
|
|
60 * 15);
|
|
|
|
|
if (count($failed_attempts) > 5) {
|
|
|
|
|
$require_captcha = true;
|
|
|
|
|
$captcha_valid = AphrontFormRecaptchaControl::processCaptcha($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$response = null;
|
|
|
|
|
$account = null;
|
|
|
|
|
$log_user = null;
|
|
|
|
|
|
|
|
|
|
if (!$require_captcha || $captcha_valid) {
|
|
|
|
|
$username_or_email = $request->getStr('username');
|
|
|
|
|
|
|
|
|
|
if (strlen($username_or_email)) {
|
|
|
|
|
$user = id(new PhabricatorUser())->loadOneWhere(
|
|
|
|
|
'username = %s',
|
|
|
|
|
$username_or_email);
|
|
|
|
|
|
|
|
|
|
if (!$user) {
|
|
|
|
|
$user = PhabricatorUser::loadOneWithEmailAddress($username_or_email);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
|
$envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
|
|
|
|
|
if ($user->comparePassword($envelope)) {
|
|
|
|
|
$account = $this->loadOrCreateAccount($user->getPHID());
|
|
|
|
|
$log_user = $user;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$account) {
|
|
|
|
|
$log = PhabricatorUserLog::newLog(
|
|
|
|
|
null,
|
|
|
|
|
$log_user,
|
|
|
|
|
PhabricatorUserLog::ACTION_LOGIN_FAILURE);
|
|
|
|
|
$log->save();
|
|
|
|
|
|
|
|
|
|
$request->clearCookie('phusr');
|
|
|
|
|
$request->clearCookie('phsid');
|
|
|
|
|
|
|
|
|
|
$response = $controller->buildProviderPageResponse(
|
|
|
|
|
$this,
|
|
|
|
|
$this->renderLoginForm(
|
|
|
|
|
$request,
|
|
|
|
|
$require_captcha,
|
|
|
|
|
$captcha_valid));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return array($account, $response);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function shouldRequireRegistrationPassword() {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getDefaultExternalAccount() {
|
|
|
|
|
$adapter = $this->getAdapter();
|
|
|
|
|
|
|
|
|
|
return id(new PhabricatorExternalAccount())
|
|
|
|
|
->setAccountType($adapter->getAdapterType())
|
|
|
|
|
->setAccountDomain($adapter->getAdapterDomain());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function willSaveAccount(PhabricatorExternalAccount $account) {
|
|
|
|
|
parent::willSaveAccount($account);
|
|
|
|
|
$account->setUserPHID($account->getAccountID());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function willRegisterAccount(PhabricatorExternalAccount $account) {
|
|
|
|
|
parent::willRegisterAccount($account);
|
|
|
|
|
$account->setAccountID($account->getUserPHID());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|