2011-01-31 20:55:26 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
Add optional "Re:" prefix to all threaded mail and allow disabling mail about
your own actions
Summary:
- Mail.app on Lion has cumbersome threading rules, see T782. Add an option to
stick "Re: " in front of all threaded mail so it behaves. This is horrible, but
apparently the least-horrible option.
- While I was in there, I added an option for T228.
Test Plan:
- Sent a bunch of threaded and unthreaded mail with varous "Re:" settings,
seemed to get "Re:" in the right places.
- Disabled email about my stuff, created a task with just me, got voided mail,
added a CC, got mail to just the CC.
Reviewers: btrahan, jungejason
Reviewed By: btrahan
CC: aran, mkjones
Maniphest Tasks: T228, T782
Differential Revision: https://secure.phabricator.com/D1448
2012-01-18 05:32:28 +01:00
|
|
|
* Copyright 2012 Facebook, Inc.
|
2011-01-31 20:55:26 +01:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-03-10 00:46:25 +01:00
|
|
|
final class PhabricatorEmailLoginController
|
|
|
|
extends PhabricatorAuthController {
|
2011-01-31 20:55:26 +01:00
|
|
|
|
|
|
|
public function shouldRequireLogin() {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function processRequest() {
|
|
|
|
$request = $this->getRequest();
|
|
|
|
|
2011-02-28 04:47:22 +01:00
|
|
|
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
|
|
|
|
return new Aphront400Response();
|
|
|
|
}
|
|
|
|
|
2011-01-31 20:55:26 +01:00
|
|
|
$e_email = true;
|
|
|
|
$e_captcha = true;
|
|
|
|
$errors = array();
|
|
|
|
|
Provide a configuration flag to disable silliness in the UI
Summary: See comments. A few installs have remarked that their organizations
would prefer buttons labled "Submit" to buttons labeled "Clowncopterize".
Test Plan:
- In "serious" mode, verified Differential and Maniphest have serious strings,
tasks can not be closed out of spite, and reset/welcome emails are extremely
serious.
- In unserious mode, verified Differential and Maniphest have normal strings,
tasks can be closed out of spite, and reset/welcome emails are silly.
- This does not disable the "fax these changes" message in Arcanist (no
reasonable way for it to read the config value) or the rainbow syntax
highlighter (already removable though configuration).
Reviewers: moskov, jungejason, nh, tuomaspelkonen, aran
Reviewed By: moskov
CC: aran, moskov
Differential Revision: 1081
2011-11-04 23:16:34 +01:00
|
|
|
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
|
|
|
|
|
2011-01-31 20:55:26 +01:00
|
|
|
if ($request->isFormPost()) {
|
|
|
|
$e_email = null;
|
|
|
|
$e_captcha = 'Again';
|
|
|
|
|
|
|
|
$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);
|
|
|
|
if (!$captcha_ok) {
|
|
|
|
$errors[] = "Captcha response is incorrect, try again.";
|
|
|
|
$e_captcha = 'Invalid';
|
|
|
|
}
|
|
|
|
|
|
|
|
$email = $request->getStr('email');
|
|
|
|
if (!strlen($email)) {
|
|
|
|
$errors[] = "You must provide an email address.";
|
|
|
|
$e_email = 'Required';
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$errors) {
|
|
|
|
// NOTE: Don't validate the email unless the captcha is good; this makes
|
|
|
|
// it expensive to fish for valid email addresses while giving the user
|
|
|
|
// a better error if they goof their email.
|
|
|
|
|
|
|
|
$target_user = id(new PhabricatorUser())->loadOneWhere(
|
|
|
|
'email = %s',
|
|
|
|
$email);
|
|
|
|
|
|
|
|
if (!$target_user) {
|
|
|
|
$errors[] = "There is no account associated with that email address.";
|
|
|
|
$e_email = "Invalid";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$errors) {
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$uri = $target_user->getEmailLoginURI();
|
Provide a configuration flag to disable silliness in the UI
Summary: See comments. A few installs have remarked that their organizations
would prefer buttons labled "Submit" to buttons labeled "Clowncopterize".
Test Plan:
- In "serious" mode, verified Differential and Maniphest have serious strings,
tasks can not be closed out of spite, and reset/welcome emails are extremely
serious.
- In unserious mode, verified Differential and Maniphest have normal strings,
tasks can be closed out of spite, and reset/welcome emails are silly.
- This does not disable the "fax these changes" message in Arcanist (no
reasonable way for it to read the config value) or the rainbow syntax
highlighter (already removable though configuration).
Reviewers: moskov, jungejason, nh, tuomaspelkonen, aran
Reviewed By: moskov
CC: aran, moskov
Differential Revision: 1081
2011-11-04 23:16:34 +01:00
|
|
|
if ($is_serious) {
|
|
|
|
$body = <<<EOBODY
|
|
|
|
You can use this link to reset your Phabricator password:
|
|
|
|
|
|
|
|
{$uri}
|
|
|
|
|
|
|
|
EOBODY;
|
|
|
|
} else {
|
|
|
|
$body = <<<EOBODY
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
Condolences on forgetting your password. You can use this link to reset it:
|
|
|
|
|
|
|
|
{$uri}
|
|
|
|
|
|
|
|
After you set a new password, consider writing it down on a sticky note and
|
|
|
|
attaching it to your monitor so you don't forget again! Choosing a very short,
|
|
|
|
easy-to-remember password like "cat" or "1234" might also help.
|
|
|
|
|
|
|
|
Best Wishes,
|
|
|
|
Phabricator
|
|
|
|
|
|
|
|
EOBODY;
|
Provide a configuration flag to disable silliness in the UI
Summary: See comments. A few installs have remarked that their organizations
would prefer buttons labled "Submit" to buttons labeled "Clowncopterize".
Test Plan:
- In "serious" mode, verified Differential and Maniphest have serious strings,
tasks can not be closed out of spite, and reset/welcome emails are extremely
serious.
- In unserious mode, verified Differential and Maniphest have normal strings,
tasks can be closed out of spite, and reset/welcome emails are silly.
- This does not disable the "fax these changes" message in Arcanist (no
reasonable way for it to read the config value) or the rainbow syntax
highlighter (already removable though configuration).
Reviewers: moskov, jungejason, nh, tuomaspelkonen, aran
Reviewed By: moskov
CC: aran, moskov
Differential Revision: 1081
2011-11-04 23:16:34 +01:00
|
|
|
}
|
2011-01-31 20:55:26 +01:00
|
|
|
|
Add optional "Re:" prefix to all threaded mail and allow disabling mail about
your own actions
Summary:
- Mail.app on Lion has cumbersome threading rules, see T782. Add an option to
stick "Re: " in front of all threaded mail so it behaves. This is horrible, but
apparently the least-horrible option.
- While I was in there, I added an option for T228.
Test Plan:
- Sent a bunch of threaded and unthreaded mail with varous "Re:" settings,
seemed to get "Re:" in the right places.
- Disabled email about my stuff, created a task with just me, got voided mail,
added a CC, got mail to just the CC.
Reviewers: btrahan, jungejason
Reviewed By: btrahan
CC: aran, mkjones
Maniphest Tasks: T228, T782
Differential Revision: https://secure.phabricator.com/D1448
2012-01-18 05:32:28 +01:00
|
|
|
// NOTE: Don't set the user as 'from', or they may not receive the
|
|
|
|
// mail if they have the "don't send me email about my own actions"
|
|
|
|
// preference set.
|
|
|
|
|
2011-01-31 20:55:26 +01:00
|
|
|
$mail = new PhabricatorMetaMTAMail();
|
2011-02-06 23:22:09 +01:00
|
|
|
$mail->setSubject('[Phabricator] Password Reset');
|
2011-01-31 20:55:26 +01:00
|
|
|
$mail->addTos(
|
|
|
|
array(
|
2011-02-06 23:22:09 +01:00
|
|
|
$target_user->getPHID(),
|
2011-01-31 20:55:26 +01:00
|
|
|
));
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$mail->setBody($body);
|
2011-05-01 07:51:25 +02:00
|
|
|
$mail->saveAndSend();
|
2011-01-31 20:55:26 +01:00
|
|
|
|
|
|
|
$view = new AphrontRequestFailureView();
|
|
|
|
$view->setHeader('Check Your Email');
|
|
|
|
$view->appendChild(
|
|
|
|
'<p>An email has been sent with a link you can use to login.</p>');
|
|
|
|
return $this->buildStandardPageResponse(
|
|
|
|
$view,
|
|
|
|
array(
|
|
|
|
'title' => 'Email Sent',
|
|
|
|
));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
$email_auth = new AphrontFormView();
|
|
|
|
$email_auth
|
|
|
|
->setAction('/login/email/')
|
|
|
|
->setUser($request->getUser())
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel('Email')
|
|
|
|
->setName('email')
|
|
|
|
->setValue($request->getStr('email'))
|
|
|
|
->setError($e_email))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormRecaptchaControl())
|
|
|
|
->setLabel('Captcha')
|
|
|
|
->setError($e_captcha))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSubmitControl())
|
|
|
|
->setValue('Send Email'));
|
|
|
|
|
|
|
|
$error_view = null;
|
|
|
|
if ($errors) {
|
|
|
|
$error_view = new AphrontErrorView();
|
|
|
|
$error_view->setTitle('Login Error');
|
|
|
|
$error_view->setErrors($errors);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$panel = new AphrontPanelView();
|
|
|
|
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
|
|
|
|
$panel->appendChild('<h1>Forgot Password / Email Login</h1>');
|
|
|
|
$panel->appendChild($email_auth);
|
|
|
|
|
|
|
|
return $this->buildStandardPageResponse(
|
|
|
|
array(
|
|
|
|
$error_view,
|
|
|
|
$panel,
|
|
|
|
),
|
|
|
|
array(
|
|
|
|
'title' => 'Create New Account',
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|