revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00
Code Issues Releases Wiki Activity

Implement new auth login flow and login validation controller

Browse source 
Summary:
Ref T1536. None of this code is reachable.

Implements new-auth login (so you can actually login) and login validation (which checks that cookies were set correctly).

Test Plan: Manually enabled FB auth, went through the auth flow to login/logout. Manually hit most of the validation errors.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6162
This commit is contained in:
epriestley 2013-06-16 10:15:33 -07:00
parent c108ada7e4
commit 104d3221d9
5 changed files with 95 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/__phutil_library_map__.php
View file

@ -821,6 +821,7 @@ phutil_register_library_map(array(
'PhabricatorAuthProviderOAuthFacebook' => 'applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php', 'PhabricatorAuthProviderOAuthFacebook' => 'applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php',
'PhabricatorAuthRegisterController' => 'applications/auth/controller/PhabricatorAuthRegisterController.php', 'PhabricatorAuthRegisterController' => 'applications/auth/controller/PhabricatorAuthRegisterController.php',
'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php', 'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php',
'PhabricatorAuthValidateController' => 'applications/auth/controller/PhabricatorAuthValidateController.php',
'PhabricatorAuthenticationConfigOptions' => 'applications/config/option/PhabricatorAuthenticationConfigOptions.php', 'PhabricatorAuthenticationConfigOptions' => 'applications/config/option/PhabricatorAuthenticationConfigOptions.php',
'PhabricatorBarePageExample' => 'applications/uiexample/examples/PhabricatorBarePageExample.php', 'PhabricatorBarePageExample' => 'applications/uiexample/examples/PhabricatorBarePageExample.php',
'PhabricatorBarePageView' => 'view/page/PhabricatorBarePageView.php', 'PhabricatorBarePageView' => 'view/page/PhabricatorBarePageView.php',
@ -2679,6 +2680,7 @@ phutil_register_library_map(array(
'PhabricatorAuthProviderOAuthFacebook' => 'PhabricatorAuthProviderOAuth', 'PhabricatorAuthProviderOAuthFacebook' => 'PhabricatorAuthProviderOAuth',
'PhabricatorAuthRegisterController' => 'PhabricatorAuthController', 'PhabricatorAuthRegisterController' => 'PhabricatorAuthController',
'PhabricatorAuthStartController' => 'PhabricatorAuthController', 'PhabricatorAuthStartController' => 'PhabricatorAuthController',
'PhabricatorAuthValidateController' => 'PhabricatorAuthController',
'PhabricatorAuthenticationConfigOptions' => 'PhabricatorApplicationConfigOptions', 'PhabricatorAuthenticationConfigOptions' => 'PhabricatorApplicationConfigOptions',
'PhabricatorBarePageExample' => 'PhabricatorUIExample', 'PhabricatorBarePageExample' => 'PhabricatorUIExample',
'PhabricatorBarePageView' => 'AphrontPageView', 'PhabricatorBarePageView' => 'AphrontPageView',

1
src/applications/auth/application/PhabricatorApplicationAuth.php
View file

@ -39,6 +39,7 @@ final class PhabricatorApplicationAuth extends PhabricatorApplication {
'login/(?P<pkey>[^/]+)/' => 'PhabricatorAuthLoginController', 'login/(?P<pkey>[^/]+)/' => 'PhabricatorAuthLoginController',
'register/(?P<akey>[^/]+)/' => 'PhabricatorAuthRegisterController', 'register/(?P<akey>[^/]+)/' => 'PhabricatorAuthRegisterController',
'start/' => 'PhabricatorAuthStartController', 'start/' => 'PhabricatorAuthStartController',
'validate/' => 'PhabricatorAuthValidateController',
), ),
); );
} }

19
src/applications/auth/controller/PhabricatorAuthLoginController.php
View file

@ -80,7 +80,8 @@ final class PhabricatorAuthLoginController
pht( pht(
'The external account ("%s") you just authenticated with is '. 'The external account ("%s") you just authenticated with is '.
'not configured to allow account linking on this Phabricator '. 'not configured to allow account linking on this Phabricator '.
'install. An administrator may have recently disabled it.')); 'install. An administrator may have recently disabled it.',
$provider->getProviderName()));
} }
} }
} }
@ -90,8 +91,20 @@ final class PhabricatorAuthLoginController
} }
private function processLoginUser(PhabricatorExternalAccount $account) { private function processLoginUser(PhabricatorExternalAccount $account) {
// TODO: Implement. $user = id(new PhabricatorUser())->loadOneWhere(
return new Aphront404Response(); 'phid = %s',
$account->getUserPHID());
if (!$user) {
return $this->renderError(
pht(
'The external account you just logged in with is not associated '.
'with a valid Phabricator user.'));
}
$this->establishWebSession($user);
return $this->buildLoginValidateResponse($user);
} }
private function processRegisterUser(PhabricatorExternalAccount $account) { private function processRegisterUser(PhabricatorExternalAccount $account) {

17
src/applications/auth/controller/PhabricatorAuthStartController.php
View file

@ -138,20 +138,9 @@ final class PhabricatorAuthStartController
} }
private function renderError($message) { private function renderError($message) {
$title = pht('Authentication Failure'); return $this->renderErrorPage(
pht('Authentication Failure'),
$view = new AphrontErrorView(); array($message));
$view->setTitle($title);
$view->appendChild($message);
return $this->buildApplicationPage(
$view,
array(
'title' => $title,
'device' => true,
'dust' => true,
));
} }
} }

73
src/applications/auth/controller/PhabricatorAuthValidateController.php Normal file
View file

@ -0,0 +1,73 @@
<?php
final class PhabricatorAuthValidateController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$failures = array();
if (!strlen($request->getStr('phusr'))) {
return $this->renderErrors(
array(
pht(
'Login validation is missing expected parameter ("%s").',
'phusr')));
}
$expect_phusr = $request->getStr('phusr');
$actual_phusr = $request->getCookie('phusr');
if ($actual_phusr != $expect_phusr) {
if ($actual_phusr) {
$failures[] = pht(
"Attempted to set '%s' cookie to '%s', but your browser sent back ".
"a cookie with the value '%s'. Clear your browser's cookies and ".
"try again.",
'phusr',
$expect_phusr,
$actual_phusr);
} else {
$failures[] = pht(
"Attempted to set '%s' cookie to '%s', but your browser did not ".
"accept the cookie. Check that cookies are enabled, clear them, ".
"and try again.",
'phusr',
$expect_phusr);
}
}
if (!$failures) {
if (!$viewer->getPHID()) {
$failures[] = pht(
"Login cookie was set correctly, but your login session is not ".
"valid. Try clearing cookies and logging in again.");
}
}
if ($failures) {
return $this->renderErrors($failures);
}
$next = $request->getCookie('next_uri');
$request->clearCookie('next_uri');
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
$next = '/';
}
return id(new AphrontRedirectResponse())->setURI($next);
}
private function renderErrors(array $messages) {
return $this->renderErrorPage(
pht('Login Failure'),
$messages);
}
}