diff --git a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php index 1cbf4c6e4f..fe9af45666 100644 --- a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php +++ b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php @@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler } } + $is_upgrade = $throwable->getIsSessionUpgrade(); + + if ($is_upgrade) { + $title = pht('Enter High Security'); + } else { + $title = pht('Provide MFA Credentials'); + } + if ($is_wait) { $submit = pht('Wait Patiently'); - } else { + } else if ($is_upgrade) { $submit = pht('Enter High Security'); + } else { + $submit = pht('Continue'); } $dialog = id(new AphrontDialogView()) ->setUser($viewer) - ->setTitle(pht('Entering High Security')) + ->setTitle($title) ->setShortTitle(pht('Security Checkpoint')) ->setWidth(AphrontDialogView::WIDTH_FORM) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true) - ->setErrors( - array( - pht( - 'You are taking an action which requires you to enter '. - 'high security.'), - )) - ->appendParagraph( - pht( - 'High security mode helps protect your account from security '. - 'threats, like session theft or someone messing with your stuff '. - 'while you\'re grabbing a coffee. To enter high security mode, '. - 'confirm your credentials.')) - ->appendChild($form->buildLayoutView()) - ->appendParagraph( - pht( - 'Your account will remain in high security mode for a short '. - 'period of time. When you are finished taking sensitive '. - 'actions, you should leave high security.')) ->setSubmitURI($request->getPath()) ->addCancelButton($throwable->getCancelURI()) ->addSubmitButton($submit); + $form_layout = $form->buildLayoutView(); + + if ($is_upgrade) { + $dialog + ->setErrors( + array( + pht( + 'You are taking an action which requires you to enter '. + 'high security.'), + )) + ->appendParagraph( + pht( + 'High security mode helps protect your account from security '. + 'threats, like session theft or someone messing with your stuff '. + 'while you\'re grabbing a coffee. To enter high security mode, '. + 'confirm your credentials.')) + ->appendChild($form_layout) + ->appendParagraph( + pht( + 'Your account will remain in high security mode for a short '. + 'period of time. When you are finished taking sensitive '. + 'actions, you should leave high security.')); + } else { + $dialog + ->setErrors( + array( + pht( + 'You are taking an action which requires you to provide '. + 'multi-factor credentials.'), + )) + ->appendChild($form_layout); + } + $request_parameters = $request->getPassthroughRequestParameters( $respect_quicksand = true); foreach ($request_parameters as $key => $value) { diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index d29530dbfd..8381e01950 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { throw id(new PhabricatorAuthHighSecurityRequiredException()) ->setCancelURI($cancel_uri) + ->setIsSessionUpgrade($upgrade_session) ->setFactors($factors) ->setFactorValidationResults($validation_results); } diff --git a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php index 9f37d36a44..dc197b3a43 100644 --- a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php +++ b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php @@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception { private $cancelURI; private $factors; private $factorValidationResults; + private $isSessionUpgrade; public function setFactorValidationResults(array $results) { assert_instances_of($results, 'PhabricatorAuthFactorResult'); @@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception { return $this->cancelURI; } + public function setIsSessionUpgrade($is_upgrade) { + $this->isSessionUpgrade = $is_upgrade; + return $this; + } + + public function getIsSessionUpgrade() { + return $this->isSessionUpgrade; + } + }