revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-21 22:32:41 +01:00
Code Issues Releases Wiki Activity

Do not expose Contact Numbers settings panel when no SMS support configured

Browse source 
Summary:
It's useless without SMS support and only exposed to the user themselves.

Closes T15486

Test Plan:
Before and after applying this patch,
* Try to access the list of your contact numbers at `/settings/panel/contact/`
* Try to access an existing, previously created contact number at `/auth/contact/1/`
* Try to add a contact number at `/auth/contact/edit/`
* Go to e.g. `/settings/panel/datetime` and check the "Authentication" section in the left sidebar for {nav icon=hashtag, name=Contact Numbers}

Reviewers: O1 Blessed Committers, speck

Reviewed By: O1 Blessed Committers, speck

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15486

Differential Revision: https://we.phorge.it/D25452
This commit is contained in:
Andre Klapper 2023-11-13 14:03:55 +01:00
parent aa8af1d79e
commit 282e37aaf6
7 changed files with 68 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberDisableController
$viewer = $request->getViewer();
$id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$number) {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response();
}

11
src/applications/auth/controller/contact/PhabricatorAuthContactNumberEditController.php
View file

@ -4,9 +4,14 @@ final class PhabricatorAuthContactNumberEditController
extends PhabricatorAuthContactNumberController {
public function handleRequest(AphrontRequest $request) {
return id(new PhabricatorAuthContactNumberEditEngine())
->setController($this)
->buildResponse();
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
return id(new PhabricatorAuthContactNumberEditEngine())
->setController($this)
->buildResponse();
} else {
return new Aphront404Response();
}
}
}

23
src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberPrimaryController
$viewer = $request->getViewer();
$id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$number) {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response();
}

23
src/applications/auth/controller/contact/PhabricatorAuthContactNumberTestController.php
View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberTestController
$viewer = $request->getViewer();
$id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$number) {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response();
}

13
src/applications/auth/controller/contact/PhabricatorAuthContactNumberViewController.php
View file

@ -6,11 +6,14 @@ final class PhabricatorAuthContactNumberViewController
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($request->getURIData('id')))
->executeOne();
if (!$number) {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
$number = id(new PhabricatorAuthContactNumberQuery())
->setViewer($viewer)
->withIDs(array($request->getURIData('id')))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response();
}

2
src/applications/auth/factor/PhabricatorSMSAuthFactor.php
View file

@ -334,7 +334,7 @@ final class PhabricatorSMSAuthFactor
return $value;
}
private function isSMSMailerConfigured() {
public function isSMSMailerConfigured() {
$mailers = PhabricatorMetaMTAMail::newMailers(
array(
'outbound' => true,

12
src/applications/settings/panel/PhabricatorContactNumbersSettingsPanel.php
View file

@ -19,6 +19,18 @@ final class PhabricatorContactNumbersSettingsPanel
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
}
/**
* Whether to display "Contact Numbers" panel in users' Personal
* Settings by checking if global SMS support is configured
*/
public function isUserPanel() {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
return true;
}
return false;
}
public function isMultiFactorEnrollmentPanel() {
return true;
}