1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 08:12:40 +01:00

Do not expose Contact Numbers settings panel when no SMS support configured

Summary:
It's useless without SMS support and only exposed to the user themselves.

Closes T15486

Test Plan:
Before and after applying this patch,
* Try to access the list of your contact numbers at `/settings/panel/contact/`
* Try to access an existing, previously created contact number at `/auth/contact/1/`
* Try to add a contact number at `/auth/contact/edit/`
* Go to e.g. `/settings/panel/datetime` and check the "Authentication" section in the left sidebar for {nav icon=hashtag, name=Contact Numbers}

Reviewers: O1 Blessed Committers, speck

Reviewed By: O1 Blessed Committers, speck

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15486

Differential Revision: https://we.phorge.it/D25452
This commit is contained in:
Andre Klapper 2023-11-13 14:03:55 +01:00
parent aa8af1d79e
commit 282e37aaf6
7 changed files with 68 additions and 39 deletions

View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberDisableController
$viewer = $request->getViewer(); $viewer = $request->getViewer();
$id = $request->getURIData('id'); $id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery()) $sms_auth_factor = new PhabricatorSMSAuthFactor();
->setViewer($viewer) if ($sms_auth_factor->isSMSMailerConfigured()) {
->withIDs(array($id)) $number = id(new PhabricatorAuthContactNumberQuery())
->requireCapabilities( ->setViewer($viewer)
array( ->withIDs(array($id))
PhabricatorPolicyCapability::CAN_VIEW, ->requireCapabilities(
PhabricatorPolicyCapability::CAN_EDIT, array(
)) PhabricatorPolicyCapability::CAN_VIEW,
->executeOne(); PhabricatorPolicyCapability::CAN_EDIT,
if (!$number) { ))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -4,9 +4,14 @@ final class PhabricatorAuthContactNumberEditController
extends PhabricatorAuthContactNumberController { extends PhabricatorAuthContactNumberController {
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
return id(new PhabricatorAuthContactNumberEditEngine()) $sms_auth_factor = new PhabricatorSMSAuthFactor();
->setController($this) if ($sms_auth_factor->isSMSMailerConfigured()) {
->buildResponse(); return id(new PhabricatorAuthContactNumberEditEngine())
->setController($this)
->buildResponse();
} else {
return new Aphront404Response();
}
} }
} }

View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberPrimaryController
$viewer = $request->getViewer(); $viewer = $request->getViewer();
$id = $request->getURIData('id'); $id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery()) $sms_auth_factor = new PhabricatorSMSAuthFactor();
->setViewer($viewer) if ($sms_auth_factor->isSMSMailerConfigured()) {
->withIDs(array($id)) $number = id(new PhabricatorAuthContactNumberQuery())
->requireCapabilities( ->setViewer($viewer)
array( ->withIDs(array($id))
PhabricatorPolicyCapability::CAN_VIEW, ->requireCapabilities(
PhabricatorPolicyCapability::CAN_EDIT, array(
)) PhabricatorPolicyCapability::CAN_VIEW,
->executeOne(); PhabricatorPolicyCapability::CAN_EDIT,
if (!$number) { ))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberTestController
$viewer = $request->getViewer(); $viewer = $request->getViewer();
$id = $request->getURIData('id'); $id = $request->getURIData('id');
$number = id(new PhabricatorAuthContactNumberQuery()) $sms_auth_factor = new PhabricatorSMSAuthFactor();
->setViewer($viewer) if ($sms_auth_factor->isSMSMailerConfigured()) {
->withIDs(array($id)) $number = id(new PhabricatorAuthContactNumberQuery())
->requireCapabilities( ->setViewer($viewer)
array( ->withIDs(array($id))
PhabricatorPolicyCapability::CAN_VIEW, ->requireCapabilities(
PhabricatorPolicyCapability::CAN_EDIT, array(
)) PhabricatorPolicyCapability::CAN_VIEW,
->executeOne(); PhabricatorPolicyCapability::CAN_EDIT,
if (!$number) { ))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -6,11 +6,14 @@ final class PhabricatorAuthContactNumberViewController
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$number = id(new PhabricatorAuthContactNumberQuery()) $sms_auth_factor = new PhabricatorSMSAuthFactor();
->setViewer($viewer) if ($sms_auth_factor->isSMSMailerConfigured()) {
->withIDs(array($request->getURIData('id'))) $number = id(new PhabricatorAuthContactNumberQuery())
->executeOne(); ->setViewer($viewer)
if (!$number) { ->withIDs(array($request->getURIData('id')))
->executeOne();
}
if (!isset($number) || !$number) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -334,7 +334,7 @@ final class PhabricatorSMSAuthFactor
return $value; return $value;
} }
private function isSMSMailerConfigured() { public function isSMSMailerConfigured() {
$mailers = PhabricatorMetaMTAMail::newMailers( $mailers = PhabricatorMetaMTAMail::newMailers(
array( array(
'outbound' => true, 'outbound' => true,

View file

@ -19,6 +19,18 @@ final class PhabricatorContactNumbersSettingsPanel
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY; return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
} }
/**
* Whether to display "Contact Numbers" panel in users' Personal
* Settings by checking if global SMS support is configured
*/
public function isUserPanel() {
$sms_auth_factor = new PhabricatorSMSAuthFactor();
if ($sms_auth_factor->isSMSMailerConfigured()) {
return true;
}
return false;
}
public function isMultiFactorEnrollmentPanel() { public function isMultiFactorEnrollmentPanel() {
return true; return true;
} }