mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
Do not expose Contact Numbers settings panel when no SMS support configured
Summary: It's useless without SMS support and only exposed to the user themselves. Closes T15486 Test Plan: Before and after applying this patch, * Try to access the list of your contact numbers at `/settings/panel/contact/` * Try to access an existing, previously created contact number at `/auth/contact/1/` * Try to add a contact number at `/auth/contact/edit/` * Go to e.g. `/settings/panel/datetime` and check the "Authentication" section in the left sidebar for {nav icon=hashtag, name=Contact Numbers} Reviewers: O1 Blessed Committers, speck Reviewed By: O1 Blessed Committers, speck Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno Maniphest Tasks: T15486 Differential Revision: https://we.phorge.it/D25452
This commit is contained in:
parent
aa8af1d79e
commit
282e37aaf6
7 changed files with 68 additions and 39 deletions
|
@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberDisableController
|
||||||
$viewer = $request->getViewer();
|
$viewer = $request->getViewer();
|
||||||
$id = $request->getURIData('id');
|
$id = $request->getURIData('id');
|
||||||
|
|
||||||
$number = id(new PhabricatorAuthContactNumberQuery())
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
->setViewer($viewer)
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
->withIDs(array($id))
|
$number = id(new PhabricatorAuthContactNumberQuery())
|
||||||
->requireCapabilities(
|
->setViewer($viewer)
|
||||||
array(
|
->withIDs(array($id))
|
||||||
PhabricatorPolicyCapability::CAN_VIEW,
|
->requireCapabilities(
|
||||||
PhabricatorPolicyCapability::CAN_EDIT,
|
array(
|
||||||
))
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
->executeOne();
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
if (!$number) {
|
))
|
||||||
|
->executeOne();
|
||||||
|
}
|
||||||
|
if (!isset($number) || !$number) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,9 +4,14 @@ final class PhabricatorAuthContactNumberEditController
|
||||||
extends PhabricatorAuthContactNumberController {
|
extends PhabricatorAuthContactNumberController {
|
||||||
|
|
||||||
public function handleRequest(AphrontRequest $request) {
|
public function handleRequest(AphrontRequest $request) {
|
||||||
return id(new PhabricatorAuthContactNumberEditEngine())
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
->setController($this)
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
->buildResponse();
|
return id(new PhabricatorAuthContactNumberEditEngine())
|
||||||
|
->setController($this)
|
||||||
|
->buildResponse();
|
||||||
|
} else {
|
||||||
|
return new Aphront404Response();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberPrimaryController
|
||||||
$viewer = $request->getViewer();
|
$viewer = $request->getViewer();
|
||||||
$id = $request->getURIData('id');
|
$id = $request->getURIData('id');
|
||||||
|
|
||||||
$number = id(new PhabricatorAuthContactNumberQuery())
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
->setViewer($viewer)
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
->withIDs(array($id))
|
$number = id(new PhabricatorAuthContactNumberQuery())
|
||||||
->requireCapabilities(
|
->setViewer($viewer)
|
||||||
array(
|
->withIDs(array($id))
|
||||||
PhabricatorPolicyCapability::CAN_VIEW,
|
->requireCapabilities(
|
||||||
PhabricatorPolicyCapability::CAN_EDIT,
|
array(
|
||||||
))
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
->executeOne();
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
if (!$number) {
|
))
|
||||||
|
->executeOne();
|
||||||
|
}
|
||||||
|
if (!isset($number) || !$number) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,16 +7,19 @@ final class PhabricatorAuthContactNumberTestController
|
||||||
$viewer = $request->getViewer();
|
$viewer = $request->getViewer();
|
||||||
$id = $request->getURIData('id');
|
$id = $request->getURIData('id');
|
||||||
|
|
||||||
$number = id(new PhabricatorAuthContactNumberQuery())
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
->setViewer($viewer)
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
->withIDs(array($id))
|
$number = id(new PhabricatorAuthContactNumberQuery())
|
||||||
->requireCapabilities(
|
->setViewer($viewer)
|
||||||
array(
|
->withIDs(array($id))
|
||||||
PhabricatorPolicyCapability::CAN_VIEW,
|
->requireCapabilities(
|
||||||
PhabricatorPolicyCapability::CAN_EDIT,
|
array(
|
||||||
))
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
->executeOne();
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
if (!$number) {
|
))
|
||||||
|
->executeOne();
|
||||||
|
}
|
||||||
|
if (!isset($number) || !$number) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,11 +6,14 @@ final class PhabricatorAuthContactNumberViewController
|
||||||
public function handleRequest(AphrontRequest $request) {
|
public function handleRequest(AphrontRequest $request) {
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
$number = id(new PhabricatorAuthContactNumberQuery())
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
->setViewer($viewer)
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
->withIDs(array($request->getURIData('id')))
|
$number = id(new PhabricatorAuthContactNumberQuery())
|
||||||
->executeOne();
|
->setViewer($viewer)
|
||||||
if (!$number) {
|
->withIDs(array($request->getURIData('id')))
|
||||||
|
->executeOne();
|
||||||
|
}
|
||||||
|
if (!isset($number) || !$number) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -334,7 +334,7 @@ final class PhabricatorSMSAuthFactor
|
||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function isSMSMailerConfigured() {
|
public function isSMSMailerConfigured() {
|
||||||
$mailers = PhabricatorMetaMTAMail::newMailers(
|
$mailers = PhabricatorMetaMTAMail::newMailers(
|
||||||
array(
|
array(
|
||||||
'outbound' => true,
|
'outbound' => true,
|
||||||
|
|
|
@ -19,6 +19,18 @@ final class PhabricatorContactNumbersSettingsPanel
|
||||||
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
|
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether to display "Contact Numbers" panel in users' Personal
|
||||||
|
* Settings by checking if global SMS support is configured
|
||||||
|
*/
|
||||||
|
public function isUserPanel() {
|
||||||
|
$sms_auth_factor = new PhabricatorSMSAuthFactor();
|
||||||
|
if ($sms_auth_factor->isSMSMailerConfigured()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function isMultiFactorEnrollmentPanel() {
|
public function isMultiFactorEnrollmentPanel() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue