1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-25 06:50:55 +01:00

Update Auth for handleRequest

Summary: Updates Auth app for handleRequest

Test Plan: Tested what I could, Log in, Log out, Change Password, New account, Verify account... but extra eyes very helpful here.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8628

Differential Revision: https://secure.phabricator.com/D13748
This commit is contained in:
Chad Little 2015-08-01 16:49:27 -07:00
parent 1d2c47f110
commit 36103dfa18
21 changed files with 95 additions and 159 deletions

View file

@ -3,17 +3,11 @@
final class PhabricatorAuthConfirmLinkController final class PhabricatorAuthConfirmLinkController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $accountKey; public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$accountkey = $request->getURIData('akey');
public function willProcessRequest(array $data) { $result = $this->loadAccountForRegistrationOrLinking($accountkey);
$this->accountKey = idx($data, 'akey');
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$result = $this->loadAccountForRegistrationOrLinking($this->accountKey);
list($account, $provider, $response) = $result; list($account, $provider, $response) = $result;
if ($response) { if ($response) {

View file

@ -3,9 +3,8 @@
final class PhabricatorAuthDowngradeSessionController final class PhabricatorAuthDowngradeSessionController
extends PhabricatorAuthController { extends PhabricatorAuthController {
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
$panel_uri = '/settings/panel/sessions/'; $panel_uri = '/settings/panel/sessions/';

View file

@ -15,9 +15,8 @@ final class PhabricatorAuthFinishController
return true; return true;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
// If the user already has a full session, just kick them out of here. // If the user already has a full session, just kick them out of here.
$has_partial_session = $viewer->hasSession() && $has_partial_session = $viewer->hasSession() &&

View file

@ -3,25 +3,18 @@
final class PhabricatorAuthLinkController final class PhabricatorAuthLinkController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $action; public function handleRequest(AphrontRequest $request) {
private $providerKey; $viewer = $this->getViewer();
$action = $request->getURIData('action');
public function willProcessRequest(array $data) { $provider_key = $request->getURIData('pkey');
$this->providerKey = $data['pkey'];
$this->action = $data['action'];
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$provider = PhabricatorAuthProvider::getEnabledProviderByKey( $provider = PhabricatorAuthProvider::getEnabledProviderByKey(
$this->providerKey); $provider_key);
if (!$provider) { if (!$provider) {
return new Aphront404Response(); return new Aphront404Response();
} }
switch ($this->action) { switch ($action) {
case 'link': case 'link':
if (!$provider->shouldAllowAccountLink()) { if (!$provider->shouldAllowAccountLink()) {
return $this->renderErrorPage( return $this->renderErrorPage(
@ -50,7 +43,7 @@ final class PhabricatorAuthLinkController
$provider->getProviderDomain(), $provider->getProviderDomain(),
$viewer->getPHID()); $viewer->getPHID());
switch ($this->action) { switch ($action) {
case 'link': case 'link':
if ($account) { if ($account) {
return $this->renderErrorPage( return $this->renderErrorPage(
@ -81,7 +74,7 @@ final class PhabricatorAuthLinkController
PhabricatorCookies::setClientIDCookie($request); PhabricatorCookies::setClientIDCookie($request);
switch ($this->action) { switch ($action) {
case 'link': case 'link':
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$viewer, $viewer,
@ -107,7 +100,7 @@ final class PhabricatorAuthLinkController
$form); $form);
} }
switch ($this->action) { switch ($action) {
case 'link': case 'link':
$name = pht('Link Account'); $name = pht('Link Account');
$title = pht('Link %s Account', $provider->getProviderName()); $title = pht('Link %s Account', $provider->getProviderName());

View file

@ -20,18 +20,14 @@ final class PhabricatorAuthLoginController
return parent::shouldAllowRestrictedParameter($parameter_name); return parent::shouldAllowRestrictedParameter($parameter_name);
} }
public function willProcessRequest(array $data) {
$this->providerKey = $data['pkey'];
$this->extraURIData = idx($data, 'extra');
}
public function getExtraURIData() { public function getExtraURIData() {
return $this->extraURIData; return $this->extraURIData;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser(); $this->providerKey = $request->getURIData('pkey');
$this->extraURIData = $request->getURIData('extra');
$response = $this->loadProvider(); $response = $this->loadProvider();
if ($response) { if ($response) {

View file

@ -15,16 +15,15 @@ final class PhabricatorAuthNeedsApprovalController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser();
$wait_for_approval = pht( $wait_for_approval = pht(
"Your account has been created, but needs to be approved by an ". "Your account has been created, but needs to be approved by an ".
"administrator. You'll receive an email once your account is approved."); "administrator. You'll receive an email once your account is approved.");
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($user) ->setUser($viewer)
->setTitle(pht('Wait for Approval')) ->setTitle(pht('Wait for Approval'))
->appendChild($wait_for_approval) ->appendChild($wait_for_approval)
->addCancelButton('/', pht('Wait Patiently')); ->addCancelButton('/', pht('Wait Patiently'));

View file

@ -9,9 +9,8 @@ final class PhabricatorAuthNeedsMultiFactorController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
$panel = id(new PhabricatorMultiFactorSettingsPanel()) $panel = id(new PhabricatorMultiFactorSettingsPanel())
->setUser($viewer) ->setUser($viewer)

View file

@ -3,8 +3,6 @@
final class PhabricatorAuthOldOAuthRedirectController final class PhabricatorAuthOldOAuthRedirectController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $provider;
public function shouldRequireLogin() { public function shouldRequireLogin() {
return false; return false;
} }
@ -16,11 +14,9 @@ final class PhabricatorAuthOldOAuthRedirectController
return parent::shouldAllowRestrictedParameter($parameter_name); return parent::shouldAllowRestrictedParameter($parameter_name);
} }
public function willProcessRequest(array $data) { public function handleRequest(AphrontRequest $request) {
$this->provider = $data['provider']; $viewer = $this->getViewer();
} $provider = $request->getURIData('provider');
public function processRequest() {
// TODO: Most OAuth providers are OK with changing the redirect URI, but // TODO: Most OAuth providers are OK with changing the redirect URI, but
// Google and GitHub are strict. We need to respect the old OAuth URI until // Google and GitHub are strict. We need to respect the old OAuth URI until
// we can get installs to migrate. This just keeps the old OAuth URI working // we can get installs to migrate. This just keeps the old OAuth URI working
@ -31,11 +27,11 @@ final class PhabricatorAuthOldOAuthRedirectController
'github' => 'github:github.com', 'github' => 'github:github.com',
); );
if (!isset($provider_map[$this->provider])) { if (!isset($provider_map[$provider])) {
return new Aphront404Response(); return new Aphront404Response();
} }
$provider_key = $provider_map[$this->provider]; $provider_key = $provider_map[$provider];
$uri = $this->getRequest()->getRequestURI(); $uri = $this->getRequest()->getRequestURI();
$uri->setPath($this->getApplicationURI('login/'.$provider_key.'/')); $uri->setPath($this->getApplicationURI('login/'.$provider_key.'/'));

View file

@ -3,24 +3,16 @@
final class PhabricatorAuthOneTimeLoginController final class PhabricatorAuthOneTimeLoginController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $id;
private $key;
private $emailID;
private $linkType;
public function shouldRequireLogin() { public function shouldRequireLogin() {
return false; return false;
} }
public function willProcessRequest(array $data) { public function handleRequest(AphrontRequest $request) {
$this->linkType = $data['type']; $viewer = $this->getViewer();
$this->id = $data['id']; $id = $request->getURIData('id');
$this->key = $data['key']; $link_type = $request->getURIData('key');
$this->emailID = idx($data, 'emailID'); $key = $request->getURIData('type');
} $email_id = $request->getURIData('emailID');
public function processRequest() {
$request = $this->getRequest();
if ($request->getUser()->isLoggedIn()) { if ($request->getUser()->isLoggedIn()) {
return $this->renderError( return $this->renderError(
@ -29,7 +21,7 @@ final class PhabricatorAuthOneTimeLoginController
$target_user = id(new PhabricatorPeopleQuery()) $target_user = id(new PhabricatorPeopleQuery())
->setViewer(PhabricatorUser::getOmnipotentUser()) ->setViewer(PhabricatorUser::getOmnipotentUser())
->withIDs(array($this->id)) ->withIDs(array($id))
->executeOne(); ->executeOne();
if (!$target_user) { if (!$target_user) {
return new Aphront404Response(); return new Aphront404Response();
@ -58,11 +50,11 @@ final class PhabricatorAuthOneTimeLoginController
// - get a "verified" address you don't control. // - get a "verified" address you don't control.
$target_email = null; $target_email = null;
if ($this->emailID) { if ($email_id) {
$target_email = id(new PhabricatorUserEmail())->loadOneWhere( $target_email = id(new PhabricatorUserEmail())->loadOneWhere(
'userPHID = %s AND id = %d', 'userPHID = %s AND id = %d',
$target_user->getPHID(), $target_user->getPHID(),
$this->emailID); $email_id);
if (!$target_email) { if (!$target_email) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -72,7 +64,7 @@ final class PhabricatorAuthOneTimeLoginController
$token = $engine->loadOneTimeLoginKey( $token = $engine->loadOneTimeLoginKey(
$target_user, $target_user,
$target_email, $target_email,
$this->key); $key);
if (!$token) { if (!$token) {
return $this->newDialog() return $this->newDialog()
@ -154,7 +146,7 @@ final class PhabricatorAuthOneTimeLoginController
// then log a user in to an account they control via sneaky invisible // then log a user in to an account they control via sneaky invisible
// form submissions. // form submissions.
switch ($this->linkType) { switch ($link_type) {
case PhabricatorAuthSessionEngine::ONETIME_WELCOME: case PhabricatorAuthSessionEngine::ONETIME_WELCOME:
$title = pht('Welcome to Phabricator'); $title = pht('Welcome to Phabricator');
break; break;

View file

@ -3,26 +3,21 @@
final class PhabricatorAuthRegisterController final class PhabricatorAuthRegisterController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $accountKey;
public function shouldRequireLogin() { public function shouldRequireLogin() {
return false; return false;
} }
public function willProcessRequest(array $data) { public function handleRequest(AphrontRequest $request) {
$this->accountKey = idx($data, 'akey'); $viewer = $this->getViewer();
} $account_key = $request->getURIData('akey');
public function processRequest() {
$request = $this->getRequest();
if ($request->getUser()->isLoggedIn()) { if ($request->getUser()->isLoggedIn()) {
return $this->renderError(pht('You are already logged in.')); return $this->renderError(pht('You are already logged in.'));
} }
$is_setup = false; $is_setup = false;
if (strlen($this->accountKey)) { if (strlen($account_key)) {
$result = $this->loadAccountForRegistrationOrLinking($this->accountKey); $result = $this->loadAccountForRegistrationOrLinking($account_key);
list($account, $provider, $response) = $result; list($account, $provider, $response) = $result;
$is_default = false; $is_default = false;
} else if ($this->isFirstTimeSetup()) { } else if ($this->isFirstTimeSetup()) {

View file

@ -3,23 +3,17 @@
final class PhabricatorAuthRevokeTokenController final class PhabricatorAuthRevokeTokenController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $id; public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
public function willProcessRequest(array $data) { $is_all = ($id === 'all');
$this->id = $data['id'];
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$is_all = ($this->id === 'all');
$query = id(new PhabricatorAuthTemporaryTokenQuery()) $query = id(new PhabricatorAuthTemporaryTokenQuery())
->setViewer($viewer) ->setViewer($viewer)
->withObjectPHIDs(array($viewer->getPHID())); ->withObjectPHIDs(array($viewer->getPHID()));
if (!$is_all) { if (!$is_all) {
$query->withIDs(array($this->id)); $query->withIDs(array($id));
} }
$tokens = $query->execute(); $tokens = $query->execute();

View file

@ -5,8 +5,8 @@ final class PhabricatorAuthSSHKeyEditController
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$id = $request->getURIData('id'); $id = $request->getURIData('id');
if ($id) { if ($id) {
$key = id(new PhabricatorAuthSSHKeyQuery()) $key = id(new PhabricatorAuthSSHKeyQuery())
->setViewer($viewer) ->setViewer($viewer)

View file

@ -3,23 +3,17 @@
final class PhabricatorAuthTerminateSessionController final class PhabricatorAuthTerminateSessionController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $id; public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
public function willProcessRequest(array $data) { $is_all = ($id === 'all');
$this->id = $data['id'];
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$is_all = ($this->id === 'all');
$query = id(new PhabricatorAuthSessionQuery()) $query = id(new PhabricatorAuthSessionQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIdentityPHIDs(array($viewer->getPHID())); ->withIdentityPHIDs(array($viewer->getPHID()));
if (!$is_all) { if (!$is_all) {
$query->withIDs(array($this->id)); $query->withIDs(array($id));
} }
$current_key = PhabricatorHash::digest( $current_key = PhabricatorHash::digest(

View file

@ -5,13 +5,9 @@ final class PhabricatorAuthUnlinkController
private $providerKey; private $providerKey;
public function willProcessRequest(array $data) { public function handleRequest(AphrontRequest $request) {
$this->providerKey = $data['pkey']; $viewer = $this->getViewer();
} $this->providerKey = $request->getURIData('pkey');
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
list($type, $domain) = explode(':', $this->providerKey, 2); list($type, $domain) = explode(':', $this->providerKey, 2);

View file

@ -15,9 +15,8 @@ final class PhabricatorAuthValidateController
return true; return true;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$viewer = $request->getUser();
$failures = array(); $failures = array();

View file

@ -7,15 +7,16 @@ final class PhabricatorDisabledUserController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser(); $id = $request->getURIData('id');
if (!$user->getIsDisabled()) {
if (!$viewer->getIsDisabled()) {
return new Aphront404Response(); return new Aphront404Response();
} }
return id(new AphrontDialogView()) return id(new AphrontDialogView())
->setUser($user) ->setUser($viewer)
->setTitle(pht('Account Disabled')) ->setTitle(pht('Account Disabled'))
->addCancelButton('/logout/', pht('Okay')) ->addCancelButton('/logout/', pht('Okay'))
->appendParagraph(pht('Your account has been disabled.')); ->appendParagraph(pht('Your account has been disabled.'));

View file

@ -7,8 +7,7 @@ final class PhabricatorEmailLoginController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest();
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
return new Aphront400Response(); return new Aphront400Response();

View file

@ -3,12 +3,6 @@
final class PhabricatorEmailVerificationController final class PhabricatorEmailVerificationController
extends PhabricatorAuthController { extends PhabricatorAuthController {
private $code;
public function willProcessRequest(array $data) {
$this->code = $data['code'];
}
public function shouldRequireEmailVerification() { public function shouldRequireEmailVerification() {
// Since users need to be able to hit this endpoint in order to verify // Since users need to be able to hit this endpoint in order to verify
// email, we can't ever require email verification here. // email, we can't ever require email verification here.
@ -21,11 +15,11 @@ final class PhabricatorEmailVerificationController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser(); $code = $request->getURIData('code');
if ($user->getIsDisabled()) { if ($viewer->getIsDisabled()) {
// We allowed unapproved and disabled users to hit this controller, but // We allowed unapproved and disabled users to hit this controller, but
// want to kick out disabled users now. // want to kick out disabled users now.
return new Aphront400Response(); return new Aphront400Response();
@ -33,8 +27,8 @@ final class PhabricatorEmailVerificationController
$email = id(new PhabricatorUserEmail())->loadOneWhere( $email = id(new PhabricatorUserEmail())->loadOneWhere(
'userPHID = %s AND verificationCode = %s', 'userPHID = %s AND verificationCode = %s',
$user->getPHID(), $viewer->getPHID(),
$this->code); $code);
$submit = null; $submit = null;
@ -46,7 +40,7 @@ final class PhabricatorEmailVerificationController
'user. Make sure you followed the link in the email correctly and are '. 'user. Make sure you followed the link in the email correctly and are '.
'logged in with the user account associated with the email address.'); 'logged in with the user account associated with the email address.');
$continue = pht('Rats!'); $continue = pht('Rats!');
} else if ($email->getIsVerified() && $user->getIsEmailVerified()) { } else if ($email->getIsVerified() && $viewer->getIsEmailVerified()) {
$title = pht('Address Already Verified'); $title = pht('Address Already Verified');
$content = pht( $content = pht(
'This email address has already been verified.'); 'This email address has already been verified.');
@ -54,8 +48,8 @@ final class PhabricatorEmailVerificationController
} else if ($request->isFormPost()) { } else if ($request->isFormPost()) {
id(new PhabricatorUserEditor()) id(new PhabricatorUserEditor())
->setActor($user) ->setActor($viewer)
->verifyEmail($user, $email); ->verifyEmail($viewer, $email);
$title = pht('Address Verified'); $title = pht('Address Verified');
$content = pht( $content = pht(
@ -72,7 +66,7 @@ final class PhabricatorEmailVerificationController
} }
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($user) ->setUser($viewer)
->setTitle($title) ->setTitle($title)
->addCancelButton('/', $continue) ->addCancelButton('/', $continue)
->appendChild($content); ->appendChild($content);

View file

@ -26,14 +26,13 @@ final class PhabricatorLogoutController
} }
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser();
if ($request->isFormPost()) { if ($request->isFormPost()) {
$log = PhabricatorUserLog::initializeNewLog( $log = PhabricatorUserLog::initializeNewLog(
$user, $viewer,
$user->getPHID(), $viewer->getPHID(),
PhabricatorUserLog::ACTION_LOGOUT); PhabricatorUserLog::ACTION_LOGOUT);
$log->save(); $log->save();
@ -43,7 +42,7 @@ final class PhabricatorLogoutController
$phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION); $phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
if (strlen($phsid)) { if (strlen($phsid)) {
$session = id(new PhabricatorAuthSessionQuery()) $session = id(new PhabricatorAuthSessionQuery())
->setViewer($user) ->setViewer($viewer)
->withSessionKeys(array($phsid)) ->withSessionKeys(array($phsid))
->executeOne(); ->executeOne();
if ($session) { if ($session) {
@ -56,9 +55,9 @@ final class PhabricatorLogoutController
->setURI('/auth/loggedout/'); ->setURI('/auth/loggedout/');
} }
if ($user->getPHID()) { if ($viewer->getPHID()) {
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($user) ->setUser($viewer)
->setTitle(pht('Log out of Phabricator?')) ->setTitle(pht('Log out of Phabricator?'))
->appendChild(pht('Are you sure you want to log out?')) ->appendChild(pht('Are you sure you want to log out?'))
->addSubmitButton(pht('Logout')) ->addSubmitButton(pht('Logout'))

View file

@ -13,13 +13,12 @@ final class PhabricatorMustVerifyEmailController
return false; return false;
} }
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser();
$email = $user->loadPrimaryEmail(); $email = $viewer->loadPrimaryEmail();
if ($user->getIsEmailVerified()) { if ($viewer->getIsEmailVerified()) {
return id(new AphrontRedirectResponse())->setURI('/'); return id(new AphrontRedirectResponse())->setURI('/');
} }
@ -27,7 +26,7 @@ final class PhabricatorMustVerifyEmailController
$sent = null; $sent = null;
if ($request->isFormPost()) { if ($request->isFormPost()) {
$email->sendVerificationEmail($user); $email->sendVerificationEmail($viewer);
$sent = new PHUIInfoView(); $sent = new PHUIInfoView();
$sent->setSeverity(PHUIInfoView::SEVERITY_NOTICE); $sent->setSeverity(PHUIInfoView::SEVERITY_NOTICE);
$sent->setTitle(pht('Email Sent')); $sent->setTitle(pht('Email Sent'));
@ -48,7 +47,7 @@ final class PhabricatorMustVerifyEmailController
'to try sending another one.'); 'to try sending another one.');
$dialog = id(new AphrontDialogView()) $dialog = id(new AphrontDialogView())
->setUser($user) ->setUser($viewer)
->setTitle(pht('Check Your Email')) ->setTitle(pht('Check Your Email'))
->appendParagraph($must_verify) ->appendParagraph($must_verify)
->appendParagraph($send_again) ->appendParagraph($send_again)

View file

@ -2,14 +2,13 @@
final class PhabricatorRefreshCSRFController extends PhabricatorAuthController { final class PhabricatorRefreshCSRFController extends PhabricatorAuthController {
public function processRequest() { public function handleRequest(AphrontRequest $request) {
$request = $this->getRequest(); $viewer = $this->getViewer();
$user = $request->getUser();
return id(new AphrontAjaxResponse()) return id(new AphrontAjaxResponse())
->setContent( ->setContent(
array( array(
'token' => $user->getCSRFToken(), 'token' => $viewer->getCSRFToken(),
)); ));
} }