mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Record account recovery email links in the user activity log and make the mail message reference the log
Summary: Depends on D20672. Ref T13343. When a user requests an account access link via email: - log it in the activity log; and - reference the log in the mail. This makes it easier to ban users misusing the feature, provided they're coming from a single remote address, and takes a few steps down the pathway toward a button in the mail that users can click to report the action, suspend account recovery for their account, etc. Test Plan: - Requested an email recovery link. - Saw request appear in the user activity log. - Saw a reference to the log entry in the mail footer. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13343 Differential Revision: https://secure.phabricator.com/D20673
This commit is contained in:
parent
57799bc82b
commit
60db658d52
4 changed files with 43 additions and 1 deletions
|
@ -3216,6 +3216,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorEmailFormatSetting' => 'applications/settings/setting/PhabricatorEmailFormatSetting.php',
|
||||
'PhabricatorEmailFormatSettingsPanel' => 'applications/settings/panel/PhabricatorEmailFormatSettingsPanel.php',
|
||||
'PhabricatorEmailLoginController' => 'applications/auth/controller/PhabricatorEmailLoginController.php',
|
||||
'PhabricatorEmailLoginUserLogType' => 'applications/people/userlog/PhabricatorEmailLoginUserLogType.php',
|
||||
'PhabricatorEmailNotificationsSetting' => 'applications/settings/setting/PhabricatorEmailNotificationsSetting.php',
|
||||
'PhabricatorEmailPreferencesSettingsPanel' => 'applications/settings/panel/PhabricatorEmailPreferencesSettingsPanel.php',
|
||||
'PhabricatorEmailRePrefixSetting' => 'applications/settings/setting/PhabricatorEmailRePrefixSetting.php',
|
||||
|
@ -9343,6 +9344,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorEmailFormatSetting' => 'PhabricatorSelectSetting',
|
||||
'PhabricatorEmailFormatSettingsPanel' => 'PhabricatorEditEngineSettingsPanel',
|
||||
'PhabricatorEmailLoginController' => 'PhabricatorAuthController',
|
||||
'PhabricatorEmailLoginUserLogType' => 'PhabricatorUserLogType',
|
||||
'PhabricatorEmailNotificationsSetting' => 'PhabricatorSelectSetting',
|
||||
'PhabricatorEmailPreferencesSettingsPanel' => 'PhabricatorSettingsPanel',
|
||||
'PhabricatorEmailRePrefixSetting' => 'PhabricatorSelectSetting',
|
||||
|
|
|
@ -104,10 +104,16 @@ final class PhabricatorEmailLoginController
|
|||
if (!$errors) {
|
||||
$target_address = new PhutilEmailAddress($target_email->getAddress());
|
||||
|
||||
$user_log = PhabricatorUserLog::initializeNewLog(
|
||||
$viewer,
|
||||
$target_user->getPHID(),
|
||||
PhabricatorEmailLoginUserLogType::LOGTYPE);
|
||||
|
||||
$mail_engine = id(new PhabricatorPeopleEmailLoginMailEngine())
|
||||
->setSender($viewer)
|
||||
->setRecipient($target_user)
|
||||
->setRecipientAddress($target_address);
|
||||
->setRecipientAddress($target_address)
|
||||
->setActivityLog($user_log);
|
||||
|
||||
try {
|
||||
$mail_engine->validateMail();
|
||||
|
|
|
@ -6,6 +6,7 @@ abstract class PhabricatorPeopleMailEngine
|
|||
private $sender;
|
||||
private $recipient;
|
||||
private $recipientAddress;
|
||||
private $activityLog;
|
||||
|
||||
final public function setSender(PhabricatorUser $sender) {
|
||||
$this->sender = $sender;
|
||||
|
@ -47,6 +48,15 @@ abstract class PhabricatorPeopleMailEngine
|
|||
return ($this->recipientAddress !== null);
|
||||
}
|
||||
|
||||
final public function setActivityLog(PhabricatorUserLog $activity_log) {
|
||||
$this->activityLog = $activity_log;
|
||||
return $this;
|
||||
}
|
||||
|
||||
final public function getActivityLog() {
|
||||
return $this->activityLog;
|
||||
}
|
||||
|
||||
final public function canSendMail() {
|
||||
try {
|
||||
$this->validateMail();
|
||||
|
@ -68,6 +78,18 @@ abstract class PhabricatorPeopleMailEngine
|
|||
$mail->addTos(array($recipient->getPHID()));
|
||||
}
|
||||
|
||||
$activity_log = $this->getActivityLog();
|
||||
if ($activity_log) {
|
||||
$activity_log->save();
|
||||
|
||||
$body = array();
|
||||
$body[] = rtrim($mail->getBody(), "\n");
|
||||
$body[] = pht('Activity Log ID: #%d', $activity_log->getID());
|
||||
$body = implode("\n\n", $body)."\n";
|
||||
|
||||
$mail->setBody($body);
|
||||
}
|
||||
|
||||
$mail
|
||||
->setForceDelivery(true)
|
||||
->save();
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorEmailLoginUserLogType
|
||||
extends PhabricatorUserLogType {
|
||||
|
||||
const LOGTYPE = 'email-login';
|
||||
|
||||
public function getLogTypeName() {
|
||||
return pht('Email: Recovery Link');
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue