From 61a0c6d6e3895eff32aa173b269717f890ed2657 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sun, 16 Jun 2013 16:35:36 -0700 Subject: [PATCH] Add a blanket "will login" event Summary: Ref T1536. Facebook currently does a check which should be on-login in registration hooks, and this is generally a reasonable hook to provide. The "will login" event allows listeners to reject or modify a login, or just log it or whatever. NOTE: This doesn't cover non-web logins right now -- notably Conduit. That's presumably fine. (This can't land for a while, it depends on about 10 uncommitted revisions.) Test Plan: Logged out and in again. Reviewers: wez, btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6202 --- .../controller/PhabricatorAuthController.php | 63 ++++++++++++++++--- .../PhabricatorAuthLoginController.php | 6 +- .../PhabricatorAuthRegisterController.php | 6 +- .../PhabricatorAuthStartController.php | 2 +- .../PhabricatorEmailTokenController.php | 4 +- .../PhabricatorLDAPLoginController.php | 4 +- .../controller/PhabricatorLoginController.php | 3 +- .../PhabricatorOAuthLoginController.php | 4 +- .../events/constant/PhabricatorEventType.php | 1 + 9 files changed, 64 insertions(+), 29 deletions(-) diff --git a/src/applications/auth/controller/PhabricatorAuthController.php b/src/applications/auth/controller/PhabricatorAuthController.php index f3c20cfde8..173aae06e4 100644 --- a/src/applications/auth/controller/PhabricatorAuthController.php +++ b/src/applications/auth/controller/PhabricatorAuthController.php @@ -29,17 +29,54 @@ abstract class PhabricatorAuthController extends PhabricatorController { } - protected function establishWebSession(PhabricatorUser $user) { - $session_key = $user->establishSession('web'); + /** + * Log a user into a web session and return an @{class:AphrontResponse} which + * corresponds to continuing the login process. + * + * Normally, this is a redirect to the validation controller which makes sure + * the user's cookies are set. However, event listeners can intercept this + * event and do something else if they prefer. + * + * @param PhabricatorUser User to log the viewer in as. + * @return AphrontResponse Response which continues the login process. + */ + protected function loginUser(PhabricatorUser $user) { + $response = $this->buildLoginValidateResponse($user); + $session_type = 'web'; + + $event_type = PhabricatorEventType::TYPE_AUTH_WILLLOGINUSER; + $event_data = array( + 'user' => $user, + 'type' => $session_type, + 'response' => $response, + 'shouldLogin' => true, + ); + + $event = id(new PhabricatorEvent($event_type, $event_data)) + ->setUser($user); + PhutilEventEngine::dispatchEvent($event); + + $should_login = $event->getValue('shouldLogin'); + if ($should_login) { + $session_key = $user->establishSession($session_type); + + // NOTE: We allow disabled users to login and roadblock them later, so + // there's no check for users being disabled here. + + $request = $this->getRequest(); + $request->setCookie('phusr', $user->getUsername()); + $request->setCookie('phsid', $session_key); + + $this->clearRegistrationCookies(); + } + + return $event->getValue('response'); + } + + protected function clearRegistrationCookies() { $request = $this->getRequest(); - // NOTE: We allow disabled users to login and roadblock them later, so - // there's no check for users being disabled here. - - $request->setCookie('phusr', $user->getUsername()); - $request->setCookie('phsid', $session_key); - // Clear the registration key. $request->clearCookie('phreg'); @@ -47,11 +84,19 @@ abstract class PhabricatorAuthController extends PhabricatorController { $request->clearCookie('phcid'); } - protected function buildLoginValidateResponse(PhabricatorUser $user) { + private function buildLoginValidateResponse(PhabricatorUser $user) { $validate_uri = new PhutilURI($this->getApplicationURI('validate/')); $validate_uri->setQueryParam('phusr', $user->getUsername()); return id(new AphrontRedirectResponse())->setURI((string)$validate_uri); } + protected function renderError($message) { + return $this->renderErrorPage( + pht('Authentication Error'), + array( + $message, + )); + } + } diff --git a/src/applications/auth/controller/PhabricatorAuthLoginController.php b/src/applications/auth/controller/PhabricatorAuthLoginController.php index b11482d36d..4a4711a34d 100644 --- a/src/applications/auth/controller/PhabricatorAuthLoginController.php +++ b/src/applications/auth/controller/PhabricatorAuthLoginController.php @@ -107,9 +107,7 @@ final class PhabricatorAuthLoginController 'with a valid Phabricator user.')); } - $this->establishWebSession($user); - - return $this->buildLoginValidateResponse($user); + return $this->loginUser($user); } private function processRegisterUser(PhabricatorExternalAccount $account) { @@ -161,7 +159,7 @@ final class PhabricatorAuthLoginController return null; } - private function renderError($message) { + protected function renderError($message) { $title = pht('Login Failed'); $view = new AphrontErrorView(); diff --git a/src/applications/auth/controller/PhabricatorAuthRegisterController.php b/src/applications/auth/controller/PhabricatorAuthRegisterController.php index 062ac4cc4a..a5df51f255 100644 --- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php +++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php @@ -205,13 +205,11 @@ final class PhabricatorAuthRegisterController $user->saveTransaction(); - $this->establishWebSession($user); - if (!$email_obj->getIsVerified()) { $email_obj->sendVerificationEmail($user); } - return $this->buildLoginValidateResponse($user); + return $this->loginUser($user); } catch (AphrontQueryDuplicateKeyException $exception) { $same_username = id(new PhabricatorUser())->loadOneWhere( 'userName = %s', @@ -480,7 +478,7 @@ final class PhabricatorAuthRegisterController } } - private function renderError($message) { + protected function renderError($message) { return $this->renderErrorPage( pht('Registration Failed'), array($message)); diff --git a/src/applications/auth/controller/PhabricatorAuthStartController.php b/src/applications/auth/controller/PhabricatorAuthStartController.php index 267a61b47f..0fa6222b36 100644 --- a/src/applications/auth/controller/PhabricatorAuthStartController.php +++ b/src/applications/auth/controller/PhabricatorAuthStartController.php @@ -180,7 +180,7 @@ final class PhabricatorAuthStartController return id(new AphrontPlainTextResponse())->setContent($message); } - private function renderError($message) { + protected function renderError($message) { return $this->renderErrorPage( pht('Authentication Failure'), array($message)); diff --git a/src/applications/auth/controller/PhabricatorEmailTokenController.php b/src/applications/auth/controller/PhabricatorEmailTokenController.php index 1edd109011..5b4401564b 100644 --- a/src/applications/auth/controller/PhabricatorEmailTokenController.php +++ b/src/applications/auth/controller/PhabricatorEmailTokenController.php @@ -73,8 +73,6 @@ final class PhabricatorEmailTokenController $target_email->save(); unset($unguarded); - $this->establishWebSession($target_user); - $next = '/'; if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { $panels = id(new PhabricatorSettingsPanelOAuth())->buildPanels(); @@ -95,6 +93,6 @@ final class PhabricatorEmailTokenController $request->setCookie('next_uri', $next); - return $this->buildLoginValidateResponse($target_user); + return $this->loginUser($target_user); } } diff --git a/src/applications/auth/controller/PhabricatorLDAPLoginController.php b/src/applications/auth/controller/PhabricatorLDAPLoginController.php index 99a3628024..fbf83874b2 100644 --- a/src/applications/auth/controller/PhabricatorLDAPLoginController.php +++ b/src/applications/auth/controller/PhabricatorLDAPLoginController.php @@ -90,9 +90,7 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController { $this->saveLDAPInfo($ldap_info); - $this->establishWebSession($known_user); - - return $this->buildLoginValidateResponse($known_user); + return $this->loginUser($known_user); } $controller = newv('PhabricatorLDAPRegistrationController', diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php index e0087f452f..e8bc401756 100644 --- a/src/applications/auth/controller/PhabricatorLoginController.php +++ b/src/applications/auth/controller/PhabricatorLoginController.php @@ -138,8 +138,7 @@ final class PhabricatorLoginController } if (!$errors) { - $this->establishWebSession($user); - return $this->buildLoginValidateResponse($user); + return $this->loginUser($user); } else { $log = PhabricatorUserLog::newLog( null, diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php index 59a8973e7c..9191430a4f 100644 --- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php +++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php @@ -148,9 +148,7 @@ final class PhabricatorOAuthLoginController $this->saveOAuthInfo($oauth_info); - $this->establishWebSession($known_user); - - return $this->buildLoginValidateResponse($known_user); + return $this->loginUser($known_user); } $oauth_email = $provider->retrieveUserEmail(); diff --git a/src/infrastructure/events/constant/PhabricatorEventType.php b/src/infrastructure/events/constant/PhabricatorEventType.php index a1b5bb3494..aec70db8d2 100644 --- a/src/infrastructure/events/constant/PhabricatorEventType.php +++ b/src/infrastructure/events/constant/PhabricatorEventType.php @@ -37,5 +37,6 @@ final class PhabricatorEventType extends PhutilEventType { const TYPE_PEOPLE_DIDRENDERMENU = 'people.didRenderMenu'; const TYPE_AUTH_WILLREGISTERUSER = 'auth.willRegisterUser'; + const TYPE_AUTH_WILLLOGINUSER = 'auth.willLoginUser'; }