Allow tokens to be awarded to MFA-required objects

Summary:
Depends on D19901. Ref T13222. See PHI873. Currently, the MFA code and the (older, not-really-transactional) token code don't play nicely.

In particular, if the Editor throws we tend to get half an effect applied.

For now, just make this work. Some day it could become more modern so that the transaction actually applies the write.

Test Plan: Awarded and rescinded tokens from an MFA-required object.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13222

Differential Revision: https://secure.phabricator.com/D19902

src/applications/tokens/controller/PhabricatorTokenGiveController.php

@@ -47,11 +47,13 @@ final class PhabricatorTokenGiveController extends PhabricatorTokenController {
     }
 
     $done_uri = $handle->getURI();
-    if ($request->isDialogFormPost()) {
+    if ($request->isFormOrHisecPost()) {
       $content_source = PhabricatorContentSource::newFromRequest($request);
 
       $editor = id(new PhabricatorTokenGivenEditor())
         ->setActor($viewer)
+        ->setRequest($request)
+        ->setCancelURI($handle->getURI())
         ->setContentSource($content_source);
       if ($is_give) {
         $token_phid = $request->getStr('tokenPHID');

src/applications/tokens/editor/PhabricatorTokenGivenEditor.php

@@ -4,6 +4,8 @@ final class PhabricatorTokenGivenEditor
   extends PhabricatorEditor {
 
   private $contentSource;
+  private $request;
+  private $cancelURI;
 
   public function setContentSource(PhabricatorContentSource $content_source) {
     $this->contentSource = $content_source;
@@ -14,6 +16,24 @@ final class PhabricatorTokenGivenEditor
     return $this->contentSource;
   }
 
+  public function setRequest(AphrontRequest $request) {
+    $this->request = $request;
+    return $this;
+  }
+
+  public function getRequest() {
+    return $this->request;
+  }
+
+  public function setCancelURI($cancel_uri) {
+    $this->cancelURI = $cancel_uri;
+    return $this;
+  }
+
+  public function getCancelURI() {
+    return $this->cancelURI;
+  }
+
   public function addToken($object_phid, $token_phid) {
     $token = $this->validateToken($token_phid);
     $object = $this->validateObject($object_phid);
@@ -41,17 +61,22 @@ final class PhabricatorTokenGivenEditor
         id(new PhabricatorTokenCount())->getTableName(),
         $object->getPHID());
 
-    $token_given->saveTransaction();
-
       $current_token_phid = null;
       if ($current_token) {
         $current_token_phid = $current_token->getTokenPHID();
       }
 
+      try {
         $this->publishTransaction(
           $object,
           $current_token_phid,
           $token->getPHID());
+      } catch (Exception $ex) {
+        $token_given->killTransaction();
+        throw $ex;
+      }
+
+    $token_given->saveTransaction();
 
     $subscribed_phids = $object->getUsersToNotifyOfTokenGiven();
     if ($subscribed_phids) {
@@ -86,11 +111,20 @@ final class PhabricatorTokenGivenEditor
       return;
     }
 
+    $token_given->openTransaction();
       $this->executeDeleteToken($object, $token_given);
+
+      try {
         $this->publishTransaction(
           $object,
           $token_given->getTokenPHID(),
           null);
+      } catch (Exception $ex) {
+        $token_given->killTransaction();
+        throw $ex;
+      }
+
+    $token_given->saveTransaction();
   }
 
   private function executeDeleteToken(
@@ -166,6 +200,16 @@ final class PhabricatorTokenGivenEditor
       ->setContinueOnNoEffect(true)
       ->setContinueOnMissingFields(true);
 
+    $request = $this->getRequest();
+    if ($request) {
+      $editor->setRequest($request);
+    }
+
+    $cancel_uri = $this->getCancelURI();
+    if ($cancel_uri) {
+      $editor->setCancelURI($cancel_uri);
+    }
+
     $editor->applyTransactions($object, $xactions);
   }