diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 9e7769f093..7b4055d1b0 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2296,6 +2296,7 @@ phutil_register_library_map(array( 'PhabricatorAuthNeedsApprovalController' => 'applications/auth/controller/PhabricatorAuthNeedsApprovalController.php', 'PhabricatorAuthNeedsMultiFactorController' => 'applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php', 'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php', + 'PhabricatorAuthNewFactorAction' => 'applications/auth/action/PhabricatorAuthNewFactorAction.php', 'PhabricatorAuthOldOAuthRedirectController' => 'applications/auth/controller/PhabricatorAuthOldOAuthRedirectController.php', 'PhabricatorAuthOneTimeLoginController' => 'applications/auth/controller/PhabricatorAuthOneTimeLoginController.php', 'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php', @@ -8021,6 +8022,7 @@ phutil_register_library_map(array( 'PhabricatorAuthNeedsApprovalController' => 'PhabricatorAuthController', 'PhabricatorAuthNeedsMultiFactorController' => 'PhabricatorAuthController', 'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController', + 'PhabricatorAuthNewFactorAction' => 'PhabricatorSystemAction', 'PhabricatorAuthOldOAuthRedirectController' => 'PhabricatorAuthController', 'PhabricatorAuthOneTimeLoginController' => 'PhabricatorAuthController', 'PhabricatorAuthOneTimeLoginTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType', diff --git a/src/applications/auth/action/PhabricatorAuthNewFactorAction.php b/src/applications/auth/action/PhabricatorAuthNewFactorAction.php new file mode 100644 index 0000000000..c1244587f1 --- /dev/null +++ b/src/applications/auth/action/PhabricatorAuthNewFactorAction.php @@ -0,0 +1,21 @@ +setViewer($viewer); + if ($request->isFormPost()) { + // Subject users to rate limiting so that it's difficult to add factors + // by pure brute force. This is normally not much of an attack, but push + // factor types may have side effects. + PhabricatorSystemActionEngine::willTakeAction( + array($viewer->getPHID()), + new PhabricatorAuthNewFactorAction(), + 1); + } else { + // Test the limit before showing the user a form, so we don't give them + // a form which can never possibly work because it will always hit rate + // limiting. + PhabricatorSystemActionEngine::willTakeAction( + array($viewer->getPHID()), + new PhabricatorAuthNewFactorAction(), + 0); + } + $config = $selected_provider->processAddFactorForm( $form, $request, $user); if ($config) { + // If the user added a factor, give them a rate limiting point back. + PhabricatorSystemActionEngine::willTakeAction( + array($viewer->getPHID()), + new PhabricatorAuthNewFactorAction(), + -1); + $config->save(); $log = PhabricatorUserLog::initializeNewLog(