Quicksand - make things work properly with high security mode

Summary: Fixes T7064. We need to pass the quicksand magic request variable around and then instrument the javascript to handle quicksand page loads. Test Plan: Enabled two factor auth on my account and then - visited password page - filled out 2 factor auth request - saw high security bubble - clicked about still seeing high security bubble - refreshed page and still saw security bubble - dismissed bubble by following through workflow after clicking bubble Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7064 Differential Revision: https://secure.phabricator.com/D12536
2024-11-09 16:32:39 +01:00 · 2015-04-23 16:37:56 -07:00 · 2015-04-23 16:37:56 -07:00 · a903eb2def
commit a903eb2def
parent 3ba56ceaf0
5 changed files with 77 additions and 33 deletions
--- a/resources/celerity/map.php
+++ b/resources/celerity/map.php
@ -469,7 +469,7 @@ return array(
    'rsrc/js/core/behavior-form.js' => '5c54cbf3',
    'rsrc/js/core/behavior-gesture.js' => '3ab51e2c',
    'rsrc/js/core/behavior-global-drag-and-drop.js' => '3f6075ff',
-    'rsrc/js/core/behavior-high-security-warning.js' => '8fc1c918',
+    'rsrc/js/core/behavior-high-security-warning.js' => 'a464fe03',
    'rsrc/js/core/behavior-history-install.js' => '7ee2b591',
    'rsrc/js/core/behavior-hovercard.js' => 'f36e01af',
    'rsrc/js/core/behavior-keyboard-pager.js' => 'a8da01f0',
@ -595,7 +595,7 @@ return array(
    'javelin-behavior-fancy-datepicker' => 'c51ae228',
    'javelin-behavior-global-drag-and-drop' => '3f6075ff',
    'javelin-behavior-herald-rule-editor' => '7ebaeed3',
-    'javelin-behavior-high-security-warning' => '8fc1c918',
+    'javelin-behavior-high-security-warning' => 'a464fe03',
    'javelin-behavior-history-install' => '7ee2b591',
    'javelin-behavior-icon-composer' => '8ef9ab58',
    'javelin-behavior-launch-icon-composer' => '48086888',
@ -1526,11 +1526,6 @@ return array(
      'javelin-dom',
      'javelin-stratcom',
    ),
-    '8fc1c918' => array(
-      'javelin-behavior',
-      'javelin-uri',
-      'phabricator-notification',
-    ),
    '9007c197' => array(
      'javelin-behavior',
      'javelin-dom',
@ -1639,6 +1634,11 @@ return array(
      'javelin-vector',
      'javelin-install',
    ),
+    'a464fe03' => array(
+      'javelin-behavior',
+      'javelin-uri',
+      'phabricator-notification',
+    ),
    'a80d0378' => array(
      'javelin-behavior',
      'javelin-stratcom',
--- a/src/aphront/AphrontRequest.php
+++ b/src/aphront/AphrontRequest.php
@ -539,8 +539,9 @@ final class AphrontRequest {
   *
   * @return  dict<string, string>  Original request parameters.
   */
-  public function getPassthroughRequestParameters() {
-    return self::flattenData($this->getPassthroughRequestData());
+  public function getPassthroughRequestParameters($include_quicksand = false) {
+    return self::flattenData(
+      $this->getPassthroughRequestData($include_quicksand));
  }

  /**
@ -548,11 +549,14 @@ final class AphrontRequest {
   *
   * @return dict<string, wild> Request data, with magic filtered out.
   */
-  public function getPassthroughRequestData() {
+  public function getPassthroughRequestData($include_quicksand = false) {
    $data = $this->getRequestData();

    // Remove magic parameters like __dialog__ and __ajax__.
    foreach ($data as $key => $value) {
+      if ($include_quicksand && $key == self::TYPE_QUICKSAND) {
+        continue;
+      }
      if (!strncmp($key, '__', 2)) {
        unset($data[$key]);
      }
--- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
+++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
@ -135,7 +135,9 @@ class AphrontDefaultApplicationConfiguration
        ->addCancelButton($ex->getCancelURI())
        ->addSubmitButton(pht('Enter High Security'));

-      foreach ($request->getPassthroughRequestParameters() as $key => $value) {
+      $request_parameters = $request->getPassthroughRequestParameters(
+        $respect_quicksand = true);
+      foreach ($request_parameters as $key => $value) {
        $dialog->addHiddenInput($key, $value);
      }

--- a/src/view/page/PhabricatorStandardPageView.php
+++ b/src/view/page/PhabricatorStandardPageView.php
@ -215,21 +215,9 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {

    Javelin::initBehavior('device');

-    if ($user->hasSession()) {
-      $hisec = ($user->getSession()->getHighSecurityUntil() - time());
-      if ($hisec > 0) {
-        $remaining_time = phutil_format_relative_time($hisec);
-        Javelin::initBehavior(
-          'high-security-warning',
-          array(
-            'uri' => '/auth/session/downgrade/',
-            'message' => pht(
-              'Your session is in high security mode. When you '.
-              'finish using it, click here to leave.',
-              $remaining_time),
-          ));
-      }
-    }
+    Javelin::initBehavior(
+      'high-security-warning',
+      $this->getHighSecurityWarningConfig());

    if ($console) {
      require_celerity_resource('aphront-dark-console-css');
@ -547,6 +535,26 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
    );
  }

+  private function getHighSecurityWarningConfig() {
+    $user = $this->getRequest()->getUser();
+
+    $show = false;
+    if ($user->hasSession()) {
+      $hisec = ($user->getSession()->getHighSecurityUntil() - time());
+      if ($hisec > 0) {
+        $show = true;
+      }
+    }
+
+    return array(
+      'show' => $show,
+      'uri' => '/auth/session/downgrade/',
+      'message' => pht(
+        'Your session is in high security mode. When you '.
+        'finish using it, click here to leave.'),
+        );
+  }
+
  private function renderFooter() {
    if (!$this->getShowChrome()) {
      return null;
@ -628,6 +636,8 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
          $controller);
    }

+    $hisec_warning_config = $this->getHighSecurityWarningConfig();
+
    $console_config = null;
    $console = $this->getConsole();
    if ($console) {
@ -641,6 +651,7 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
      ),
      'globalDragAndDrop' => $controller->isGlobalDragAndDropUploadEnabled(),
      'aphlictDropdowns' => $rendered_dropdowns,
+      'hisecWarningConfig' => $hisec_warning_config,
      'consoleConfig' => $console_config,
    ) + $this->buildAphlictListenConfigData();
  }
--- a/webroot/rsrc/js/core/behavior-high-security-warning.js
+++ b/webroot/rsrc/js/core/behavior-high-security-warning.js
@ -5,15 +5,42 @@
 *           phabricator-notification
 */

-JX.behavior('high-security-warning', function(config) {
+JX.behavior('high-security-warning', function(config, statics) {

-  var n = new JX.Notification()
-    .setContent(config.message)
-    .setDuration(0)
-    .alterClassName('jx-notification-security', true);
+  function show_warning(message, uri) {
+    var n = new JX.Notification()
+      .setContent(message)
+      .setDuration(0)
+      .alterClassName('jx-notification-security', true);

-  n.listen('activate', function() { JX.$U(config.uri).go(); });
+    n.listen(
+      'activate',
+      function() {
+        statics.showing = false;
+        JX.$U(uri).go();
+      });

-  n.show();
+    n.show();
+    statics.showing = true;
+  }

+  if (statics.showing) {
+    return;
+  }
+
+  if (config.show) {
+    show_warning(config.message, config.uri);
+  }
+
+  JX.Stratcom.listen(
+    'quicksand-redraw',
+    null,
+    function (e) {
+      var new_data = e.getData().newResponse.hisecWarningConfig;
+
+      if (!new_data.fromServer || !new_data.show || statics.showing) {
+        return;
+      }
+      show_warning(new_data.message, new_data.uri);
+    });
 });