mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 14:52:41 +01:00
Quicksand - make things work properly with high security mode
Summary: Fixes T7064. We need to pass the quicksand magic request variable around and then instrument the javascript to handle quicksand page loads. Test Plan: Enabled two factor auth on my account and then - visited password page - filled out 2 factor auth request - saw high security bubble - clicked about still seeing high security bubble - refreshed page and still saw security bubble - dismissed bubble by following through workflow after clicking bubble Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7064 Differential Revision: https://secure.phabricator.com/D12536
This commit is contained in:
parent
3ba56ceaf0
commit
a903eb2def
5 changed files with 77 additions and 33 deletions
|
@ -469,7 +469,7 @@ return array(
|
|||
'rsrc/js/core/behavior-form.js' => '5c54cbf3',
|
||||
'rsrc/js/core/behavior-gesture.js' => '3ab51e2c',
|
||||
'rsrc/js/core/behavior-global-drag-and-drop.js' => '3f6075ff',
|
||||
'rsrc/js/core/behavior-high-security-warning.js' => '8fc1c918',
|
||||
'rsrc/js/core/behavior-high-security-warning.js' => 'a464fe03',
|
||||
'rsrc/js/core/behavior-history-install.js' => '7ee2b591',
|
||||
'rsrc/js/core/behavior-hovercard.js' => 'f36e01af',
|
||||
'rsrc/js/core/behavior-keyboard-pager.js' => 'a8da01f0',
|
||||
|
@ -595,7 +595,7 @@ return array(
|
|||
'javelin-behavior-fancy-datepicker' => 'c51ae228',
|
||||
'javelin-behavior-global-drag-and-drop' => '3f6075ff',
|
||||
'javelin-behavior-herald-rule-editor' => '7ebaeed3',
|
||||
'javelin-behavior-high-security-warning' => '8fc1c918',
|
||||
'javelin-behavior-high-security-warning' => 'a464fe03',
|
||||
'javelin-behavior-history-install' => '7ee2b591',
|
||||
'javelin-behavior-icon-composer' => '8ef9ab58',
|
||||
'javelin-behavior-launch-icon-composer' => '48086888',
|
||||
|
@ -1526,11 +1526,6 @@ return array(
|
|||
'javelin-dom',
|
||||
'javelin-stratcom',
|
||||
),
|
||||
'8fc1c918' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-uri',
|
||||
'phabricator-notification',
|
||||
),
|
||||
'9007c197' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-dom',
|
||||
|
@ -1639,6 +1634,11 @@ return array(
|
|||
'javelin-vector',
|
||||
'javelin-install',
|
||||
),
|
||||
'a464fe03' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-uri',
|
||||
'phabricator-notification',
|
||||
),
|
||||
'a80d0378' => array(
|
||||
'javelin-behavior',
|
||||
'javelin-stratcom',
|
||||
|
|
|
@ -539,8 +539,9 @@ final class AphrontRequest {
|
|||
*
|
||||
* @return dict<string, string> Original request parameters.
|
||||
*/
|
||||
public function getPassthroughRequestParameters() {
|
||||
return self::flattenData($this->getPassthroughRequestData());
|
||||
public function getPassthroughRequestParameters($include_quicksand = false) {
|
||||
return self::flattenData(
|
||||
$this->getPassthroughRequestData($include_quicksand));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -548,11 +549,14 @@ final class AphrontRequest {
|
|||
*
|
||||
* @return dict<string, wild> Request data, with magic filtered out.
|
||||
*/
|
||||
public function getPassthroughRequestData() {
|
||||
public function getPassthroughRequestData($include_quicksand = false) {
|
||||
$data = $this->getRequestData();
|
||||
|
||||
// Remove magic parameters like __dialog__ and __ajax__.
|
||||
foreach ($data as $key => $value) {
|
||||
if ($include_quicksand && $key == self::TYPE_QUICKSAND) {
|
||||
continue;
|
||||
}
|
||||
if (!strncmp($key, '__', 2)) {
|
||||
unset($data[$key]);
|
||||
}
|
||||
|
|
|
@ -135,7 +135,9 @@ class AphrontDefaultApplicationConfiguration
|
|||
->addCancelButton($ex->getCancelURI())
|
||||
->addSubmitButton(pht('Enter High Security'));
|
||||
|
||||
foreach ($request->getPassthroughRequestParameters() as $key => $value) {
|
||||
$request_parameters = $request->getPassthroughRequestParameters(
|
||||
$respect_quicksand = true);
|
||||
foreach ($request_parameters as $key => $value) {
|
||||
$dialog->addHiddenInput($key, $value);
|
||||
}
|
||||
|
||||
|
|
|
@ -215,21 +215,9 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
|
|||
|
||||
Javelin::initBehavior('device');
|
||||
|
||||
if ($user->hasSession()) {
|
||||
$hisec = ($user->getSession()->getHighSecurityUntil() - time());
|
||||
if ($hisec > 0) {
|
||||
$remaining_time = phutil_format_relative_time($hisec);
|
||||
Javelin::initBehavior(
|
||||
'high-security-warning',
|
||||
array(
|
||||
'uri' => '/auth/session/downgrade/',
|
||||
'message' => pht(
|
||||
'Your session is in high security mode. When you '.
|
||||
'finish using it, click here to leave.',
|
||||
$remaining_time),
|
||||
));
|
||||
}
|
||||
}
|
||||
Javelin::initBehavior(
|
||||
'high-security-warning',
|
||||
$this->getHighSecurityWarningConfig());
|
||||
|
||||
if ($console) {
|
||||
require_celerity_resource('aphront-dark-console-css');
|
||||
|
@ -547,6 +535,26 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
|
|||
);
|
||||
}
|
||||
|
||||
private function getHighSecurityWarningConfig() {
|
||||
$user = $this->getRequest()->getUser();
|
||||
|
||||
$show = false;
|
||||
if ($user->hasSession()) {
|
||||
$hisec = ($user->getSession()->getHighSecurityUntil() - time());
|
||||
if ($hisec > 0) {
|
||||
$show = true;
|
||||
}
|
||||
}
|
||||
|
||||
return array(
|
||||
'show' => $show,
|
||||
'uri' => '/auth/session/downgrade/',
|
||||
'message' => pht(
|
||||
'Your session is in high security mode. When you '.
|
||||
'finish using it, click here to leave.'),
|
||||
);
|
||||
}
|
||||
|
||||
private function renderFooter() {
|
||||
if (!$this->getShowChrome()) {
|
||||
return null;
|
||||
|
@ -628,6 +636,8 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
|
|||
$controller);
|
||||
}
|
||||
|
||||
$hisec_warning_config = $this->getHighSecurityWarningConfig();
|
||||
|
||||
$console_config = null;
|
||||
$console = $this->getConsole();
|
||||
if ($console) {
|
||||
|
@ -641,6 +651,7 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView {
|
|||
),
|
||||
'globalDragAndDrop' => $controller->isGlobalDragAndDropUploadEnabled(),
|
||||
'aphlictDropdowns' => $rendered_dropdowns,
|
||||
'hisecWarningConfig' => $hisec_warning_config,
|
||||
'consoleConfig' => $console_config,
|
||||
) + $this->buildAphlictListenConfigData();
|
||||
}
|
||||
|
|
|
@ -5,15 +5,42 @@
|
|||
* phabricator-notification
|
||||
*/
|
||||
|
||||
JX.behavior('high-security-warning', function(config) {
|
||||
JX.behavior('high-security-warning', function(config, statics) {
|
||||
|
||||
var n = new JX.Notification()
|
||||
.setContent(config.message)
|
||||
.setDuration(0)
|
||||
.alterClassName('jx-notification-security', true);
|
||||
function show_warning(message, uri) {
|
||||
var n = new JX.Notification()
|
||||
.setContent(message)
|
||||
.setDuration(0)
|
||||
.alterClassName('jx-notification-security', true);
|
||||
|
||||
n.listen('activate', function() { JX.$U(config.uri).go(); });
|
||||
n.listen(
|
||||
'activate',
|
||||
function() {
|
||||
statics.showing = false;
|
||||
JX.$U(uri).go();
|
||||
});
|
||||
|
||||
n.show();
|
||||
n.show();
|
||||
statics.showing = true;
|
||||
}
|
||||
|
||||
if (statics.showing) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (config.show) {
|
||||
show_warning(config.message, config.uri);
|
||||
}
|
||||
|
||||
JX.Stratcom.listen(
|
||||
'quicksand-redraw',
|
||||
null,
|
||||
function (e) {
|
||||
var new_data = e.getData().newResponse.hisecWarningConfig;
|
||||
|
||||
if (!new_data.fromServer || !new_data.show || statics.showing) {
|
||||
return;
|
||||
}
|
||||
show_warning(new_data.message, new_data.uri);
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue