1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00

Replace old login validation controller with new one

Summary: Ref T1536. We can safely replace the old login validation controller with this new one, and reduce code dplication while we're at it.

Test Plan: Logged in with LDAP, logged in with OAuth, logged in with username/password, did a password reset.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6178
This commit is contained in:
epriestley 2013-06-16 10:18:45 -07:00
parent 068263a6df
commit fdbd377625
7 changed files with 33 additions and 150 deletions

View file

@ -24,30 +24,6 @@ class AphrontDefaultApplicationConfiguration
=> 'PhabricatorTypeaheadCommonDatasourceController',
),
'/login/' => array(
'' => 'PhabricatorLoginController',
'email/' => 'PhabricatorEmailLoginController',
'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
'refresh/' => 'PhabricatorRefreshCSRFController',
'validate/' => 'PhabricatorLoginValidateController',
'mustverify/' => 'PhabricatorMustVerifyEmailController',
),
'/logout/' => 'PhabricatorLogoutController',
'/oauth/' => array(
'(?P<provider>\w+)/' => array(
'login/' => 'PhabricatorOAuthLoginController',
'diagnose/' => 'PhabricatorOAuthDiagnosticsController',
'unlink/' => 'PhabricatorOAuthUnlinkController',
),
),
'/ldap/' => array(
'login/' => 'PhabricatorLDAPLoginController',
'unlink/' => 'PhabricatorLDAPUnlinkController',
),
'/oauthserver/' => array(
'auth/' => 'PhabricatorOAuthServerAuthController',
'test/' => 'PhabricatorOAuthServerTestController',

View file

@ -41,6 +41,29 @@ final class PhabricatorApplicationAuth extends PhabricatorApplication {
'start/' => 'PhabricatorAuthStartController',
'validate/' => 'PhabricatorAuthValidateController',
),
'/login/' => array(
'' => 'PhabricatorLoginController',
'email/' => 'PhabricatorEmailLoginController',
'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
'refresh/' => 'PhabricatorRefreshCSRFController',
'mustverify/' => 'PhabricatorMustVerifyEmailController',
),
'/logout/' => 'PhabricatorLogoutController',
'/oauth/' => array(
'(?P<provider>\w+)/' => array(
'login/' => 'PhabricatorOAuthLoginController',
'diagnose/' => 'PhabricatorOAuthDiagnosticsController',
'unlink/' => 'PhabricatorOAuthUnlinkController',
),
),
'/ldap/' => array(
'login/' => 'PhabricatorLDAPLoginController',
'unlink/' => 'PhabricatorLDAPUnlinkController',
),
);
}

View file

@ -71,11 +71,9 @@ final class PhabricatorEmailTokenController
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$target_email->setIsVerified(1);
$target_email->save();
$session_key = $target_user->establishSession('web');
unset($unguarded);
$request->setCookie('phusr', $target_user->getUsername());
$request->setCookie('phsid', $session_key);
$this->establishWebSession($target_user);
$next = '/';
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
@ -95,14 +93,8 @@ final class PhabricatorEmailTokenController
));
}
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $target_user->getUsername(),
'next' => $next,
));
$request->setCookie('next_uri', $next);
return id(new AphrontRedirectResponse())
->setURI((string)$uri);
return $this->buildLoginValidateResponse($target_user);
}
}

View file

@ -81,27 +81,18 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
->setURI('/settings/panel/ldap/');
}
if ($ldap_info->getID()) {
if ($ldap_info->getUserPHID()) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$known_user = id(new PhabricatorUser())->loadOneWhere(
'phid = %s',
$ldap_info->getUserPHID());
$session_key = $known_user->establishSession('web');
$this->saveLDAPInfo($ldap_info);
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
$this->establishWebSession($known_user);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $known_user->getUsername(),
));
return id(new AphrontRedirectResponse())->setURI((string)$uri);
return $this->buildLoginValidateResponse($known_user);
}
$controller = newv('PhabricatorLDAPRegistrationController',

View file

@ -138,18 +138,8 @@ final class PhabricatorLoginController
}
if (!$errors) {
$session_key = $user->establishSession('web');
$request->setCookie('phusr', $user->getUsername());
$request->setCookie('phsid', $session_key);
$uri = id(new PhutilURI('/login/validate/'))
->setQueryParams(
array('phusr' => $user->getUsername()
));
return id(new AphrontRedirectResponse())
->setURI((string)$uri);
$this->establishWebSession($user);
return $this->buildLoginValidateResponse($user);
} else {
$log = PhabricatorUserLog::newLog(
null,

View file

@ -1,80 +0,0 @@
<?php
final class PhabricatorLoginValidateController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
$request = $this->getRequest();
$failures = array();
if (!strlen($request->getStr('phusr'))) {
throw new Exception(
"Login validation is missing expected parameters!");
}
$expect_phusr = $request->getStr('phusr');
$actual_phusr = $request->getCookie('phusr');
if ($actual_phusr != $expect_phusr) {
if ($actual_phusr) {
$cookie_info = "sent back a cookie with the value '{$actual_phusr}'.";
} else {
$cookie_info = "did not accept the cookie.";
}
$failures[] =
"Attempted to set 'phusr' cookie to '{$expect_phusr}', but your ".
"browser {$cookie_info}";
}
if (!$failures) {
if (!$request->getUser()->getPHID()) {
$failures[] = "Cookies were set correctly, but your session ".
"isn't valid.";
}
}
if ($failures) {
$list = array();
foreach ($failures as $failure) {
$list[] = phutil_tag('li', array(), $failure);
}
$list = phutil_tag('ul', array(), $list);
$view = new AphrontRequestFailureView();
$view->setHeader(pht('Login Failed'));
$view->appendChild(hsprintf(
'<p>%s</p>%s<p>%s</p>',
pht('Login failed:'),
$list,
pht(
'<strong>Clear your cookies</strong> and try again.',
hsprintf(''))));
$view->appendChild(hsprintf(
'<div class="aphront-failure-continue">'.
'<a class="button" href="/login/">%s</a>'.
'</div>',
pht('Try Again')));
return $this->buildStandardPageResponse(
$view,
array(
'title' => pht('Login Failed'),
));
}
$next = nonempty($request->getStr('next'), $request->getCookie('next_uri'));
$request->clearCookie('next_uri');
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
$next = '/';
}
return id(new AphrontRedirectResponse())->setURI($next);
}
}

View file

@ -146,20 +146,11 @@ final class PhabricatorOAuthLoginController
$oauth_info,
$provider);
$session_key = $known_user->establishSession('web');
$this->saveOAuthInfo($oauth_info);
$request->setCookie('phusr', $known_user->getUsername());
$request->setCookie('phsid', $session_key);
$this->establishWebSession($known_user);
$uri = new PhutilURI('/login/validate/');
$uri->setQueryParams(
array(
'phusr' => $known_user->getUsername(),
));
return id(new AphrontRedirectResponse())->setURI((string)$uri);
return $this->buildLoginValidateResponse($known_user);
}
$oauth_email = $provider->retrieveUserEmail();