mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Replace old login validation controller with new one
Summary: Ref T1536. We can safely replace the old login validation controller with this new one, and reduce code dplication while we're at it. Test Plan: Logged in with LDAP, logged in with OAuth, logged in with username/password, did a password reset. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6178
This commit is contained in:
parent
068263a6df
commit
fdbd377625
7 changed files with 33 additions and 150 deletions
|
@ -24,30 +24,6 @@ class AphrontDefaultApplicationConfiguration
|
|||
=> 'PhabricatorTypeaheadCommonDatasourceController',
|
||||
),
|
||||
|
||||
'/login/' => array(
|
||||
'' => 'PhabricatorLoginController',
|
||||
'email/' => 'PhabricatorEmailLoginController',
|
||||
'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
|
||||
'refresh/' => 'PhabricatorRefreshCSRFController',
|
||||
'validate/' => 'PhabricatorLoginValidateController',
|
||||
'mustverify/' => 'PhabricatorMustVerifyEmailController',
|
||||
),
|
||||
|
||||
'/logout/' => 'PhabricatorLogoutController',
|
||||
|
||||
'/oauth/' => array(
|
||||
'(?P<provider>\w+)/' => array(
|
||||
'login/' => 'PhabricatorOAuthLoginController',
|
||||
'diagnose/' => 'PhabricatorOAuthDiagnosticsController',
|
||||
'unlink/' => 'PhabricatorOAuthUnlinkController',
|
||||
),
|
||||
),
|
||||
|
||||
'/ldap/' => array(
|
||||
'login/' => 'PhabricatorLDAPLoginController',
|
||||
'unlink/' => 'PhabricatorLDAPUnlinkController',
|
||||
),
|
||||
|
||||
'/oauthserver/' => array(
|
||||
'auth/' => 'PhabricatorOAuthServerAuthController',
|
||||
'test/' => 'PhabricatorOAuthServerTestController',
|
||||
|
|
|
@ -41,6 +41,29 @@ final class PhabricatorApplicationAuth extends PhabricatorApplication {
|
|||
'start/' => 'PhabricatorAuthStartController',
|
||||
'validate/' => 'PhabricatorAuthValidateController',
|
||||
),
|
||||
|
||||
'/login/' => array(
|
||||
'' => 'PhabricatorLoginController',
|
||||
'email/' => 'PhabricatorEmailLoginController',
|
||||
'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController',
|
||||
'refresh/' => 'PhabricatorRefreshCSRFController',
|
||||
'mustverify/' => 'PhabricatorMustVerifyEmailController',
|
||||
),
|
||||
|
||||
'/logout/' => 'PhabricatorLogoutController',
|
||||
|
||||
'/oauth/' => array(
|
||||
'(?P<provider>\w+)/' => array(
|
||||
'login/' => 'PhabricatorOAuthLoginController',
|
||||
'diagnose/' => 'PhabricatorOAuthDiagnosticsController',
|
||||
'unlink/' => 'PhabricatorOAuthUnlinkController',
|
||||
),
|
||||
),
|
||||
|
||||
'/ldap/' => array(
|
||||
'login/' => 'PhabricatorLDAPLoginController',
|
||||
'unlink/' => 'PhabricatorLDAPUnlinkController',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
@ -71,11 +71,9 @@ final class PhabricatorEmailTokenController
|
|||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$target_email->setIsVerified(1);
|
||||
$target_email->save();
|
||||
$session_key = $target_user->establishSession('web');
|
||||
unset($unguarded);
|
||||
|
||||
$request->setCookie('phusr', $target_user->getUsername());
|
||||
$request->setCookie('phsid', $session_key);
|
||||
$this->establishWebSession($target_user);
|
||||
|
||||
$next = '/';
|
||||
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
|
||||
|
@ -95,14 +93,8 @@ final class PhabricatorEmailTokenController
|
|||
));
|
||||
}
|
||||
|
||||
$uri = new PhutilURI('/login/validate/');
|
||||
$uri->setQueryParams(
|
||||
array(
|
||||
'phusr' => $target_user->getUsername(),
|
||||
'next' => $next,
|
||||
));
|
||||
$request->setCookie('next_uri', $next);
|
||||
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setURI((string)$uri);
|
||||
return $this->buildLoginValidateResponse($target_user);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -81,27 +81,18 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
|
|||
->setURI('/settings/panel/ldap/');
|
||||
}
|
||||
|
||||
if ($ldap_info->getID()) {
|
||||
if ($ldap_info->getUserPHID()) {
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
|
||||
$known_user = id(new PhabricatorUser())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$ldap_info->getUserPHID());
|
||||
|
||||
$session_key = $known_user->establishSession('web');
|
||||
|
||||
$this->saveLDAPInfo($ldap_info);
|
||||
|
||||
$request->setCookie('phusr', $known_user->getUsername());
|
||||
$request->setCookie('phsid', $session_key);
|
||||
$this->establishWebSession($known_user);
|
||||
|
||||
$uri = new PhutilURI('/login/validate/');
|
||||
$uri->setQueryParams(
|
||||
array(
|
||||
'phusr' => $known_user->getUsername(),
|
||||
));
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI((string)$uri);
|
||||
return $this->buildLoginValidateResponse($known_user);
|
||||
}
|
||||
|
||||
$controller = newv('PhabricatorLDAPRegistrationController',
|
||||
|
|
|
@ -138,18 +138,8 @@ final class PhabricatorLoginController
|
|||
}
|
||||
|
||||
if (!$errors) {
|
||||
$session_key = $user->establishSession('web');
|
||||
|
||||
$request->setCookie('phusr', $user->getUsername());
|
||||
$request->setCookie('phsid', $session_key);
|
||||
|
||||
$uri = id(new PhutilURI('/login/validate/'))
|
||||
->setQueryParams(
|
||||
array('phusr' => $user->getUsername()
|
||||
));
|
||||
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setURI((string)$uri);
|
||||
$this->establishWebSession($user);
|
||||
return $this->buildLoginValidateResponse($user);
|
||||
} else {
|
||||
$log = PhabricatorUserLog::newLog(
|
||||
null,
|
||||
|
|
|
@ -1,80 +0,0 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorLoginValidateController
|
||||
extends PhabricatorAuthController {
|
||||
|
||||
public function shouldRequireLogin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function processRequest() {
|
||||
$request = $this->getRequest();
|
||||
|
||||
$failures = array();
|
||||
|
||||
if (!strlen($request->getStr('phusr'))) {
|
||||
throw new Exception(
|
||||
"Login validation is missing expected parameters!");
|
||||
}
|
||||
|
||||
$expect_phusr = $request->getStr('phusr');
|
||||
$actual_phusr = $request->getCookie('phusr');
|
||||
if ($actual_phusr != $expect_phusr) {
|
||||
|
||||
if ($actual_phusr) {
|
||||
$cookie_info = "sent back a cookie with the value '{$actual_phusr}'.";
|
||||
} else {
|
||||
$cookie_info = "did not accept the cookie.";
|
||||
}
|
||||
|
||||
$failures[] =
|
||||
"Attempted to set 'phusr' cookie to '{$expect_phusr}', but your ".
|
||||
"browser {$cookie_info}";
|
||||
}
|
||||
|
||||
if (!$failures) {
|
||||
if (!$request->getUser()->getPHID()) {
|
||||
$failures[] = "Cookies were set correctly, but your session ".
|
||||
"isn't valid.";
|
||||
}
|
||||
}
|
||||
|
||||
if ($failures) {
|
||||
|
||||
$list = array();
|
||||
foreach ($failures as $failure) {
|
||||
$list[] = phutil_tag('li', array(), $failure);
|
||||
}
|
||||
$list = phutil_tag('ul', array(), $list);
|
||||
|
||||
$view = new AphrontRequestFailureView();
|
||||
$view->setHeader(pht('Login Failed'));
|
||||
$view->appendChild(hsprintf(
|
||||
'<p>%s</p>%s<p>%s</p>',
|
||||
pht('Login failed:'),
|
||||
$list,
|
||||
pht(
|
||||
'<strong>Clear your cookies</strong> and try again.',
|
||||
hsprintf(''))));
|
||||
$view->appendChild(hsprintf(
|
||||
'<div class="aphront-failure-continue">'.
|
||||
'<a class="button" href="/login/">%s</a>'.
|
||||
'</div>',
|
||||
pht('Try Again')));
|
||||
return $this->buildStandardPageResponse(
|
||||
$view,
|
||||
array(
|
||||
'title' => pht('Login Failed'),
|
||||
));
|
||||
}
|
||||
|
||||
$next = nonempty($request->getStr('next'), $request->getCookie('next_uri'));
|
||||
$request->clearCookie('next_uri');
|
||||
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
|
||||
$next = '/';
|
||||
}
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($next);
|
||||
}
|
||||
|
||||
}
|
|
@ -146,20 +146,11 @@ final class PhabricatorOAuthLoginController
|
|||
$oauth_info,
|
||||
$provider);
|
||||
|
||||
$session_key = $known_user->establishSession('web');
|
||||
|
||||
$this->saveOAuthInfo($oauth_info);
|
||||
|
||||
$request->setCookie('phusr', $known_user->getUsername());
|
||||
$request->setCookie('phsid', $session_key);
|
||||
$this->establishWebSession($known_user);
|
||||
|
||||
$uri = new PhutilURI('/login/validate/');
|
||||
$uri->setQueryParams(
|
||||
array(
|
||||
'phusr' => $known_user->getUsername(),
|
||||
));
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI((string)$uri);
|
||||
return $this->buildLoginValidateResponse($known_user);
|
||||
}
|
||||
|
||||
$oauth_email = $provider->retrieveUserEmail();
|
||||
|
|
Loading…
Reference in a new issue