getRequest(); $viewer = $request->getUser(); if ($viewer->isLoggedIn()) { // Kick the user home if they are already logged in. return id(new AphrontRedirectResponse())->setURI('/'); } if ($request->isAjax()) { return $this->processAjaxRequest(); } if ($request->isConduit()) { return $this->processConduitRequest(); } if ($request->getCookie('phusr') && $request->getCookie('phsid')) { // The session cookie is invalid, so clear it. $request->clearCookie('phusr'); $request->clearCookie('phsid'); return $this->renderError( pht( "Your login session is invalid. Try reloading the page and logging ". "in again. If that does not work, clear your browser cookies.")); } $providers = PhabricatorAuthProvider::getAllEnabledProviders(); foreach ($providers as $key => $provider) { if (!$provider->shouldAllowLogin()) { unset($providers[$key]); } } if (!$providers) { return $this->renderError( pht( "This Phabricator install is not configured with any enabled ". "authentication providers which can be used to log in.")); } $next_uri = $request->getStr('next'); if (!$next_uri) { $next_uri_path = $this->getRequest()->getPath(); if ($next_uri_path == '/auth/start/') { $next_uri = '/'; } else { $next_uri = $this->getRequest()->getRequestURI(); } } if (!$request->isFormPost()) { $request->setCookie('next_uri', $next_uri); $request->setCookie('phcid', Filesystem::readRandomCharacters(16)); } $out = array(); foreach ($providers as $provider) { $out[] = $provider->buildLoginForm($this); } $login_message = PhabricatorEnv::getEnvConfig('auth.login-message'); $login_message = phutil_safe_html($login_message); $crumbs = $this->buildApplicationCrumbs(); $crumbs->addCrumb( id(new PhabricatorCrumbView()) ->setName(pht('Login'))); return $this->buildApplicationPage( array( $crumbs, $login_message, $out, ), array( 'title' => pht('Login to Phabricator'), 'device' => true, 'dust' => true, )); } private function processAjaxRequest() { $request = $this->getRequest(); $viewer = $request->getViewer(); // We end up here if the user clicks a workflow link that they need to // login to use. We give them a dialog saying "You need to login...". if ($request->isDialogFormPost()) { return id(new AphrontRedirectResponse())->setURI( $request->getRequestURI()); } $dialog = new AphrontDialogView(); $dialog->setUser($viewer); $dialog->setTitle(pht('Login Required')); $dialog->appendChild(pht('You must login to continue.')); $dialog->addSubmitButton(pht('Login')); $dialog->addCancelButton('/'); return id(new AphrontDialogResponse())->setDialog($dialog); } private function processConduitRequest() { $request = $this->getRequest(); $viewer = $request->getViewer(); // A common source of errors in Conduit client configuration is getting // the request path wrong. The client will end up here, so make some // effort to give them a comprehensible error message. $request_path = $this->getRequest()->getPath(); $conduit_path = '/api/'; $example_path = '/api/conduit.ping'; $message = pht( 'ERROR: You are making a Conduit API request to "%s", but the correct '. 'HTTP request path to use in order to access a COnduit method is "%s" '. '(for example, "%s"). Check your configuration.', $request_path, $conduit_path, $example_path); return id(new AphrontPlainTextResponse())->setContent($message); } private function renderError($message) { return $this->renderErrorPage( pht('Authentication Failure'), array($message)); } }