epriestley d75007cf42 Validate logins, and simplify email password resets ... Summary: - There are some recent reports of login issues, see T755 and T754. I'm not really sure what's going on, but this is an attempt at getting some more information. - When we login a user by setting 'phusr' and 'phsid', send them to /login/validate/ to validate that the cookies actually got set. - Do email password resets in two steps: first, log the user in. Redirect them through validate, then give them the option to reset their password. - Don't CSRF logged-out users. It technically sort of works most of the time right now, but is silly. If we need logged-out CSRF we should generate it in some more reliable way. Test Plan: - Logged in with username/password. - Logged in with OAuth. - Logged in with email password reset. - Sent bad values to /login/validate/, got appropriate errors. - Reset password. - Verified next_uri still works. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran, btrahan, j3kuntz Maniphest Tasks: T754, T755 Differential Revision: https://secure.phabricator.com/D1353		2012-01-11 08:25:55 -08:00
..
base	Basic user/account tool.	2011-01-23 18:09:16 -08:00
log	Move most remaining sha1() calls to HMAC	2011-12-19 08:56:53 -08:00
preferences	Minor tweaks to Preferences	2011-03-31 16:07:14 -07:00
profile	Slightly more sophisticated profiles.	2011-02-19 18:28:41 -08:00
user	Validate logins, and simplify email password resets	2012-01-11 08:25:55 -08:00
useroauthinfo	Store OAuth tokens and more OAuth account info.	2011-02-22 10:27:27 -08:00
usersshkey	Allow users to associate SSH Public Keys with their accounts	2011-07-23 09:15:20 -07:00