mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-03 04:02:43 +01:00
50376aad04
Summary: Ref T4398. This prompts users for multi-factor auth on login. Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one. Test Plan: - Used Conduit. - Logged in as multi-factor user. - Logged in as no-factor user. - Tried to do non-login-things with a partial session. - Reviewed account activity logs. {F149295} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8922
87 lines
2.2 KiB
PHP
87 lines
2.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @group console
|
|
*/
|
|
final class DarkConsoleDataController extends PhabricatorController {
|
|
|
|
private $key;
|
|
|
|
public function shouldRequireLogin() {
|
|
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
|
|
}
|
|
|
|
public function shouldRequireEnabledUser() {
|
|
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
|
|
}
|
|
|
|
public function shouldAllowPartialSessions() {
|
|
return true;
|
|
}
|
|
|
|
public function willProcessRequest(array $data) {
|
|
$this->key = $data['key'];
|
|
}
|
|
|
|
public function processRequest() {
|
|
$request = $this->getRequest();
|
|
$user = $request->getUser();
|
|
|
|
$cache = new PhabricatorKeyValueDatabaseCache();
|
|
$cache = new PhutilKeyValueCacheProfiler($cache);
|
|
$cache->setProfiler(PhutilServiceProfiler::getInstance());
|
|
|
|
$result = $cache->getKey('darkconsole:'.$this->key);
|
|
if (!$result) {
|
|
return new Aphront400Response();
|
|
}
|
|
|
|
$result = json_decode($result, true);
|
|
|
|
if (!is_array($result)) {
|
|
return new Aphront400Response();
|
|
}
|
|
|
|
if ($result['vers'] != DarkConsoleCore::STORAGE_VERSION) {
|
|
return new Aphront400Response();
|
|
}
|
|
|
|
if ($result['user'] != $user->getPHID()) {
|
|
return new Aphront400Response();
|
|
}
|
|
|
|
$output = array();
|
|
$output['tabs'] = $result['tabs'];
|
|
$output['panel'] = array();
|
|
|
|
foreach ($result['data'] as $class => $data) {
|
|
try {
|
|
$obj = newv($class, array());
|
|
$obj->setData($data);
|
|
$obj->setRequest($request);
|
|
|
|
$panel = $obj->renderPanel();
|
|
|
|
// Because cookie names can now be prefixed, wipe out any cookie value
|
|
// with the session cookie name anywhere in its name.
|
|
$pattern = '('.preg_quote(PhabricatorCookies::COOKIE_SESSION).')';
|
|
foreach ($_COOKIE as $cookie_name => $cookie_value) {
|
|
if (preg_match($pattern, $cookie_name)) {
|
|
$panel = PhutilSafeHTML::applyFunction(
|
|
'str_replace',
|
|
$cookie_value,
|
|
'(session-key)',
|
|
$panel);
|
|
}
|
|
}
|
|
|
|
$output['panel'][$class] = $panel;
|
|
} catch (Exception $ex) {
|
|
$output['panel'][$class] = 'error';
|
|
}
|
|
}
|
|
|
|
return id(new AphrontAjaxResponse())->setContent($output);
|
|
}
|
|
|
|
}
|