1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-03 04:02:43 +01:00
phorge-phorge/src/aphront/console/DarkConsoleDataController.php
epriestley 50376aad04 Require multiple auth factors to establish web sessions
Summary:
Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan:
  - Used Conduit.
  - Logged in as multi-factor user.
  - Logged in as no-factor user.
  - Tried to do non-login-things with a partial session.
  - Reviewed account activity logs.

{F149295}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8922
2014-05-01 10:23:02 -07:00

87 lines
2.2 KiB
PHP

<?php
/**
* @group console
*/
final class DarkConsoleDataController extends PhabricatorController {
private $key;
public function shouldRequireLogin() {
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
}
public function shouldRequireEnabledUser() {
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
}
public function shouldAllowPartialSessions() {
return true;
}
public function willProcessRequest(array $data) {
$this->key = $data['key'];
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$cache = new PhabricatorKeyValueDatabaseCache();
$cache = new PhutilKeyValueCacheProfiler($cache);
$cache->setProfiler(PhutilServiceProfiler::getInstance());
$result = $cache->getKey('darkconsole:'.$this->key);
if (!$result) {
return new Aphront400Response();
}
$result = json_decode($result, true);
if (!is_array($result)) {
return new Aphront400Response();
}
if ($result['vers'] != DarkConsoleCore::STORAGE_VERSION) {
return new Aphront400Response();
}
if ($result['user'] != $user->getPHID()) {
return new Aphront400Response();
}
$output = array();
$output['tabs'] = $result['tabs'];
$output['panel'] = array();
foreach ($result['data'] as $class => $data) {
try {
$obj = newv($class, array());
$obj->setData($data);
$obj->setRequest($request);
$panel = $obj->renderPanel();
// Because cookie names can now be prefixed, wipe out any cookie value
// with the session cookie name anywhere in its name.
$pattern = '('.preg_quote(PhabricatorCookies::COOKIE_SESSION).')';
foreach ($_COOKIE as $cookie_name => $cookie_value) {
if (preg_match($pattern, $cookie_name)) {
$panel = PhutilSafeHTML::applyFunction(
'str_replace',
$cookie_value,
'(session-key)',
$panel);
}
}
$output['panel'][$class] = $panel;
} catch (Exception $ex) {
$output['panel'][$class] = 'error';
}
}
return id(new AphrontAjaxResponse())->setContent($output);
}
}