1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-11 17:32:41 +01:00
phorge-phorge/src/applications/auth/controller/PhabricatorLogoutController.php
epriestley 50376aad04 Require multiple auth factors to establish web sessions
Summary:
Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan:
  - Used Conduit.
  - Logged in as multi-factor user.
  - Logged in as no-factor user.
  - Tried to do non-login-things with a partial session.
  - Reviewed account activity logs.

{F149295}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8922
2014-05-01 10:23:02 -07:00

69 lines
1.8 KiB
PHP

<?php
final class PhabricatorLogoutController
extends PhabricatorAuthController {
public function shouldRequireLogin() {
return true;
}
public function shouldRequireEmailVerification() {
// Allow unverified users to logout.
return false;
}
public function shouldRequireEnabledUser() {
// Allow disabled users to logout.
return false;
}
public function shouldAllowPartialSessions() {
return true;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
if ($request->isFormPost()) {
$log = PhabricatorUserLog::initializeNewLog(
$user,
$user->getPHID(),
PhabricatorUserLog::ACTION_LOGOUT);
$log->save();
// Destroy the user's session in the database so logout works even if
// their cookies have some issues. We'll detect cookie issues when they
// try to login again and tell them to clear any junk.
$phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
if (strlen($phsid)) {
$session = id(new PhabricatorAuthSessionQuery())
->setViewer($user)
->withSessionKeys(array($phsid))
->executeOne();
if ($session) {
$session->delete();
}
}
$request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
return id(new AphrontRedirectResponse())
->setURI('/login/');
}
if ($user->getPHID()) {
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Log out of Phabricator?'))
->appendChild(pht('Are you sure you want to log out?'))
->addSubmitButton(pht('Logout'))
->addCancelButton('/');
return id(new AphrontDialogResponse())->setDialog($dialog);
}
return id(new AphrontRedirectResponse())->setURI('/');
}
}