mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 16:22:43 +01:00
50376aad04
Summary: Ref T4398. This prompts users for multi-factor auth on login. Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one. Test Plan: - Used Conduit. - Logged in as multi-factor user. - Logged in as no-factor user. - Tried to do non-login-things with a partial session. - Reviewed account activity logs. {F149295} Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4398 Differential Revision: https://secure.phabricator.com/D8922
69 lines
1.8 KiB
PHP
69 lines
1.8 KiB
PHP
<?php
|
|
|
|
final class PhabricatorLogoutController
|
|
extends PhabricatorAuthController {
|
|
|
|
public function shouldRequireLogin() {
|
|
return true;
|
|
}
|
|
|
|
public function shouldRequireEmailVerification() {
|
|
// Allow unverified users to logout.
|
|
return false;
|
|
}
|
|
|
|
public function shouldRequireEnabledUser() {
|
|
// Allow disabled users to logout.
|
|
return false;
|
|
}
|
|
|
|
public function shouldAllowPartialSessions() {
|
|
return true;
|
|
}
|
|
|
|
public function processRequest() {
|
|
$request = $this->getRequest();
|
|
$user = $request->getUser();
|
|
|
|
if ($request->isFormPost()) {
|
|
|
|
$log = PhabricatorUserLog::initializeNewLog(
|
|
$user,
|
|
$user->getPHID(),
|
|
PhabricatorUserLog::ACTION_LOGOUT);
|
|
$log->save();
|
|
|
|
// Destroy the user's session in the database so logout works even if
|
|
// their cookies have some issues. We'll detect cookie issues when they
|
|
// try to login again and tell them to clear any junk.
|
|
$phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
|
|
if (strlen($phsid)) {
|
|
$session = id(new PhabricatorAuthSessionQuery())
|
|
->setViewer($user)
|
|
->withSessionKeys(array($phsid))
|
|
->executeOne();
|
|
if ($session) {
|
|
$session->delete();
|
|
}
|
|
}
|
|
$request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
|
|
|
|
return id(new AphrontRedirectResponse())
|
|
->setURI('/login/');
|
|
}
|
|
|
|
if ($user->getPHID()) {
|
|
$dialog = id(new AphrontDialogView())
|
|
->setUser($user)
|
|
->setTitle(pht('Log out of Phabricator?'))
|
|
->appendChild(pht('Are you sure you want to log out?'))
|
|
->addSubmitButton(pht('Logout'))
|
|
->addCancelButton('/');
|
|
|
|
return id(new AphrontDialogResponse())->setDialog($dialog);
|
|
}
|
|
|
|
return id(new AphrontRedirectResponse())->setURI('/');
|
|
}
|
|
|
|
}
|