mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-31 17:08:22 +01:00
1fc60a9a6e
Summary: Ref T1806. Ref T7173. Depends on D14047. Currently, all exception handling is in this big messy clump in `AphrontDefaultApplicationConfiguration`. Split it out into modular classes. This will let a future change add new classes in the Phacility cluster which intercept particular exceptions we care about and replaces the default, generic responses with more useful, tailored responses. Test Plan: {F777391} - Hit a Conduit error (made a method throw). - Hit an Ajax error (made comment preview throw). - Hit a high security error (tried to edit TOTP). - Hit a rate limiting error (added a bunch of email addresses). - Hit a policy error (tried to look at something with no permission). - Hit an arbitrary exception (made a randomc ontroller throw). Reviewers: chad Reviewed By: chad Maniphest Tasks: T1806, T7173 Differential Revision: https://secure.phabricator.com/D14049
76 lines
2.3 KiB
PHP
76 lines
2.3 KiB
PHP
<?php
|
|
|
|
final class PhabricatorHighSecurityRequestExceptionHandler
|
|
extends PhabricatorRequestExceptionHandler {
|
|
|
|
public function getRequestExceptionHandlerPriority() {
|
|
return 310000;
|
|
}
|
|
|
|
public function getRequestExceptionHandlerDescription() {
|
|
return pht(
|
|
'Handles high security exceptions which occur when a user needs '.
|
|
'to present MFA credentials to take an action.');
|
|
}
|
|
|
|
public function canHandleRequestException(
|
|
AphrontRequest $request,
|
|
Exception $ex) {
|
|
|
|
if (!$this->isPhabricatorSite($request)) {
|
|
return false;
|
|
}
|
|
|
|
return ($ex instanceof PhabricatorAuthHighSecurityRequiredException);
|
|
}
|
|
|
|
public function handleRequestException(
|
|
AphrontRequest $request,
|
|
Exception $ex) {
|
|
|
|
$viewer = $this->getViewer($request);
|
|
|
|
$form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm(
|
|
$ex->getFactors(),
|
|
$ex->getFactorValidationResults(),
|
|
$viewer,
|
|
$request);
|
|
|
|
$dialog = id(new AphrontDialogView())
|
|
->setUser($viewer)
|
|
->setTitle(pht('Entering High Security'))
|
|
->setShortTitle(pht('Security Checkpoint'))
|
|
->setWidth(AphrontDialogView::WIDTH_FORM)
|
|
->addHiddenInput(AphrontRequest::TYPE_HISEC, true)
|
|
->setErrors(
|
|
array(
|
|
pht(
|
|
'You are taking an action which requires you to enter '.
|
|
'high security.'),
|
|
))
|
|
->appendParagraph(
|
|
pht(
|
|
'High security mode helps protect your account from security '.
|
|
'threats, like session theft or someone messing with your stuff '.
|
|
'while you\'re grabbing a coffee. To enter high security mode, '.
|
|
'confirm your credentials.'))
|
|
->appendChild($form->buildLayoutView())
|
|
->appendParagraph(
|
|
pht(
|
|
'Your account will remain in high security mode for a short '.
|
|
'period of time. When you are finished taking sensitive '.
|
|
'actions, you should leave high security.'))
|
|
->setSubmitURI($request->getPath())
|
|
->addCancelButton($ex->getCancelURI())
|
|
->addSubmitButton(pht('Enter High Security'));
|
|
|
|
$request_parameters = $request->getPassthroughRequestParameters(
|
|
$respect_quicksand = true);
|
|
foreach ($request_parameters as $key => $value) {
|
|
$dialog->addHiddenInput($key, $value);
|
|
}
|
|
|
|
return $dialog;
|
|
}
|
|
|
|
}
|