mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-13 18:32:41 +01:00
87207b2f4e
Summary:
- Move email to a separate table.
- Migrate existing email to new storage.
- Allow users to add and remove email addresses.
- Allow users to verify email addresses.
- Allow users to change their primary email address.
- Convert all the registration/reset/login code to understand these changes.
- There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific.
- This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up.
Not included here (next steps):
- Allow configuration to restrict email to certain domains.
- Allow configuration to require validated email.
Test Plan:
This is a fairly extensive, difficult-to-test change.
- From "Email Addresses" interface:
- Added new email (verified email verifications sent).
- Changed primary email (verified old/new notificactions sent).
- Resent verification emails (verified they sent).
- Removed email.
- Tried to add already-owned email.
- Created new users with "accountadmin". Edited existing users with "accountadmin".
- Created new users with "add_user.php".
- Created new users with web interface.
- Clicked welcome email link, verified it verified email.
- Reset password.
- Linked/unlinked oauth accounts.
- Logged in with oauth account.
- Logged in with email.
- Registered with Oauth account.
- Tried to register with OAuth account with duplicate email.
- Verified errors for email verification with bad tokens, etc.
Reviewers: btrahan, vrana, jungejason
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T1184
Differential Revision: https://secure.phabricator.com/D2393
134 lines
4 KiB
PHP
134 lines
4 KiB
PHP
<?php
|
|
|
|
/*
|
|
* Copyright 2012 Facebook, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
final class PhabricatorEmailTokenController
|
|
extends PhabricatorAuthController {
|
|
|
|
private $token;
|
|
|
|
public function shouldRequireLogin() {
|
|
return false;
|
|
}
|
|
|
|
public function willProcessRequest(array $data) {
|
|
$this->token = $data['token'];
|
|
}
|
|
|
|
public function processRequest() {
|
|
$request = $this->getRequest();
|
|
|
|
if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) {
|
|
return new Aphront400Response();
|
|
}
|
|
|
|
if ($request->getUser()->getPHID()) {
|
|
$view = new AphrontRequestFailureView();
|
|
$view->setHeader('Already Logged In');
|
|
$view->appendChild(
|
|
'<p>You are already logged in.</p>');
|
|
$view->appendChild(
|
|
'<div class="aphront-failure-continue">'.
|
|
'<a class="button" href="/">Return Home</a>'.
|
|
'</div>');
|
|
return $this->buildStandardPageResponse(
|
|
$view,
|
|
array(
|
|
'title' => 'Already Logged In',
|
|
));
|
|
}
|
|
|
|
$token = $this->token;
|
|
$email = $request->getStr('email');
|
|
|
|
// NOTE: We need to bind verification to **addresses**, not **users**,
|
|
// because we verify addresses when they're used to login this way, and if
|
|
// we have a user-based verification you can:
|
|
//
|
|
// - Add some address you do not own;
|
|
// - request a password reset;
|
|
// - change the URI in the email to the address you don't own;
|
|
// - login via the email link; and
|
|
// - get a "verified" address you don't control.
|
|
|
|
$target_email = id(new PhabricatorUserEmail())->loadOneWhere(
|
|
'address = %s',
|
|
$email);
|
|
|
|
$target_user = null;
|
|
if ($target_email) {
|
|
$target_user = id(new PhabricatorUser())->loadOneWhere(
|
|
'phid = %s',
|
|
$target_email->getUserPHID());
|
|
}
|
|
|
|
if (!$target_email ||
|
|
!$target_user ||
|
|
!$target_user->validateEmailToken($target_email, $token)) {
|
|
|
|
$view = new AphrontRequestFailureView();
|
|
$view->setHeader('Unable to Login');
|
|
$view->appendChild(
|
|
'<p>The authentication information in the link you clicked is '.
|
|
'invalid or out of date. Make sure you are copy-and-pasting the '.
|
|
'entire link into your browser. You can try again, or request '.
|
|
'a new email.</p>');
|
|
$view->appendChild(
|
|
'<div class="aphront-failure-continue">'.
|
|
'<a class="button" href="/login/email/">Send Another Email</a>'.
|
|
'</div>');
|
|
|
|
return $this->buildStandardPageResponse(
|
|
$view,
|
|
array(
|
|
'title' => 'Login Failure',
|
|
));
|
|
}
|
|
|
|
// Verify email so that clicking the link in the "Welcome" email is good
|
|
// enough, without requiring users to go through a second round of email
|
|
// verification.
|
|
|
|
$target_email->setIsVerified(1);
|
|
$target_email->save();
|
|
|
|
$session_key = $target_user->establishSession('web');
|
|
$request->setCookie('phusr', $target_user->getUsername());
|
|
$request->setCookie('phsid', $session_key);
|
|
|
|
if (PhabricatorEnv::getEnvConfig('account.editable')) {
|
|
$next = (string)id(new PhutilURI('/settings/page/password/'))
|
|
->setQueryParams(
|
|
array(
|
|
'token' => $token,
|
|
'email' => $email,
|
|
));
|
|
} else {
|
|
$next = '/';
|
|
}
|
|
|
|
$uri = new PhutilURI('/login/validate/');
|
|
$uri->setQueryParams(
|
|
array(
|
|
'phusr' => $target_user->getUsername(),
|
|
'next' => $next,
|
|
));
|
|
|
|
return id(new AphrontRedirectResponse())
|
|
->setURI((string)$uri);
|
|
}
|
|
}
|