@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Implement new auth login flow and login validation controller
Summary:
Ref T1536. None of this code is reachable.
Implements new-auth login (so you can actually login) and login validation (which checks that cookies were set correctly).
Test Plan: Manually enabled FB auth, went through the auth flow to login/logout. Manually hit most of the validation errors.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T1536
Differential Revision: https://secure.phabricator.com/D6162
+95
-17
+2
src/__phutil_library_map__.php
+2
src/__phutil_library_map__.php
···
821
821
'PhabricatorAuthProviderOAuthFacebook' => 'applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php',
822
822
'PhabricatorAuthRegisterController' => 'applications/auth/controller/PhabricatorAuthRegisterController.php',
823
823
'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php',
824
+
'PhabricatorAuthValidateController' => 'applications/auth/controller/PhabricatorAuthValidateController.php',
824
825
'PhabricatorAuthenticationConfigOptions' => 'applications/config/option/PhabricatorAuthenticationConfigOptions.php',
825
826
'PhabricatorBarePageExample' => 'applications/uiexample/examples/PhabricatorBarePageExample.php',
826
827
'PhabricatorBarePageView' => 'view/page/PhabricatorBarePageView.php',
···
2679
2680
'PhabricatorAuthProviderOAuthFacebook' => 'PhabricatorAuthProviderOAuth',
2680
2681
'PhabricatorAuthRegisterController' => 'PhabricatorAuthController',
2681
2682
'PhabricatorAuthStartController' => 'PhabricatorAuthController',
2683
+
'PhabricatorAuthValidateController' => 'PhabricatorAuthController',
2682
2684
'PhabricatorAuthenticationConfigOptions' => 'PhabricatorApplicationConfigOptions',
2683
2685
'PhabricatorBarePageExample' => 'PhabricatorUIExample',
2684
2686
'PhabricatorBarePageView' => 'AphrontPageView',
+1
src/applications/auth/application/PhabricatorApplicationAuth.php
+1
src/applications/auth/application/PhabricatorApplicationAuth.php
+16
-3
src/applications/auth/controller/PhabricatorAuthLoginController.php
+16
-3
src/applications/auth/controller/PhabricatorAuthLoginController.php
···
80
80
pht(
81
81
'The external account ("%s") you just authenticated with is '.
82
82
'not configured to allow account linking on this Phabricator '.
83
-
'install. An administrator may have recently disabled it.'));
83
+
'install. An administrator may have recently disabled it.',
84
+
$provider->getProviderName()));
84
85
}
85
86
}
86
87
}
···
90
91
}
91
92
92
93
private function processLoginUser(PhabricatorExternalAccount $account) {
93
-
// TODO: Implement.
94
-
return new Aphront404Response();
94
+
$user = id(new PhabricatorUser())->loadOneWhere(
95
+
'phid = %s',
96
+
$account->getUserPHID());
97
+
98
+
if (!$user) {
99
+
return $this->renderError(
100
+
pht(
101
+
'The external account you just logged in with is not associated '.
102
+
'with a valid Phabricator user.'));
103
+
}
104
+
105
+
$this->establishWebSession($user);
106
+
107
+
return $this->buildLoginValidateResponse($user);
95
108
}
96
109
97
110
private function processRegisterUser(PhabricatorExternalAccount $account) {
+3
-14
src/applications/auth/controller/PhabricatorAuthStartController.php
+3
-14
src/applications/auth/controller/PhabricatorAuthStartController.php
···
138
138
}
139
139
140
140
private function renderError($message) {
141
-
$title = pht('Authentication Failure');
142
-
143
-
$view = new AphrontErrorView();
144
-
$view->setTitle($title);
145
-
$view->appendChild($message);
146
-
147
-
return $this->buildApplicationPage(
148
-
$view,
149
-
array(
150
-
'title' => $title,
151
-
'device' => true,
152
-
'dust' => true,
153
-
));
141
+
return $this->renderErrorPage(
142
+
pht('Authentication Failure'),
143
+
array($message));
154
144
}
155
-
156
145
157
146
}
+73
src/applications/auth/controller/PhabricatorAuthValidateController.php
+73
src/applications/auth/controller/PhabricatorAuthValidateController.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthValidateController
4
+
extends PhabricatorAuthController {
5
+
6
+
public function shouldRequireLogin() {
7
+
return false;
8
+
}
9
+
10
+
public function processRequest() {
11
+
$request = $this->getRequest();
12
+
$viewer = $request->getUser();
13
+
14
+
$failures = array();
15
+
16
+
if (!strlen($request->getStr('phusr'))) {
17
+
return $this->renderErrors(
18
+
array(
19
+
pht(
20
+
'Login validation is missing expected parameter ("%s").',
21
+
'phusr')));
22
+
}
23
+
24
+
$expect_phusr = $request->getStr('phusr');
25
+
$actual_phusr = $request->getCookie('phusr');
26
+
if ($actual_phusr != $expect_phusr) {
27
+
if ($actual_phusr) {
28
+
$failures[] = pht(
29
+
"Attempted to set '%s' cookie to '%s', but your browser sent back ".
30
+
"a cookie with the value '%s'. Clear your browser's cookies and ".
31
+
"try again.",
32
+
'phusr',
33
+
$expect_phusr,
34
+
$actual_phusr);
35
+
} else {
36
+
$failures[] = pht(
37
+
"Attempted to set '%s' cookie to '%s', but your browser did not ".
38
+
"accept the cookie. Check that cookies are enabled, clear them, ".
39
+
"and try again.",
40
+
'phusr',
41
+
$expect_phusr);
42
+
}
43
+
}
44
+
45
+
if (!$failures) {
46
+
if (!$viewer->getPHID()) {
47
+
$failures[] = pht(
48
+
"Login cookie was set correctly, but your login session is not ".
49
+
"valid. Try clearing cookies and logging in again.");
50
+
}
51
+
}
52
+
53
+
if ($failures) {
54
+
return $this->renderErrors($failures);
55
+
}
56
+
57
+
$next = $request->getCookie('next_uri');
58
+
$request->clearCookie('next_uri');
59
+
60
+
if (!PhabricatorEnv::isValidLocalWebResource($next)) {
61
+
$next = '/';
62
+
}
63
+
64
+
return id(new AphrontRedirectResponse())->setURI($next);
65
+
}
66
+
67
+
private function renderErrors(array $messages) {
68
+
return $this->renderErrorPage(
69
+
pht('Login Failure'),
70
+
$messages);
71
+
}
72
+
73
+
}