@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Do not expose Contact Numbers settings panel when no SMS support configured
Summary:
It's useless without SMS support and only exposed to the user themselves.
Closes T15486
Test Plan:
Before and after applying this patch,
* Try to access the list of your contact numbers at `/settings/panel/contact/`
* Try to access an existing, previously created contact number at `/auth/contact/1/`
* Try to add a contact number at `/auth/contact/edit/`
* Go to e.g. `/settings/panel/datetime` and check the "Authentication" section in the left sidebar for {nav icon=hashtag, name=Contact Numbers}
Reviewers: O1 Blessed Committers, speck
Reviewed By: O1 Blessed Committers, speck
Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno
Maniphest Tasks: T15486
Differential Revision: https://we.phorge.it/D25452
+68
-39
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberDisableController.php
···
7
7
$viewer = $request->getViewer();
8
8
$id = $request->getURIData('id');
9
9
10
-
$number = id(new PhabricatorAuthContactNumberQuery())
11
-
->setViewer($viewer)
12
-
->withIDs(array($id))
13
-
->requireCapabilities(
14
-
array(
15
-
PhabricatorPolicyCapability::CAN_VIEW,
16
-
PhabricatorPolicyCapability::CAN_EDIT,
17
-
))
18
-
->executeOne();
19
-
if (!$number) {
10
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
11
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
12
+
$number = id(new PhabricatorAuthContactNumberQuery())
13
+
->setViewer($viewer)
14
+
->withIDs(array($id))
15
+
->requireCapabilities(
16
+
array(
17
+
PhabricatorPolicyCapability::CAN_VIEW,
18
+
PhabricatorPolicyCapability::CAN_EDIT,
19
+
))
20
+
->executeOne();
21
+
}
22
+
if (!isset($number) || !$number) {
20
23
return new Aphront404Response();
21
24
}
22
25
+8
-3
src/applications/auth/controller/contact/PhabricatorAuthContactNumberEditController.php
+8
-3
src/applications/auth/controller/contact/PhabricatorAuthContactNumberEditController.php
···
4
4
extends PhabricatorAuthContactNumberController {
5
5
6
6
public function handleRequest(AphrontRequest $request) {
7
-
return id(new PhabricatorAuthContactNumberEditEngine())
8
-
->setController($this)
9
-
->buildResponse();
7
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
8
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
9
+
return id(new PhabricatorAuthContactNumberEditEngine())
10
+
->setController($this)
11
+
->buildResponse();
12
+
} else {
13
+
return new Aphront404Response();
14
+
}
10
15
}
11
16
12
17
}
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberPrimaryController.php
···
7
7
$viewer = $request->getViewer();
8
8
$id = $request->getURIData('id');
9
9
10
-
$number = id(new PhabricatorAuthContactNumberQuery())
11
-
->setViewer($viewer)
12
-
->withIDs(array($id))
13
-
->requireCapabilities(
14
-
array(
15
-
PhabricatorPolicyCapability::CAN_VIEW,
16
-
PhabricatorPolicyCapability::CAN_EDIT,
17
-
))
18
-
->executeOne();
19
-
if (!$number) {
10
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
11
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
12
+
$number = id(new PhabricatorAuthContactNumberQuery())
13
+
->setViewer($viewer)
14
+
->withIDs(array($id))
15
+
->requireCapabilities(
16
+
array(
17
+
PhabricatorPolicyCapability::CAN_VIEW,
18
+
PhabricatorPolicyCapability::CAN_EDIT,
19
+
))
20
+
->executeOne();
21
+
}
22
+
if (!isset($number) || !$number) {
20
23
return new Aphront404Response();
21
24
}
22
25
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberTestController.php
+13
-10
src/applications/auth/controller/contact/PhabricatorAuthContactNumberTestController.php
···
7
7
$viewer = $request->getViewer();
8
8
$id = $request->getURIData('id');
9
9
10
-
$number = id(new PhabricatorAuthContactNumberQuery())
11
-
->setViewer($viewer)
12
-
->withIDs(array($id))
13
-
->requireCapabilities(
14
-
array(
15
-
PhabricatorPolicyCapability::CAN_VIEW,
16
-
PhabricatorPolicyCapability::CAN_EDIT,
17
-
))
18
-
->executeOne();
19
-
if (!$number) {
10
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
11
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
12
+
$number = id(new PhabricatorAuthContactNumberQuery())
13
+
->setViewer($viewer)
14
+
->withIDs(array($id))
15
+
->requireCapabilities(
16
+
array(
17
+
PhabricatorPolicyCapability::CAN_VIEW,
18
+
PhabricatorPolicyCapability::CAN_EDIT,
19
+
))
20
+
->executeOne();
21
+
}
22
+
if (!isset($number) || !$number) {
20
23
return new Aphront404Response();
21
24
}
22
25
+8
-5
src/applications/auth/controller/contact/PhabricatorAuthContactNumberViewController.php
+8
-5
src/applications/auth/controller/contact/PhabricatorAuthContactNumberViewController.php
···
6
6
public function handleRequest(AphrontRequest $request) {
7
7
$viewer = $this->getViewer();
8
8
9
-
$number = id(new PhabricatorAuthContactNumberQuery())
10
-
->setViewer($viewer)
11
-
->withIDs(array($request->getURIData('id')))
12
-
->executeOne();
13
-
if (!$number) {
9
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
10
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
11
+
$number = id(new PhabricatorAuthContactNumberQuery())
12
+
->setViewer($viewer)
13
+
->withIDs(array($request->getURIData('id')))
14
+
->executeOne();
15
+
}
16
+
if (!isset($number) || !$number) {
14
17
return new Aphront404Response();
15
18
}
16
19
+1
-1
src/applications/auth/factor/PhabricatorSMSAuthFactor.php
+1
-1
src/applications/auth/factor/PhabricatorSMSAuthFactor.php
+12
src/applications/settings/panel/PhabricatorContactNumbersSettingsPanel.php
+12
src/applications/settings/panel/PhabricatorContactNumbersSettingsPanel.php
···
19
19
return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;
20
20
}
21
21
22
+
/**
23
+
* Whether to display "Contact Numbers" panel in users' Personal
24
+
* Settings by checking if global SMS support is configured
25
+
*/
26
+
public function isUserPanel() {
27
+
$sms_auth_factor = new PhabricatorSMSAuthFactor();
28
+
if ($sms_auth_factor->isSMSMailerConfigured()) {
29
+
return true;
30
+
}
31
+
return false;
32
+
}
33
+
22
34
public function isMultiFactorEnrollmentPanel() {
23
35
return true;
24
36
}