recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Formally modularize MFA/TOTP tokens, provide a module panel for temporary tokens

Summary:
Ref T10603. We have a couple of sort of ad-hoc tokens, so start formalizing them. First up is MFA tokens.

Also adds a new config module panel for these.

Test Plan:
- Added MFA.
- Added MFA, intentionally fumbled the input, completed the workflow.
- Removed MFA.
- Viewed tokens, saw MFA sync tokens.
- Viewed new module config panel.

{F1177014}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15479

epriestley 33a95d44 a837c3d7

+81 -4
+4
src/__phutil_library_map__.php
··· 1843 1843 'PhabricatorAuthSessionQuery' => 'applications/auth/query/PhabricatorAuthSessionQuery.php', 1844 1844 'PhabricatorAuthSetupCheck' => 'applications/config/check/PhabricatorAuthSetupCheck.php', 1845 1845 'PhabricatorAuthStartController' => 'applications/auth/controller/PhabricatorAuthStartController.php', 1846 + 'PhabricatorAuthTOTPKeyTemporaryTokenType' => 'applications/auth/factor/PhabricatorAuthTOTPKeyTemporaryTokenType.php', 1846 1847 'PhabricatorAuthTemporaryToken' => 'applications/auth/storage/PhabricatorAuthTemporaryToken.php', 1847 1848 'PhabricatorAuthTemporaryTokenGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthTemporaryTokenGarbageCollector.php', 1848 1849 'PhabricatorAuthTemporaryTokenQuery' => 'applications/auth/query/PhabricatorAuthTemporaryTokenQuery.php', 1849 1850 'PhabricatorAuthTemporaryTokenType' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php', 1851 + 'PhabricatorAuthTemporaryTokenTypeModule' => 'applications/auth/tokentype/PhabricatorAuthTemporaryTokenTypeModule.php', 1850 1852 'PhabricatorAuthTerminateSessionController' => 'applications/auth/controller/PhabricatorAuthTerminateSessionController.php', 1851 1853 'PhabricatorAuthTryFactorAction' => 'applications/auth/action/PhabricatorAuthTryFactorAction.php', 1852 1854 'PhabricatorAuthUnlinkController' => 'applications/auth/controller/PhabricatorAuthUnlinkController.php', ··· 6164 6166 'PhabricatorAuthSessionQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 6165 6167 'PhabricatorAuthSetupCheck' => 'PhabricatorSetupCheck', 6166 6168 'PhabricatorAuthStartController' => 'PhabricatorAuthController', 6169 + 'PhabricatorAuthTOTPKeyTemporaryTokenType' => 'PhabricatorAuthTemporaryTokenType', 6167 6170 'PhabricatorAuthTemporaryToken' => array( 6168 6171 'PhabricatorAuthDAO', 6169 6172 'PhabricatorPolicyInterface', ··· 6171 6174 'PhabricatorAuthTemporaryTokenGarbageCollector' => 'PhabricatorGarbageCollector', 6172 6175 'PhabricatorAuthTemporaryTokenQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 6173 6176 'PhabricatorAuthTemporaryTokenType' => 'Phobject', 6177 + 'PhabricatorAuthTemporaryTokenTypeModule' => 'PhabricatorConfigModule', 6174 6178 'PhabricatorAuthTerminateSessionController' => 'PhabricatorAuthController', 6175 6179 'PhabricatorAuthTryFactorAction' => 'PhabricatorSystemAction', 6176 6180 'PhabricatorAuthUnlinkController' => 'PhabricatorAuthController',
+17
src/applications/auth/factor/PhabricatorAuthTOTPKeyTemporaryTokenType.php
··· 1 + <?php 2 + 3 + final class PhabricatorAuthTOTPKeyTemporaryTokenType 4 + extends PhabricatorAuthTemporaryTokenType { 5 + 6 + const TOKENTYPE = 'mfa:totp:key'; 7 + 8 + public function getTokenTypeDisplayName() { 9 + return pht('TOTP Synchronization'); 10 + } 11 + 12 + public function getTokenReadableTypeName( 13 + PhabricatorAuthTemporaryToken $token) { 14 + return pht('TOTP Sync Token'); 15 + } 16 + 17 + }
+4 -4
src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
··· 2 2 3 3 final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { 4 4 5 - const TEMPORARY_TOKEN_TYPE = 'mfa:totp:key'; 6 - 7 5 public function getFactorKey() { 8 6 return 'totp'; 9 7 } ··· 23 21 AphrontFormView $form, 24 22 AphrontRequest $request, 25 23 PhabricatorUser $user) { 24 + 25 + $totp_token_type = PhabricatorAuthTOTPKeyTemporaryTokenType::TOKENTYPE; 26 26 27 27 $key = $request->getStr('totpkey'); 28 28 if (strlen($key)) { ··· 37 37 $temporary_token = id(new PhabricatorAuthTemporaryTokenQuery()) 38 38 ->setViewer($user) 39 39 ->withTokenResources(array($user->getPHID())) 40 - ->withTokenTypes(array(self::TEMPORARY_TOKEN_TYPE)) 40 + ->withTokenTypes(array($totp_token_type)) 41 41 ->withExpired(false) 42 42 ->withTokenCodes(array(PhabricatorHash::digest($key))) 43 43 ->executeOne(); ··· 56 56 $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); 57 57 id(new PhabricatorAuthTemporaryToken()) 58 58 ->setTokenResource($user->getPHID()) 59 - ->setTokenType(self::TEMPORARY_TOKEN_TYPE) 59 + ->setTokenType($totp_token_type) 60 60 ->setTokenExpires(time() + phutil_units('1 hour in seconds')) 61 61 ->setTokenCode(PhabricatorHash::digest($key)) 62 62 ->save();
+4
src/applications/auth/tokentype/PhabricatorAuthOneTimeLoginTemporaryTokenType.php
··· 5 5 6 6 const TOKENTYPE = 'login:onetime'; 7 7 8 + public function getTokenTypeDisplayName() { 9 + return pht('One-Time Login'); 10 + } 11 + 8 12 public function getTokenReadableTypeName( 9 13 PhabricatorAuthTemporaryToken $token) { 10 14 return pht('One-Time Login Token');
+4
src/applications/auth/tokentype/PhabricatorAuthPasswordResetTemporaryTokenType.php
··· 5 5 6 6 const TOKENTYPE = 'login:password'; 7 7 8 + public function getTokenTypeDisplayName() { 9 + return pht('Password Reset'); 10 + } 11 + 8 12 public function getTokenReadableTypeName( 9 13 PhabricatorAuthTemporaryToken $token) { 10 14 return pht('Password Reset Token');
+1
src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenType.php
··· 3 3 abstract class PhabricatorAuthTemporaryTokenType 4 4 extends Phobject { 5 5 6 + abstract public function getTokenTypeDisplayName(); 6 7 abstract public function getTokenReadableTypeName( 7 8 PhabricatorAuthTemporaryToken $token); 8 9
+47
src/applications/auth/tokentype/PhabricatorAuthTemporaryTokenTypeModule.php
··· 1 + <?php 2 + 3 + final class PhabricatorAuthTemporaryTokenTypeModule 4 + extends PhabricatorConfigModule { 5 + 6 + public function getModuleKey() { 7 + return 'temporarytoken'; 8 + } 9 + 10 + public function getModuleName() { 11 + return pht('Temporary Tokens'); 12 + } 13 + 14 + public function renderModuleStatus(AphrontRequest $request) { 15 + $viewer = $request->getViewer(); 16 + 17 + $types = PhabricatorAuthTemporaryTokenType::getAllTypes(); 18 + 19 + $rows = array(); 20 + foreach ($types as $type) { 21 + $rows[] = array( 22 + get_class($type), 23 + $type->getTokenTypeConstant(), 24 + $type->getTokenTypeDisplayName(), 25 + ); 26 + } 27 + 28 + $table = id(new AphrontTableView($rows)) 29 + ->setHeaders( 30 + array( 31 + pht('Class'), 32 + pht('Key'), 33 + pht('Name'), 34 + )) 35 + ->setColumnClasses( 36 + array( 37 + null, 38 + null, 39 + 'wide pri', 40 + )); 41 + 42 + return id(new PHUIObjectBoxView()) 43 + ->setHeaderText(pht('Temporary Token Types')) 44 + ->setTable($table); 45 + } 46 + 47 + }