recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add a blanket "will login" event

Summary:
Ref T1536. Facebook currently does a check which should be on-login in registration hooks, and this is generally a reasonable hook to provide.

The "will login" event allows listeners to reject or modify a login, or just log it or whatever.

NOTE: This doesn't cover non-web logins right now -- notably Conduit. That's presumably fine.

(This can't land for a while, it depends on about 10 uncommitted revisions.)

Test Plan: Logged out and in again.

Reviewers: wez, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6202

epriestley 61a0c6d6 0250b48c

+63 -28
+53 -8
src/applications/auth/controller/PhabricatorAuthController.php
··· 29 29 30 30 } 31 31 32 - protected function establishWebSession(PhabricatorUser $user) { 33 - $session_key = $user->establishSession('web'); 32 + /** 33 + * Log a user into a web session and return an @{class:AphrontResponse} which 34 + * corresponds to continuing the login process. 35 + * 36 + * Normally, this is a redirect to the validation controller which makes sure 37 + * the user's cookies are set. However, event listeners can intercept this 38 + * event and do something else if they prefer. 39 + * 40 + * @param PhabricatorUser User to log the viewer in as. 41 + * @return AphrontResponse Response which continues the login process. 42 + */ 43 + protected function loginUser(PhabricatorUser $user) { 44 + 45 + $response = $this->buildLoginValidateResponse($user); 46 + $session_type = 'web'; 47 + 48 + $event_type = PhabricatorEventType::TYPE_AUTH_WILLLOGINUSER; 49 + $event_data = array( 50 + 'user' => $user, 51 + 'type' => $session_type, 52 + 'response' => $response, 53 + 'shouldLogin' => true, 54 + ); 55 + 56 + $event = id(new PhabricatorEvent($event_type, $event_data)) 57 + ->setUser($user); 58 + PhutilEventEngine::dispatchEvent($event); 59 + 60 + $should_login = $event->getValue('shouldLogin'); 61 + if ($should_login) { 62 + $session_key = $user->establishSession($session_type); 34 63 35 - $request = $this->getRequest(); 64 + // NOTE: We allow disabled users to login and roadblock them later, so 65 + // there's no check for users being disabled here. 36 66 37 - // NOTE: We allow disabled users to login and roadblock them later, so 38 - // there's no check for users being disabled here. 67 + $request = $this->getRequest(); 68 + $request->setCookie('phusr', $user->getUsername()); 69 + $request->setCookie('phsid', $session_key); 39 70 40 - $request->setCookie('phusr', $user->getUsername()); 41 - $request->setCookie('phsid', $session_key); 71 + $this->clearRegistrationCookies(); 72 + } 73 + 74 + return $event->getValue('response'); 75 + } 76 + 77 + protected function clearRegistrationCookies() { 78 + $request = $this->getRequest(); 42 79 43 80 // Clear the registration key. 44 81 $request->clearCookie('phreg'); ··· 47 84 $request->clearCookie('phcid'); 48 85 } 49 86 50 - protected function buildLoginValidateResponse(PhabricatorUser $user) { 87 + private function buildLoginValidateResponse(PhabricatorUser $user) { 51 88 $validate_uri = new PhutilURI($this->getApplicationURI('validate/')); 52 89 $validate_uri->setQueryParam('phusr', $user->getUsername()); 53 90 54 91 return id(new AphrontRedirectResponse())->setURI((string)$validate_uri); 92 + } 93 + 94 + protected function renderError($message) { 95 + return $this->renderErrorPage( 96 + pht('Authentication Error'), 97 + array( 98 + $message, 99 + )); 55 100 } 56 101 57 102 }
+2 -4
src/applications/auth/controller/PhabricatorAuthLoginController.php
··· 107 107 'with a valid Phabricator user.')); 108 108 } 109 109 110 - $this->establishWebSession($user); 111 - 112 - return $this->buildLoginValidateResponse($user); 110 + return $this->loginUser($user); 113 111 } 114 112 115 113 private function processRegisterUser(PhabricatorExternalAccount $account) { ··· 161 159 return null; 162 160 } 163 161 164 - private function renderError($message) { 162 + protected function renderError($message) { 165 163 $title = pht('Login Failed'); 166 164 167 165 $view = new AphrontErrorView();
+2 -4
src/applications/auth/controller/PhabricatorAuthRegisterController.php
··· 205 205 206 206 $user->saveTransaction(); 207 207 208 - $this->establishWebSession($user); 209 - 210 208 if (!$email_obj->getIsVerified()) { 211 209 $email_obj->sendVerificationEmail($user); 212 210 } 213 211 214 - return $this->buildLoginValidateResponse($user); 212 + return $this->loginUser($user); 215 213 } catch (AphrontQueryDuplicateKeyException $exception) { 216 214 $same_username = id(new PhabricatorUser())->loadOneWhere( 217 215 'userName = %s', ··· 480 478 } 481 479 } 482 480 483 - private function renderError($message) { 481 + protected function renderError($message) { 484 482 return $this->renderErrorPage( 485 483 pht('Registration Failed'), 486 484 array($message));
+1 -1
src/applications/auth/controller/PhabricatorAuthStartController.php
··· 180 180 return id(new AphrontPlainTextResponse())->setContent($message); 181 181 } 182 182 183 - private function renderError($message) { 183 + protected function renderError($message) { 184 184 return $this->renderErrorPage( 185 185 pht('Authentication Failure'), 186 186 array($message));
+1 -3
src/applications/auth/controller/PhabricatorEmailTokenController.php
··· 73 73 $target_email->save(); 74 74 unset($unguarded); 75 75 76 - $this->establishWebSession($target_user); 77 - 78 76 $next = '/'; 79 77 if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { 80 78 $panels = id(new PhabricatorSettingsPanelOAuth())->buildPanels(); ··· 95 93 96 94 $request->setCookie('next_uri', $next); 97 95 98 - return $this->buildLoginValidateResponse($target_user); 96 + return $this->loginUser($target_user); 99 97 } 100 98 }
+1 -3
src/applications/auth/controller/PhabricatorLDAPLoginController.php
··· 90 90 91 91 $this->saveLDAPInfo($ldap_info); 92 92 93 - $this->establishWebSession($known_user); 94 - 95 - return $this->buildLoginValidateResponse($known_user); 93 + return $this->loginUser($known_user); 96 94 } 97 95 98 96 $controller = newv('PhabricatorLDAPRegistrationController',
+1 -2
src/applications/auth/controller/PhabricatorLoginController.php
··· 138 138 } 139 139 140 140 if (!$errors) { 141 - $this->establishWebSession($user); 142 - return $this->buildLoginValidateResponse($user); 141 + return $this->loginUser($user); 143 142 } else { 144 143 $log = PhabricatorUserLog::newLog( 145 144 null,
+1 -3
src/applications/auth/controller/PhabricatorOAuthLoginController.php
··· 148 148 149 149 $this->saveOAuthInfo($oauth_info); 150 150 151 - $this->establishWebSession($known_user); 152 - 153 - return $this->buildLoginValidateResponse($known_user); 151 + return $this->loginUser($known_user); 154 152 } 155 153 156 154 $oauth_email = $provider->retrieveUserEmail();
+1
src/infrastructure/events/constant/PhabricatorEventType.php
··· 37 37 38 38 const TYPE_PEOPLE_DIDRENDERMENU = 'people.didRenderMenu'; 39 39 const TYPE_AUTH_WILLREGISTERUSER = 'auth.willRegisterUser'; 40 + const TYPE_AUTH_WILLLOGINUSER = 'auth.willLoginUser'; 40 41 41 42 }