@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Quicksand - make things work properly with high security mode

Summary: Fixes T7064. We need to pass the quicksand magic request variable around and then instrument the javascript to handle quicksand page loads.

Test Plan:
Enabled two factor auth on my account and then

- visited password page
- filled out 2 factor auth request
- saw high security bubble
- clicked about still seeing high security bubble
- refreshed page and still saw security bubble
- dismissed bubble by following through workflow after clicking bubble

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7064

Differential Revision: https://secure.phabricator.com/D12536

+77 -33
+7 -7
resources/celerity/map.php
··· 469 469 'rsrc/js/core/behavior-form.js' => '5c54cbf3', 470 470 'rsrc/js/core/behavior-gesture.js' => '3ab51e2c', 471 471 'rsrc/js/core/behavior-global-drag-and-drop.js' => '3f6075ff', 472 - 'rsrc/js/core/behavior-high-security-warning.js' => '8fc1c918', 472 + 'rsrc/js/core/behavior-high-security-warning.js' => 'a464fe03', 473 473 'rsrc/js/core/behavior-history-install.js' => '7ee2b591', 474 474 'rsrc/js/core/behavior-hovercard.js' => 'f36e01af', 475 475 'rsrc/js/core/behavior-keyboard-pager.js' => 'a8da01f0', ··· 595 595 'javelin-behavior-fancy-datepicker' => 'c51ae228', 596 596 'javelin-behavior-global-drag-and-drop' => '3f6075ff', 597 597 'javelin-behavior-herald-rule-editor' => '7ebaeed3', 598 - 'javelin-behavior-high-security-warning' => '8fc1c918', 598 + 'javelin-behavior-high-security-warning' => 'a464fe03', 599 599 'javelin-behavior-history-install' => '7ee2b591', 600 600 'javelin-behavior-icon-composer' => '8ef9ab58', 601 601 'javelin-behavior-launch-icon-composer' => '48086888', ··· 1526 1526 'javelin-dom', 1527 1527 'javelin-stratcom', 1528 1528 ), 1529 - '8fc1c918' => array( 1530 - 'javelin-behavior', 1531 - 'javelin-uri', 1532 - 'phabricator-notification', 1533 - ), 1534 1529 '9007c197' => array( 1535 1530 'javelin-behavior', 1536 1531 'javelin-dom', ··· 1638 1633 'javelin-dom', 1639 1634 'javelin-vector', 1640 1635 'javelin-install', 1636 + ), 1637 + 'a464fe03' => array( 1638 + 'javelin-behavior', 1639 + 'javelin-uri', 1640 + 'phabricator-notification', 1641 1641 ), 1642 1642 'a80d0378' => array( 1643 1643 'javelin-behavior',
+7 -3
src/aphront/AphrontRequest.php
··· 539 539 * 540 540 * @return dict<string, string> Original request parameters. 541 541 */ 542 - public function getPassthroughRequestParameters() { 543 - return self::flattenData($this->getPassthroughRequestData()); 542 + public function getPassthroughRequestParameters($include_quicksand = false) { 543 + return self::flattenData( 544 + $this->getPassthroughRequestData($include_quicksand)); 544 545 } 545 546 546 547 /** ··· 548 549 * 549 550 * @return dict<string, wild> Request data, with magic filtered out. 550 551 */ 551 - public function getPassthroughRequestData() { 552 + public function getPassthroughRequestData($include_quicksand = false) { 552 553 $data = $this->getRequestData(); 553 554 554 555 // Remove magic parameters like __dialog__ and __ajax__. 555 556 foreach ($data as $key => $value) { 557 + if ($include_quicksand && $key == self::TYPE_QUICKSAND) { 558 + continue; 559 + } 556 560 if (!strncmp($key, '__', 2)) { 557 561 unset($data[$key]); 558 562 }
+3 -1
src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
··· 135 135 ->addCancelButton($ex->getCancelURI()) 136 136 ->addSubmitButton(pht('Enter High Security')); 137 137 138 - foreach ($request->getPassthroughRequestParameters() as $key => $value) { 138 + $request_parameters = $request->getPassthroughRequestParameters( 139 + $respect_quicksand = true); 140 + foreach ($request_parameters as $key => $value) { 139 141 $dialog->addHiddenInput($key, $value); 140 142 } 141 143
+26 -15
src/view/page/PhabricatorStandardPageView.php
··· 215 215 216 216 Javelin::initBehavior('device'); 217 217 218 - if ($user->hasSession()) { 219 - $hisec = ($user->getSession()->getHighSecurityUntil() - time()); 220 - if ($hisec > 0) { 221 - $remaining_time = phutil_format_relative_time($hisec); 222 - Javelin::initBehavior( 223 - 'high-security-warning', 224 - array( 225 - 'uri' => '/auth/session/downgrade/', 226 - 'message' => pht( 227 - 'Your session is in high security mode. When you '. 228 - 'finish using it, click here to leave.', 229 - $remaining_time), 230 - )); 231 - } 232 - } 218 + Javelin::initBehavior( 219 + 'high-security-warning', 220 + $this->getHighSecurityWarningConfig()); 233 221 234 222 if ($console) { 235 223 require_celerity_resource('aphront-dark-console-css'); ··· 547 535 ); 548 536 } 549 537 538 + private function getHighSecurityWarningConfig() { 539 + $user = $this->getRequest()->getUser(); 540 + 541 + $show = false; 542 + if ($user->hasSession()) { 543 + $hisec = ($user->getSession()->getHighSecurityUntil() - time()); 544 + if ($hisec > 0) { 545 + $show = true; 546 + } 547 + } 548 + 549 + return array( 550 + 'show' => $show, 551 + 'uri' => '/auth/session/downgrade/', 552 + 'message' => pht( 553 + 'Your session is in high security mode. When you '. 554 + 'finish using it, click here to leave.'), 555 + ); 556 + } 557 + 550 558 private function renderFooter() { 551 559 if (!$this->getShowChrome()) { 552 560 return null; ··· 628 636 $controller); 629 637 } 630 638 639 + $hisec_warning_config = $this->getHighSecurityWarningConfig(); 640 + 631 641 $console_config = null; 632 642 $console = $this->getConsole(); 633 643 if ($console) { ··· 641 651 ), 642 652 'globalDragAndDrop' => $controller->isGlobalDragAndDropUploadEnabled(), 643 653 'aphlictDropdowns' => $rendered_dropdowns, 654 + 'hisecWarningConfig' => $hisec_warning_config, 644 655 'consoleConfig' => $console_config, 645 656 ) + $this->buildAphlictListenConfigData(); 646 657 }
+34 -7
webroot/rsrc/js/core/behavior-high-security-warning.js
··· 5 5 * phabricator-notification 6 6 */ 7 7 8 - JX.behavior('high-security-warning', function(config) { 8 + JX.behavior('high-security-warning', function(config, statics) { 9 + 10 + function show_warning(message, uri) { 11 + var n = new JX.Notification() 12 + .setContent(message) 13 + .setDuration(0) 14 + .alterClassName('jx-notification-security', true); 15 + 16 + n.listen( 17 + 'activate', 18 + function() { 19 + statics.showing = false; 20 + JX.$U(uri).go(); 21 + }); 9 22 10 - var n = new JX.Notification() 11 - .setContent(config.message) 12 - .setDuration(0) 13 - .alterClassName('jx-notification-security', true); 23 + n.show(); 24 + statics.showing = true; 25 + } 26 + 27 + if (statics.showing) { 28 + return; 29 + } 14 30 15 - n.listen('activate', function() { JX.$U(config.uri).go(); }); 31 + if (config.show) { 32 + show_warning(config.message, config.uri); 33 + } 16 34 17 - n.show(); 35 + JX.Stratcom.listen( 36 + 'quicksand-redraw', 37 + null, 38 + function (e) { 39 + var new_data = e.getData().newResponse.hisecWarningConfig; 18 40 41 + if (!new_data.fromServer || !new_data.show || statics.showing) { 42 + return; 43 + } 44 + show_warning(new_data.message, new_data.uri); 45 + }); 19 46 });