Replace old login validation controller with new one

-24

src/aphront/configuration/AphrontDefaultApplicationConfiguration.php

··· 24 24 => 'PhabricatorTypeaheadCommonDatasourceController', 25 25 ), 26 26 27 - '/login/' => array( 28 - '' => 'PhabricatorLoginController', 29 - 'email/' => 'PhabricatorEmailLoginController', 30 - 'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController', 31 - 'refresh/' => 'PhabricatorRefreshCSRFController', 32 - 'validate/' => 'PhabricatorLoginValidateController', 33 - 'mustverify/' => 'PhabricatorMustVerifyEmailController', 34 - ), 35 - 36 - '/logout/' => 'PhabricatorLogoutController', 37 - 38 - '/oauth/' => array( 39 - '(?P<provider>\w+)/' => array( 40 - 'login/' => 'PhabricatorOAuthLoginController', 41 - 'diagnose/' => 'PhabricatorOAuthDiagnosticsController', 42 - 'unlink/' => 'PhabricatorOAuthUnlinkController', 43 - ), 44 - ), 45 - 46 - '/ldap/' => array( 47 - 'login/' => 'PhabricatorLDAPLoginController', 48 - 'unlink/' => 'PhabricatorLDAPUnlinkController', 49 - ), 50 - 51 27 '/oauthserver/' => array( 52 28 'auth/' => 'PhabricatorOAuthServerAuthController', 53 29 'test/' => 'PhabricatorOAuthServerTestController',

+23

src/applications/auth/application/PhabricatorApplicationAuth.php

··· 41 41 'start/' => 'PhabricatorAuthStartController', 42 42 'validate/' => 'PhabricatorAuthValidateController', 43 43 ), 44 + 45 + '/login/' => array( 46 + '' => 'PhabricatorLoginController', 47 + 'email/' => 'PhabricatorEmailLoginController', 48 + 'etoken/(?P<token>\w+)/' => 'PhabricatorEmailTokenController', 49 + 'refresh/' => 'PhabricatorRefreshCSRFController', 50 + 'mustverify/' => 'PhabricatorMustVerifyEmailController', 51 + ), 52 + 53 + '/logout/' => 'PhabricatorLogoutController', 54 + 55 + '/oauth/' => array( 56 + '(?P<provider>\w+)/' => array( 57 + 'login/' => 'PhabricatorOAuthLoginController', 58 + 'diagnose/' => 'PhabricatorOAuthDiagnosticsController', 59 + 'unlink/' => 'PhabricatorOAuthUnlinkController', 60 + ), 61 + ), 62 + 63 + '/ldap/' => array( 64 + 'login/' => 'PhabricatorLDAPLoginController', 65 + 'unlink/' => 'PhabricatorLDAPUnlinkController', 66 + ), 44 67 ); 45 68 } 46 69

+3 -11

src/applications/auth/controller/PhabricatorEmailTokenController.php

··· 71 71 $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); 72 72 $target_email->setIsVerified(1); 73 73 $target_email->save(); 74 - $session_key = $target_user->establishSession('web'); 75 74 unset($unguarded); 76 75 77 - $request->setCookie('phusr', $target_user->getUsername()); 78 - $request->setCookie('phsid', $session_key); 76 + $this->establishWebSession($target_user); 79 77 80 78 $next = '/'; 81 79 if (!PhabricatorEnv::getEnvConfig('auth.password-auth-enabled')) { ··· 95 93 )); 96 94 } 97 95 98 - $uri = new PhutilURI('/login/validate/'); 99 - $uri->setQueryParams( 100 - array( 101 - 'phusr' => $target_user->getUsername(), 102 - 'next' => $next, 103 - )); 96 + $request->setCookie('next_uri', $next); 104 97 105 - return id(new AphrontRedirectResponse()) 106 - ->setURI((string)$uri); 98 + return $this->buildLoginValidateResponse($target_user); 107 99 } 108 100 }

+3 -12

src/applications/auth/controller/PhabricatorLDAPLoginController.php

··· 81 81 ->setURI('/settings/panel/ldap/'); 82 82 } 83 83 84 - if ($ldap_info->getID()) { 84 + if ($ldap_info->getUserPHID()) { 85 85 $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); 86 86 87 87 $known_user = id(new PhabricatorUser())->loadOneWhere( 88 88 'phid = %s', 89 89 $ldap_info->getUserPHID()); 90 - 91 - $session_key = $known_user->establishSession('web'); 92 90 93 91 $this->saveLDAPInfo($ldap_info); 94 92 95 - $request->setCookie('phusr', $known_user->getUsername()); 96 - $request->setCookie('phsid', $session_key); 93 + $this->establishWebSession($known_user); 97 94 98 - $uri = new PhutilURI('/login/validate/'); 99 - $uri->setQueryParams( 100 - array( 101 - 'phusr' => $known_user->getUsername(), 102 - )); 103 - 104 - return id(new AphrontRedirectResponse())->setURI((string)$uri); 95 + return $this->buildLoginValidateResponse($known_user); 105 96 } 106 97 107 98 $controller = newv('PhabricatorLDAPRegistrationController',

+2 -12

src/applications/auth/controller/PhabricatorLoginController.php

··· 138 138 } 139 139 140 140 if (!$errors) { 141 - $session_key = $user->establishSession('web'); 142 - 143 - $request->setCookie('phusr', $user->getUsername()); 144 - $request->setCookie('phsid', $session_key); 145 - 146 - $uri = id(new PhutilURI('/login/validate/')) 147 - ->setQueryParams( 148 - array('phusr' => $user->getUsername() 149 - )); 150 - 151 - return id(new AphrontRedirectResponse()) 152 - ->setURI((string)$uri); 141 + $this->establishWebSession($user); 142 + return $this->buildLoginValidateResponse($user); 153 143 } else { 154 144 $log = PhabricatorUserLog::newLog( 155 145 null,

-80

src/applications/auth/controller/PhabricatorLoginValidateController.php

··· 1 - <?php 2 - 3 - final class PhabricatorLoginValidateController 4 - extends PhabricatorAuthController { 5 - 6 - public function shouldRequireLogin() { 7 - return false; 8 - } 9 - 10 - public function processRequest() { 11 - $request = $this->getRequest(); 12 - 13 - $failures = array(); 14 - 15 - if (!strlen($request->getStr('phusr'))) { 16 - throw new Exception( 17 - "Login validation is missing expected parameters!"); 18 - } 19 - 20 - $expect_phusr = $request->getStr('phusr'); 21 - $actual_phusr = $request->getCookie('phusr'); 22 - if ($actual_phusr != $expect_phusr) { 23 - 24 - if ($actual_phusr) { 25 - $cookie_info = "sent back a cookie with the value '{$actual_phusr}'."; 26 - } else { 27 - $cookie_info = "did not accept the cookie."; 28 - } 29 - 30 - $failures[] = 31 - "Attempted to set 'phusr' cookie to '{$expect_phusr}', but your ". 32 - "browser {$cookie_info}"; 33 - } 34 - 35 - if (!$failures) { 36 - if (!$request->getUser()->getPHID()) { 37 - $failures[] = "Cookies were set correctly, but your session ". 38 - "isn't valid."; 39 - } 40 - } 41 - 42 - if ($failures) { 43 - 44 - $list = array(); 45 - foreach ($failures as $failure) { 46 - $list[] = phutil_tag('li', array(), $failure); 47 - } 48 - $list = phutil_tag('ul', array(), $list); 49 - 50 - $view = new AphrontRequestFailureView(); 51 - $view->setHeader(pht('Login Failed')); 52 - $view->appendChild(hsprintf( 53 - '<p>%s</p>%s<p>%s</p>', 54 - pht('Login failed:'), 55 - $list, 56 - pht( 57 - '<strong>Clear your cookies</strong> and try again.', 58 - hsprintf('')))); 59 - $view->appendChild(hsprintf( 60 - '<div class="aphront-failure-continue">'. 61 - '<a class="button" href="/login/">%s</a>'. 62 - '</div>', 63 - pht('Try Again'))); 64 - return $this->buildStandardPageResponse( 65 - $view, 66 - array( 67 - 'title' => pht('Login Failed'), 68 - )); 69 - } 70 - 71 - $next = nonempty($request->getStr('next'), $request->getCookie('next_uri')); 72 - $request->clearCookie('next_uri'); 73 - if (!PhabricatorEnv::isValidLocalWebResource($next)) { 74 - $next = '/'; 75 - } 76 - 77 - return id(new AphrontRedirectResponse())->setURI($next); 78 - } 79 - 80 - }

+2 -11

src/applications/auth/controller/PhabricatorOAuthLoginController.php

··· 146 146 $oauth_info, 147 147 $provider); 148 148 149 - $session_key = $known_user->establishSession('web'); 150 - 151 149 $this->saveOAuthInfo($oauth_info); 152 150 153 - $request->setCookie('phusr', $known_user->getUsername()); 154 - $request->setCookie('phsid', $session_key); 151 + $this->establishWebSession($known_user); 155 152 156 - $uri = new PhutilURI('/login/validate/'); 157 - $uri->setQueryParams( 158 - array( 159 - 'phusr' => $known_user->getUsername(), 160 - )); 161 - 162 - return id(new AphrontRedirectResponse())->setURI((string)$uri); 153 + return $this->buildLoginValidateResponse($known_user); 163 154 } 164 155 165 156 $oauth_email = $provider->retrieveUserEmail();

Configure Feed

Configure Feed