Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F547994
PhabricatorPasswordSettingsPanel.php
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
7 KB
Referenced Files
None
Subscribers
None
PhabricatorPasswordSettingsPanel.php
View Options
<?php
final
class
PhabricatorPasswordSettingsPanel
extends
PhabricatorSettingsPanel
{
public
function
getPanelKey
()
{
return
'password'
;
}
public
function
getPanelName
()
{
return
pht
(
'Password'
);
}
public
function
getPanelMenuIcon
()
{
return
'fa-key'
;
}
public
function
getPanelGroupKey
()
{
return
PhabricatorSettingsAuthenticationPanelGroup
::
PANELGROUPKEY
;
}
public
function
isEnabled
()
{
// There's no sense in showing a change password panel if this install
// doesn't support password authentication.
if
(!
PhabricatorPasswordAuthProvider
::
getPasswordProvider
())
{
return
false
;
}
return
true
;
}
public
function
processRequest
(
AphrontRequest
$request
)
{
$viewer
=
$request
->
getUser
();
$user
=
$this
->
getUser
();
$content_source
=
PhabricatorContentSource
::
newFromRequest
(
$request
);
$min_len
=
PhabricatorEnv
::
getEnvConfig
(
'account.minimum-password-length'
);
$min_len
=
(
int
)
$min_len
;
// NOTE: Users can also change passwords through the separate "set/reset"
// interface which is reached by logging in with a one-time token after
// registration or password reset. If this flow changes, that flow may
// also need to change.
$account_type
=
PhabricatorAuthPassword
::
PASSWORD_TYPE_ACCOUNT
;
$password_objects
=
id
(
new
PhabricatorAuthPasswordQuery
())
->
setViewer
(
$viewer
)
->
withObjectPHIDs
(
array
(
$user
->
getPHID
()))
->
withPasswordTypes
(
array
(
$account_type
))
->
withIsRevoked
(
false
)
->
execute
();
if
(!
$password_objects
)
{
return
$this
->
newSetPasswordView
(
$request
);
}
$password_object
=
head
(
$password_objects
);
$e_old
=
true
;
$e_new
=
true
;
$e_conf
=
true
;
$errors
=
array
();
if
(
$request
->
isFormOrHisecPost
())
{
$workflow_key
=
sprintf
(
'password.change(%s)'
,
$user
->
getPHID
());
$hisec_token
=
id
(
new
PhabricatorAuthSessionEngine
())
->
setWorkflowKey
(
$workflow_key
)
->
requireHighSecurityToken
(
$viewer
,
$request
,
'/settings/'
);
// Rate limit guesses about the old password. This page requires MFA and
// session compromise already, so this is mostly just to stop researchers
// from reporting this as a vulnerability.
PhabricatorSystemActionEngine
::
willTakeAction
(
array
(
$viewer
->
getPHID
()),
new
PhabricatorAuthChangePasswordAction
(),
1
);
$envelope
=
new
PhutilOpaqueEnvelope
(
$request
->
getStr
(
'old_pw'
));
$engine
=
id
(
new
PhabricatorAuthPasswordEngine
())
->
setViewer
(
$viewer
)
->
setContentSource
(
$content_source
)
->
setPasswordType
(
$account_type
)
->
setObject
(
$user
);
if
(!
strlen
(
$envelope
->
openEnvelope
()))
{
$errors
[]
=
pht
(
'You must enter your current password.'
);
$e_old
=
pht
(
'Required'
);
}
else
if
(!
$engine
->
isValidPassword
(
$envelope
))
{
$errors
[]
=
pht
(
'The old password you entered is incorrect.'
);
$e_old
=
pht
(
'Invalid'
);
}
else
{
$e_old
=
null
;
// Refund the user an action credit for getting the password right.
PhabricatorSystemActionEngine
::
willTakeAction
(
array
(
$viewer
->
getPHID
()),
new
PhabricatorAuthChangePasswordAction
(),
-
1
);
}
$pass
=
$request
->
getStr
(
'new_pw'
);
$conf
=
$request
->
getStr
(
'conf_pw'
);
$password_envelope
=
new
PhutilOpaqueEnvelope
(
$pass
);
$confirm_envelope
=
new
PhutilOpaqueEnvelope
(
$conf
);
try
{
$engine
->
checkNewPassword
(
$password_envelope
,
$confirm_envelope
);
$e_new
=
null
;
$e_conf
=
null
;
}
catch
(
PhabricatorAuthPasswordException
$ex
)
{
$errors
[]
=
$ex
->
getMessage
();
$e_new
=
$ex
->
getPasswordError
();
$e_conf
=
$ex
->
getConfirmError
();
}
if
(!
$errors
)
{
$password_object
->
setPassword
(
$password_envelope
,
$user
)
->
save
();
$next
=
$this
->
getPanelURI
(
'?saved=true'
);
id
(
new
PhabricatorAuthSessionEngine
())->
terminateLoginSessions
(
$user
,
new
PhutilOpaqueEnvelope
(
$request
->
getCookie
(
PhabricatorCookies
::
COOKIE_SESSION
)));
return
id
(
new
AphrontRedirectResponse
())->
setURI
(
$next
);
}
}
if
(
$password_object
->
getID
())
{
try
{
$can_upgrade
=
$password_object
->
canUpgrade
();
}
catch
(
PhabricatorPasswordHasherUnavailableException
$ex
)
{
$can_upgrade
=
false
;
$errors
[]
=
pht
(
'Your password is currently hashed using an algorithm which is '
.
'no longer available on this install.'
);
$errors
[]
=
pht
(
'Because the algorithm implementation is missing, your password '
.
'can not be used or updated.'
);
$errors
[]
=
pht
(
'To set a new password, request a password reset link from the '
.
'login screen and then follow the instructions.'
);
}
if
(
$can_upgrade
)
{
$errors
[]
=
pht
(
'The strength of your stored password hash can be upgraded. '
.
'To upgrade, either: log out and log in using your password; or '
.
'change your password.'
);
}
}
$len_caption
=
null
;
if
(
$min_len
)
{
$len_caption
=
pht
(
'Minimum password length: %d characters.'
,
$min_len
);
}
$form
=
id
(
new
AphrontFormView
())
->
setViewer
(
$viewer
)
->
appendChild
(
id
(
new
AphrontFormPasswordControl
())
->
setLabel
(
pht
(
'Old Password'
))
->
setError
(
$e_old
)
->
setName
(
'old_pw'
))
->
appendChild
(
id
(
new
AphrontFormPasswordControl
())
->
setDisableAutocomplete
(
true
)
->
setLabel
(
pht
(
'New Password'
))
->
setError
(
$e_new
)
->
setName
(
'new_pw'
))
->
appendChild
(
id
(
new
AphrontFormPasswordControl
())
->
setDisableAutocomplete
(
true
)
->
setLabel
(
pht
(
'Confirm Password'
))
->
setCaption
(
$len_caption
)
->
setError
(
$e_conf
)
->
setName
(
'conf_pw'
))
->
appendChild
(
id
(
new
AphrontFormSubmitControl
())
->
setValue
(
pht
(
'Change Password'
)));
$properties
=
id
(
new
PHUIPropertyListView
());
$properties
->
addProperty
(
pht
(
'Current Algorithm'
),
PhabricatorPasswordHasher
::
getCurrentAlgorithmName
(
$password_object
->
newPasswordEnvelope
()));
$properties
->
addProperty
(
pht
(
'Best Available Algorithm'
),
PhabricatorPasswordHasher
::
getBestAlgorithmName
());
$info_view
=
id
(
new
PHUIInfoView
())
->
setSeverity
(
PHUIInfoView
::
SEVERITY_NOTICE
)
->
appendChild
(
pht
(
'Changing your password will terminate any other outstanding '
.
'login sessions.'
));
$algo_box
=
$this
->
newBox
(
pht
(
'Password Algorithms'
),
$properties
);
$form_box
=
id
(
new
PHUIObjectBoxView
())
->
setHeaderText
(
pht
(
'Change Password'
))
->
setFormErrors
(
$errors
)
->
setBackground
(
PHUIObjectBoxView
::
WHITE_CONFIG
)
->
setForm
(
$form
);
return
array
(
$form_box
,
$algo_box
,
$info_view
,
);
}
private
function
newSetPasswordView
(
AphrontRequest
$request
)
{
$viewer
=
$request
->
getUser
();
$user
=
$this
->
getUser
();
$form
=
id
(
new
AphrontFormView
())
->
setViewer
(
$viewer
)
->
appendRemarkupInstructions
(
pht
(
'Your account does not currently have a password set. You can '
.
'choose a password by performing a password reset.'
))
->
appendControl
(
id
(
new
AphrontFormSubmitControl
())
->
addCancelButton
(
'/login/email/'
,
pht
(
'Reset Password'
)));
$form_box
=
id
(
new
PHUIObjectBoxView
())
->
setHeaderText
(
pht
(
'Set Password'
))
->
setBackground
(
PHUIObjectBoxView
::
WHITE_CONFIG
)
->
setForm
(
$form
);
return
$form_box
;
}
}
File Metadata
Details
Attached
Mime Type
text/x-php
Expires
Mon, May 12, 1:41 PM (2 d)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
120427
Default Alt Text
PhabricatorPasswordSettingsPanel.php (7 KB)
Attached To
Mode
rP Phorge
Attached
Detach File
Event Timeline
Log In to Comment