Path: blob/master/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php
12241 views
<?php12final class PhabricatorHighSecurityRequestExceptionHandler3extends PhabricatorRequestExceptionHandler {45public function getRequestExceptionHandlerPriority() {6return 310000;7}89public function getRequestExceptionHandlerDescription() {10return pht(11'Handles high security exceptions which occur when a user needs '.12'to present MFA credentials to take an action.');13}1415public function canHandleRequestThrowable(16AphrontRequest $request,17$throwable) {1819if (!$this->isPhabricatorSite($request)) {20return false;21}2223return ($throwable instanceof PhabricatorAuthHighSecurityRequiredException);24}2526public function handleRequestThrowable(27AphrontRequest $request,28$throwable) {2930$viewer = $this->getViewer($request);31$results = $throwable->getFactorValidationResults();3233$form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm(34$throwable->getFactors(),35$results,36$viewer,37$request);3839$is_wait = false;40$is_continue = false;41foreach ($results as $result) {42if ($result->getIsWait()) {43$is_wait = true;44}4546if ($result->getIsContinue()) {47$is_continue = true;48}49}5051$is_upgrade = $throwable->getIsSessionUpgrade();5253if ($is_upgrade) {54$title = pht('Enter High Security');55} else {56$title = pht('Provide MFA Credentials');57}5859if ($is_wait) {60$submit = pht('Wait Patiently');61} else if ($is_upgrade && !$is_continue) {62$submit = pht('Enter High Security');63} else {64$submit = pht('Continue');65}6667$dialog = id(new AphrontDialogView())68->setUser($viewer)69->setTitle($title)70->setShortTitle(pht('Security Checkpoint'))71->setWidth(AphrontDialogView::WIDTH_FORM)72->addHiddenInput(AphrontRequest::TYPE_HISEC, true)73->setSubmitURI($request->getPath())74->addCancelButton($throwable->getCancelURI())75->addSubmitButton($submit);7677$form_layout = $form->buildLayoutView();7879if ($is_upgrade) {80$message = pht(81'You are taking an action which requires you to enter '.82'high security.');8384$info_view = id(new PHUIInfoView())85->setSeverity(PHUIInfoView::SEVERITY_MFA)86->setErrors(array($message));8788$dialog89->appendChild($info_view)90->appendParagraph(91pht(92'To enter high security mode, confirm your credentials:'))93->appendChild($form_layout)94->appendParagraph(95pht(96'Your account will remain in high security mode for a short '.97'period of time. When you are finished taking sensitive '.98'actions, you should leave high security.'));99} else {100$message = pht(101'You are taking an action which requires you to provide '.102'multi-factor credentials.');103104$info_view = id(new PHUIInfoView())105->setSeverity(PHUIInfoView::SEVERITY_MFA)106->setErrors(array($message));107108$dialog109->appendChild($info_view)110->setErrors(111array(112))113->appendChild($form_layout);114}115116$request_parameters = $request->getPassthroughRequestParameters(117$respect_quicksand = true);118foreach ($request_parameters as $key => $value) {119$dialog->addHiddenInput($key, $value);120}121122// See T13289. If the user hit a "some transactions have no effect" dialog123// and elected to continue, we want to pass that flag through the MFA124// dialog even though it is not normally a passthrough request parameter.125if ($request->isContinueRequest()) {126$dialog->addHiddenInput(AphrontRequest::TYPE_CONTINUE, 1);127}128129return $dialog;130}131132}133134135