Path: blob/master/src/applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php
12256 views
<?php12final class PhabricatorAuthNeedsMultiFactorController3extends PhabricatorAuthController {45public function shouldRequireMultiFactorEnrollment() {6// Users need access to this controller in order to enroll in multi-factor7// auth.8return false;9}1011public function shouldRequireEnabledUser() {12// Users who haven't been approved yet are allowed to enroll in MFA. We'll13// kick disabled users out later.14return false;15}1617public function shouldRequireEmailVerification() {18// Users who haven't verified their email addresses yet can still enroll19// in MFA.20return false;21}2223public function handleRequest(AphrontRequest $request) {24$viewer = $this->getViewer();2526if ($viewer->getIsDisabled()) {27// We allowed unapproved and disabled users to hit this controller, but28// want to kick out disabled users now.29return new Aphront400Response();30}3132$panels = $this->loadPanels();3334$multifactor_key = id(new PhabricatorMultiFactorSettingsPanel())35->getPanelKey();3637$panel_key = $request->getURIData('pageKey');38if (!strlen($panel_key)) {39$panel_key = $multifactor_key;40}4142if (!isset($panels[$panel_key])) {43return new Aphront404Response();44}4546$nav = $this->newNavigation();47$nav->selectFilter($panel_key);4849$panel = $panels[$panel_key];5051$viewer->updateMultiFactorEnrollment();5253if ($panel_key === $multifactor_key) {54$header_text = pht('Add Multi-Factor Auth');55$help = $this->newGuidance();56$panel->setIsEnrollment(true);57} else {58$header_text = $panel->getPanelName();59$help = null;60}6162$response = $panel63->setController($this)64->setNavigation($nav)65->processRequest($request);6667if (($response instanceof AphrontResponse) ||68($response instanceof AphrontResponseProducerInterface)) {69return $response;70}7172$crumbs = $this->buildApplicationCrumbs()73->addTextCrumb(pht('Add Multi-Factor Auth'))74->setBorder(true);7576$header = id(new PHUIHeaderView())77->setHeader($header_text);7879$view = id(new PHUITwoColumnView())80->setHeader($header)81->setFooter(82array(83$help,84$response,85));8687return $this->newPage()88->setTitle(pht('Add Multi-Factor Authentication'))89->setCrumbs($crumbs)90->setNavigation($nav)91->appendChild($view);9293}9495private function loadPanels() {96$viewer = $this->getViewer();97$preferences = PhabricatorUserPreferences::loadUserPreferences($viewer);9899$panels = PhabricatorSettingsPanel::getAllDisplayPanels();100$base_uri = $this->newEnrollBaseURI();101102$result = array();103foreach ($panels as $key => $panel) {104$panel105->setPreferences($preferences)106->setViewer($viewer)107->setUser($viewer)108->setOverrideURI(urisprintf('%s%s/', $base_uri, $key));109110if (!$panel->isEnabled()) {111continue;112}113114if (!$panel->isUserPanel()) {115continue;116}117118if (!$panel->isMultiFactorEnrollmentPanel()) {119continue;120}121122if (!empty($result[$key])) {123throw new Exception(pht(124"Two settings panels share the same panel key ('%s'): %s, %s.",125$key,126get_class($panel),127get_class($result[$key])));128}129130$result[$key] = $panel;131}132133return $result;134}135136137private function newNavigation() {138$viewer = $this->getViewer();139140$enroll_uri = $this->newEnrollBaseURI();141142$nav = id(new AphrontSideNavFilterView())143->setBaseURI(new PhutilURI($enroll_uri));144145$multifactor_key = id(new PhabricatorMultiFactorSettingsPanel())146->getPanelKey();147148$nav->addFilter(149$multifactor_key,150pht('Enroll in MFA'),151null,152'fa-exclamation-triangle blue');153154$panels = $this->loadPanels();155156if ($panels) {157$nav->addLabel(pht('Settings'));158}159160foreach ($panels as $panel_key => $panel) {161if ($panel_key === $multifactor_key) {162continue;163}164165$nav->addFilter(166$panel->getPanelKey(),167$panel->getPanelName(),168null,169$panel->getPanelMenuIcon());170}171172return $nav;173}174175private function newEnrollBaseURI() {176return $this->getApplicationURI('enroll/');177}178179private function newGuidance() {180$viewer = $this->getViewer();181182if ($viewer->getIsEnrolledInMultiFactor()) {183$guidance = pht(184'{icon check, color="green"} **Setup Complete!**'.185"\n\n".186'You have successfully configured multi-factor authentication '.187'for your account.'.188"\n\n".189'You can make adjustments from the [[ /settings/ | Settings ]] panel '.190'later.');191192return $this->newDialog()193->setTitle(pht('Multi-Factor Authentication Setup Complete'))194->setWidth(AphrontDialogView::WIDTH_FULL)195->appendChild(new PHUIRemarkupView($viewer, $guidance))196->addCancelButton('/', pht('Continue'));197}198199$views = array();200201$messages = array();202203$messages[] = pht(204'Before you can use this software, you need to add multi-factor '.205'authentication to your account. Multi-factor authentication helps '.206'secure your account by making it more difficult for attackers to '.207'gain access or take sensitive actions.');208209$view = id(new PHUIInfoView())210->setTitle(pht('Add Multi-Factor Authentication To Your Account'))211->setSeverity(PHUIInfoView::SEVERITY_WARNING)212->setErrors($messages);213214$views[] = $view;215216217$providers = id(new PhabricatorAuthFactorProviderQuery())218->setViewer($viewer)219->withStatuses(220array(221PhabricatorAuthFactorProviderStatus::STATUS_ACTIVE,222))223->execute();224if (!$providers) {225$messages = array();226227$required_key = 'security.require-multi-factor-auth';228229$messages[] = pht(230'This install has the configuration option "%s" enabled, but does '.231'not have any active multifactor providers configured. This means '.232'you are required to add MFA, but are also prevented from doing so. '.233'An administrator must disable "%s" or enable an MFA provider to '.234'allow you to continue.',235$required_key,236$required_key);237238$view = id(new PHUIInfoView())239->setTitle(pht('Multi-Factor Authentication is Misconfigured'))240->setSeverity(PHUIInfoView::SEVERITY_ERROR)241->setErrors($messages);242243$views[] = $view;244}245246return $views;247}248249}250251252