Path: blob/master/src/applications/auth/controller/PhabricatorEmailLoginController.php
13402 views
<?php12final class PhabricatorEmailLoginController3extends PhabricatorAuthController {45public function shouldRequireLogin() {6return false;7}89public function handleRequest(AphrontRequest $request) {10$viewer = $this->getViewer();11$is_logged_in = $viewer->isLoggedIn();1213$e_email = true;14$e_captcha = true;15$errors = array();1617if ($is_logged_in) {18if (!$this->isPasswordAuthEnabled()) {19return $this->newDialog()20->setTitle(pht('No Password Auth'))21->appendParagraph(22pht(23'Password authentication is not enabled and you are already '.24'logged in. There is nothing for you here.'))25->addCancelButton('/', pht('Continue'));26}2728$v_email = $viewer->loadPrimaryEmailAddress();29} else {30$v_email = $request->getStr('email');31}3233if ($request->isFormPost()) {34$e_email = null;35$e_captcha = pht('Again');3637if (!$is_logged_in) {38$captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request);39if (!$captcha_ok) {40$errors[] = pht('Captcha response is incorrect, try again.');41$e_captcha = pht('Invalid');42}43}4445if (!strlen($v_email)) {46$errors[] = pht('You must provide an email address.');47$e_email = pht('Required');48}4950if (!$errors) {51// NOTE: Don't validate the email unless the captcha is good; this makes52// it expensive to fish for valid email addresses while giving the user53// a better error if they goof their email.5455$action_actor = PhabricatorSystemActionEngine::newActorFromRequest(56$request);5758PhabricatorSystemActionEngine::willTakeAction(59array($action_actor),60new PhabricatorAuthTryEmailLoginAction(),611);6263$target_email = id(new PhabricatorUserEmail())->loadOneWhere(64'address = %s',65$v_email);6667$target_user = null;68if ($target_email) {69$target_user = id(new PhabricatorUser())->loadOneWhere(70'phid = %s',71$target_email->getUserPHID());72}7374if (!$target_user) {75$errors[] =76pht('There is no account associated with that email address.');77$e_email = pht('Invalid');78}7980// If this address is unverified, only send a reset link to it if81// the account has no verified addresses. This prevents an opportunistic82// attacker from compromising an account if a user adds an email83// address but mistypes it and doesn't notice.8485// (For a newly created account, all the addresses may be unverified,86// which is why we'll send to an unverified address in that case.)8788if ($target_email && !$target_email->getIsVerified()) {89$verified_addresses = id(new PhabricatorUserEmail())->loadAllWhere(90'userPHID = %s AND isVerified = 1',91$target_email->getUserPHID());92if ($verified_addresses) {93$errors[] = pht(94'That email address is not verified, but the account it is '.95'connected to has at least one other verified address. When an '.96'account has at least one verified address, you can only send '.97'password reset links to one of the verified addresses. Try '.98'a verified address instead.');99$e_email = pht('Unverified');100}101}102103if (!$errors) {104$target_address = new PhutilEmailAddress($target_email->getAddress());105106$user_log = PhabricatorUserLog::initializeNewLog(107$viewer,108$target_user->getPHID(),109PhabricatorEmailLoginUserLogType::LOGTYPE);110111$mail_engine = id(new PhabricatorPeopleEmailLoginMailEngine())112->setSender($viewer)113->setRecipient($target_user)114->setRecipientAddress($target_address)115->setActivityLog($user_log);116117try {118$mail_engine->validateMail();119} catch (PhabricatorPeopleMailEngineException $ex) {120return $this->newDialog()121->setTitle($ex->getTitle())122->appendParagraph($ex->getBody())123->addCancelButton('/auth/start/', pht('Done'));124}125126$mail_engine->sendMail();127128if ($is_logged_in) {129$instructions = pht(130'An email has been sent containing a link you can use to set '.131'a password for your account.');132} else {133$instructions = pht(134'An email has been sent containing a link you can use to log '.135'in to your account.');136}137138return $this->newDialog()139->setTitle(pht('Check Your Email'))140->setShortTitle(pht('Email Sent'))141->appendParagraph($instructions)142->addCancelButton('/', pht('Done'));143}144}145}146147$form = id(new AphrontFormView())148->setViewer($viewer);149150if ($this->isPasswordAuthEnabled()) {151if ($is_logged_in) {152$title = pht('Set Password');153$form->appendRemarkupInstructions(154pht(155'A password reset link will be sent to your primary email '.156'address. Follow the link to set an account password.'));157} else {158$title = pht('Password Reset');159$form->appendRemarkupInstructions(160pht(161'To reset your password, provide your email address. An email '.162'with a login link will be sent to you.'));163}164} else {165$title = pht('Email Login');166$form->appendRemarkupInstructions(167pht(168'To access your account, provide your email address. An email '.169'with a login link will be sent to you.'));170}171172if ($is_logged_in) {173$address_control = new AphrontFormStaticControl();174} else {175$address_control = id(new AphrontFormTextControl())176->setName('email')177->setError($e_email);178}179180$address_control181->setLabel(pht('Email Address'))182->setValue($v_email);183184$form185->appendControl($address_control);186187if (!$is_logged_in) {188$form->appendControl(189id(new AphrontFormRecaptchaControl())190->setLabel(pht('Captcha'))191->setError($e_captcha));192}193194return $this->newDialog()195->setTitle($title)196->setErrors($errors)197->setWidth(AphrontDialogView::WIDTH_FORM)198->appendForm($form)199->addCancelButton('/auth/start/')200->addSubmitButton(pht('Send Email'));201}202203private function isPasswordAuthEnabled() {204return (bool)PhabricatorPasswordAuthProvider::getPasswordProvider();205}206}207208209