Path: blob/master/src/applications/diffusion/panel/DiffusionSetPasswordSettingsPanel.php
12242 views
<?php12final class DiffusionSetPasswordSettingsPanel extends PhabricatorSettingsPanel {34public function isManagementPanel() {5if ($this->getUser()->getIsMailingList()) {6return false;7}89return true;10}1112public function getPanelKey() {13return 'vcspassword';14}1516public function getPanelName() {17return pht('VCS Password');18}1920public function getPanelMenuIcon() {21return 'fa-code';22}2324public function getPanelGroupKey() {25return PhabricatorSettingsAuthenticationPanelGroup::PANELGROUPKEY;26}2728public function isEnabled() {29return PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth');30}3132public function processRequest(AphrontRequest $request) {33$viewer = $request->getUser();34$user = $this->getUser();3536$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(37$viewer,38$request,39'/settings/');4041$vcs_type = PhabricatorAuthPassword::PASSWORD_TYPE_VCS;4243$vcspasswords = id(new PhabricatorAuthPasswordQuery())44->setViewer($viewer)45->withObjectPHIDs(array($user->getPHID()))46->withPasswordTypes(array($vcs_type))47->withIsRevoked(false)48->execute();49if ($vcspasswords) {50$vcspassword = head($vcspasswords);51} else {52$vcspassword = PhabricatorAuthPassword::initializeNewPassword(53$user,54$vcs_type);55}5657$panel_uri = $this->getPanelURI('?saved=true');5859$errors = array();6061$e_password = true;62$e_confirm = true;6364$content_source = PhabricatorContentSource::newFromRequest($request);6566// NOTE: This test is against $viewer (not $user), so that the error67// message below makes sense in the case that the two are different,68// and because an admin reusing their own password is bad, while69// system agents generally do not have passwords anyway.7071$engine = id(new PhabricatorAuthPasswordEngine())72->setViewer($viewer)73->setContentSource($content_source)74->setObject($viewer)75->setPasswordType($vcs_type);7677if ($request->isFormPost()) {78if ($request->getBool('remove')) {79if ($vcspassword->getID()) {80$vcspassword->delete();81return id(new AphrontRedirectResponse())->setURI($panel_uri);82}83}8485$new_password = $request->getStr('password');86$confirm = $request->getStr('confirm');8788$envelope = new PhutilOpaqueEnvelope($new_password);89$confirm_envelope = new PhutilOpaqueEnvelope($confirm);9091try {92$engine->checkNewPassword($envelope, $confirm_envelope);93$e_password = null;94$e_confirm = null;95} catch (PhabricatorAuthPasswordException $ex) {96$errors[] = $ex->getMessage();97$e_password = $ex->getPasswordError();98$e_confirm = $ex->getConfirmError();99}100101if (!$errors) {102$vcspassword103->setPassword($envelope, $user)104->save();105106return id(new AphrontRedirectResponse())->setURI($panel_uri);107}108}109110$title = pht('Set VCS Password');111112$form = id(new AphrontFormView())113->setUser($viewer)114->appendRemarkupInstructions(115pht(116'To access repositories hosted on this server over HTTP, you must '.117'set a version control password. This password should be unique.'.118"\n\n".119"This password applies to all repositories available over ".120"HTTP."));121122if ($vcspassword->getID()) {123$form124->appendChild(125id(new AphrontFormPasswordControl())126->setDisableAutocomplete(true)127->setLabel(pht('Current Password'))128->setDisabled(true)129->setValue('********************'));130} else {131$form132->appendChild(133id(new AphrontFormMarkupControl())134->setLabel(pht('Current Password'))135->setValue(phutil_tag('em', array(), pht('No Password Set'))));136}137138$form139->appendChild(140id(new AphrontFormPasswordControl())141->setDisableAutocomplete(true)142->setName('password')143->setLabel(pht('New VCS Password'))144->setError($e_password))145->appendChild(146id(new AphrontFormPasswordControl())147->setDisableAutocomplete(true)148->setName('confirm')149->setLabel(pht('Confirm VCS Password'))150->setError($e_confirm))151->appendChild(152id(new AphrontFormSubmitControl())153->setValue(pht('Change Password')));154155156if (!$vcspassword->getID()) {157$is_serious = PhabricatorEnv::getEnvConfig(158'phabricator.serious-business');159160$suggest = Filesystem::readRandomBytes(128);161$suggest = preg_replace('([^A-Za-z0-9/!().,;{}^&*%~])', '', $suggest);162$suggest = substr($suggest, 0, 20);163164if ($is_serious) {165$form->appendRemarkupInstructions(166pht(167'Having trouble coming up with a good password? Try this randomly '.168'generated one, made by a computer:'.169"\n\n".170"`%s`",171$suggest));172} else {173$form->appendRemarkupInstructions(174pht(175'Having trouble coming up with a good password? Try this '.176'artisanal password, hand made in small batches by our expert '.177'craftspeople: '.178"\n\n".179"`%s`",180$suggest));181}182}183184$hash_envelope = new PhutilOpaqueEnvelope($vcspassword->getPasswordHash());185186$form->appendChild(187id(new AphrontFormStaticControl())188->setLabel(pht('Current Algorithm'))189->setValue(190PhabricatorPasswordHasher::getCurrentAlgorithmName($hash_envelope)));191192$form->appendChild(193id(new AphrontFormStaticControl())194->setLabel(pht('Best Available Algorithm'))195->setValue(PhabricatorPasswordHasher::getBestAlgorithmName()));196197if (strlen($hash_envelope->openEnvelope())) {198try {199$can_upgrade = PhabricatorPasswordHasher::canUpgradeHash(200$hash_envelope);201} catch (PhabricatorPasswordHasherUnavailableException $ex) {202$can_upgrade = false;203$errors[] = pht(204'Your VCS password is currently hashed using an algorithm which is '.205'no longer available on this install.');206$errors[] = pht(207'Because the algorithm implementation is missing, your password '.208'can not be used.');209$errors[] = pht(210'You can set a new password to replace the old password.');211}212213if ($can_upgrade) {214$errors[] = pht(215'The strength of your stored VCS password hash can be upgraded. '.216'To upgrade, either: use the password to authenticate with a '.217'repository; or change your password.');218}219}220221$object_box = id(new PHUIObjectBoxView())222->setHeaderText($title)223->setBackground(PHUIObjectBoxView::WHITE_CONFIG)224->setForm($form)225->setFormErrors($errors);226227$remove_form = id(new AphrontFormView())228->setUser($viewer);229230if ($vcspassword->getID()) {231$remove_form232->addHiddenInput('remove', true)233->appendRemarkupInstructions(234pht(235'You can remove your VCS password, which will prevent your '.236'account from accessing repositories.'))237->appendChild(238id(new AphrontFormSubmitControl())239->setValue(pht('Remove Password')));240} else {241$remove_form->appendRemarkupInstructions(242pht(243'You do not currently have a VCS password set. If you set one, you '.244'can remove it here later.'));245}246247$remove_box = id(new PHUIObjectBoxView())248->setHeaderText(pht('Remove VCS Password'))249->setBackground(PHUIObjectBoxView::WHITE_CONFIG)250->setForm($remove_form);251252$saved = null;253if ($request->getBool('saved')) {254$saved = id(new PHUIInfoView())255->setSeverity(PHUIInfoView::SEVERITY_NOTICE)256->setTitle(pht('Password Updated'))257->appendChild(pht('Your VCS password has been updated.'));258}259260return array(261$saved,262$object_box,263$remove_box,264);265}266267}268269270