| [ Index ] |
PHP Cross Reference of Phabricator |
[Summary view] [Print] [Text view]
1 <?php 2 3 final class PhabricatorEmailLoginController 4 extends PhabricatorAuthController { 5 6 public function shouldRequireLogin() { 7 return false; 8 } 9 10 public function processRequest() { 11 $request = $this->getRequest(); 12 13 if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { 14 return new Aphront400Response(); 15 } 16 17 $e_email = true; 18 $e_captcha = true; 19 $errors = array(); 20 21 $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); 22 23 if ($request->isFormPost()) { 24 $e_email = null; 25 $e_captcha = pht('Again'); 26 27 $captcha_ok = AphrontFormRecaptchaControl::processCaptcha($request); 28 if (!$captcha_ok) { 29 $errors[] = pht('Captcha response is incorrect, try again.'); 30 $e_captcha = pht('Invalid'); 31 } 32 33 $email = $request->getStr('email'); 34 if (!strlen($email)) { 35 $errors[] = pht('You must provide an email address.'); 36 $e_email = pht('Required'); 37 } 38 39 if (!$errors) { 40 // NOTE: Don't validate the email unless the captcha is good; this makes 41 // it expensive to fish for valid email addresses while giving the user 42 // a better error if they goof their email. 43 44 $target_email = id(new PhabricatorUserEmail())->loadOneWhere( 45 'address = %s', 46 $email); 47 48 $target_user = null; 49 if ($target_email) { 50 $target_user = id(new PhabricatorUser())->loadOneWhere( 51 'phid = %s', 52 $target_email->getUserPHID()); 53 } 54 55 if (!$target_user) { 56 $errors[] = 57 pht('There is no account associated with that email address.'); 58 $e_email = pht('Invalid'); 59 } 60 61 // If this address is unverified, only send a reset link to it if 62 // the account has no verified addresses. This prevents an opportunistic 63 // attacker from compromising an account if a user adds an email 64 // address but mistypes it and doesn't notice. 65 66 // (For a newly created account, all the addresses may be unverified, 67 // which is why we'll send to an unverified address in that case.) 68 69 if ($target_email && !$target_email->getIsVerified()) { 70 $verified_addresses = id(new PhabricatorUserEmail())->loadAllWhere( 71 'userPHID = %s AND isVerified = 1', 72 $target_email->getUserPHID()); 73 if ($verified_addresses) { 74 $errors[] = pht( 75 'That email addess is not verified. You can only send '. 76 'password reset links to a verified address.'); 77 $e_email = pht('Unverified'); 78 } 79 } 80 81 if (!$errors) { 82 $engine = new PhabricatorAuthSessionEngine(); 83 $uri = $engine->getOneTimeLoginURI( 84 $target_user, 85 null, 86 PhabricatorAuthSessionEngine::ONETIME_RESET); 87 88 if ($is_serious) { 89 $body = <<<EOBODY 90 You can use this link to reset your Phabricator password: 91 92 {$uri} 93 94 EOBODY; 95 } else { 96 $body = <<<EOBODY 97 Condolences on forgetting your password. You can use this link to reset it: 98 99 {$uri} 100 101 After you set a new password, consider writing it down on a sticky note and 102 attaching it to your monitor so you don't forget again! Choosing a very short, 103 easy-to-remember password like "cat" or "1234" might also help. 104 105 Best Wishes, 106 Phabricator 107 108 EOBODY; 109 } 110 111 $mail = id(new PhabricatorMetaMTAMail()) 112 ->setSubject(pht('[Phabricator] Password Reset')) 113 ->setForceDelivery(true) 114 ->addRawTos(array($target_email->getAddress())) 115 ->setBody($body) 116 ->saveAndSend(); 117 118 return $this->newDialog() 119 ->setTitle(pht('Check Your Email')) 120 ->setShortTitle(pht('Email Sent')) 121 ->appendParagraph( 122 pht('An email has been sent with a link you can use to login.')) 123 ->addCancelButton('/', pht('Done')); 124 } 125 } 126 127 } 128 129 $error_view = null; 130 if ($errors) { 131 $error_view = new AphrontErrorView(); 132 $error_view->setErrors($errors); 133 } 134 135 $email_auth = new PHUIFormLayoutView(); 136 $email_auth->appendChild($error_view); 137 $email_auth 138 ->setUser($request->getUser()) 139 ->setFullWidth(true) 140 ->appendChild( 141 id(new AphrontFormTextControl()) 142 ->setLabel(pht('Email')) 143 ->setName('email') 144 ->setValue($request->getStr('email')) 145 ->setError($e_email)) 146 ->appendChild( 147 id(new AphrontFormRecaptchaControl()) 148 ->setLabel(pht('Captcha')) 149 ->setError($e_captcha)); 150 151 $crumbs = $this->buildApplicationCrumbs(); 152 $crumbs->addTextCrumb(pht('Reset Password')); 153 154 $dialog = new AphrontDialogView(); 155 $dialog->setUser($request->getUser()); 156 $dialog->setTitle(pht( 157 'Forgot Password / Email Login')); 158 $dialog->appendChild($email_auth); 159 $dialog->addSubmitButton(pht('Send Email')); 160 $dialog->setSubmitURI('/login/email/'); 161 162 return $this->buildApplicationPage( 163 array( 164 $crumbs, 165 $dialog, 166 ), 167 array( 168 'title' => pht('Forgot Password'), 169 )); 170 } 171 172 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Nov 30 09:20:46 2014 | Cross-referenced by PHPXref 0.7.1 |