| [ Index ] |
PHP Cross Reference of Phabricator |
[Summary view] [Print] [Text view]
1 <?php 2 3 final class DiffusionSetPasswordPanel extends PhabricatorSettingsPanel { 4 5 public function isEditableByAdministrators() { 6 return true; 7 } 8 9 public function getPanelKey() { 10 return 'vcspassword'; 11 } 12 13 public function getPanelName() { 14 return pht('VCS Password'); 15 } 16 17 public function getPanelGroup() { 18 return pht('Authentication'); 19 } 20 21 public function isEnabled() { 22 return PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth'); 23 } 24 25 public function processRequest(AphrontRequest $request) { 26 $viewer = $request->getUser(); 27 $user = $this->getUser(); 28 29 $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession( 30 $viewer, 31 $request, 32 '/settings/'); 33 34 $vcspassword = id(new PhabricatorRepositoryVCSPassword()) 35 ->loadOneWhere( 36 'userPHID = %s', 37 $user->getPHID()); 38 if (!$vcspassword) { 39 $vcspassword = id(new PhabricatorRepositoryVCSPassword()); 40 $vcspassword->setUserPHID($user->getPHID()); 41 } 42 43 $panel_uri = $this->getPanelURI('?saved=true'); 44 45 $errors = array(); 46 47 $e_password = true; 48 $e_confirm = true; 49 50 if ($request->isFormPost()) { 51 if ($request->getBool('remove')) { 52 if ($vcspassword->getID()) { 53 $vcspassword->delete(); 54 return id(new AphrontRedirectResponse())->setURI($panel_uri); 55 } 56 } 57 58 $new_password = $request->getStr('password'); 59 $confirm = $request->getStr('confirm'); 60 if (!strlen($new_password)) { 61 $e_password = pht('Required'); 62 $errors[] = pht('Password is required.'); 63 } else { 64 $e_password = null; 65 } 66 67 if (!strlen($confirm)) { 68 $e_confirm = pht('Required'); 69 $errors[] = pht('You must confirm the new password.'); 70 } else { 71 $e_confirm = null; 72 } 73 74 if (!$errors) { 75 $envelope = new PhutilOpaqueEnvelope($new_password); 76 77 try { 78 // NOTE: This test is against $viewer (not $user), so that the error 79 // message below makes sense in the case that the two are different, 80 // and because an admin reusing their own password is bad, while 81 // system agents generally do not have passwords anyway. 82 83 $same_password = $viewer->comparePassword($envelope); 84 } catch (PhabricatorPasswordHasherUnavailableException $ex) { 85 // If we're missing the hasher, just let the user continue. 86 $same_password = false; 87 } 88 89 if ($new_password !== $confirm) { 90 $e_password = pht('Does Not Match'); 91 $e_confirm = pht('Does Not Match'); 92 $errors[] = pht('Password and confirmation do not match.'); 93 } else if ($same_password) { 94 $e_password = pht('Not Unique'); 95 $e_confirm = pht('Not Unique'); 96 $errors[] = pht( 97 'This password is the same as another password associated '. 98 'with your account. You must use a unique password for '. 99 'VCS access.'); 100 } else if ( 101 PhabricatorCommonPasswords::isCommonPassword($new_password)) { 102 $e_password = pht('Very Weak'); 103 $e_confirm = pht('Very Weak'); 104 $errors[] = pht( 105 'This password is extremely weak: it is one of the most common '. 106 'passwords in use. Choose a stronger password.'); 107 } 108 109 110 if (!$errors) { 111 $vcspassword->setPassword($envelope, $user); 112 $vcspassword->save(); 113 114 return id(new AphrontRedirectResponse())->setURI($panel_uri); 115 } 116 } 117 } 118 119 $title = pht('Set VCS Password'); 120 121 $form = id(new AphrontFormView()) 122 ->setUser($viewer) 123 ->appendRemarkupInstructions( 124 pht( 125 'To access repositories hosted by Phabricator over HTTP, you must '. 126 'set a version control password. This password should be unique.'. 127 "\n\n". 128 "This password applies to all repositories available over ". 129 "HTTP.")); 130 131 if ($vcspassword->getID()) { 132 $form 133 ->appendChild( 134 id(new AphrontFormPasswordControl()) 135 ->setDisableAutocomplete(true) 136 ->setLabel(pht('Current Password')) 137 ->setDisabled(true) 138 ->setValue('********************')); 139 } else { 140 $form 141 ->appendChild( 142 id(new AphrontFormMarkupControl()) 143 ->setLabel(pht('Current Password')) 144 ->setValue(phutil_tag('em', array(), pht('No Password Set')))); 145 } 146 147 $form 148 ->appendChild( 149 id(new AphrontFormPasswordControl()) 150 ->setDisableAutocomplete(true) 151 ->setName('password') 152 ->setLabel(pht('New VCS Password')) 153 ->setError($e_password)) 154 ->appendChild( 155 id(new AphrontFormPasswordControl()) 156 ->setDisableAutocomplete(true) 157 ->setName('confirm') 158 ->setLabel(pht('Confirm VCS Password')) 159 ->setError($e_confirm)) 160 ->appendChild( 161 id(new AphrontFormSubmitControl()) 162 ->setValue(pht('Change Password'))); 163 164 165 if (!$vcspassword->getID()) { 166 $is_serious = PhabricatorEnv::getEnvConfig( 167 'phabricator.serious-business'); 168 169 $suggest = Filesystem::readRandomBytes(128); 170 $suggest = preg_replace('([^A-Za-z0-9/!().,;{}^&*%~])', '', $suggest); 171 $suggest = substr($suggest, 0, 20); 172 173 if ($is_serious) { 174 $form->appendRemarkupInstructions( 175 pht( 176 'Having trouble coming up with a good password? Try this randomly '. 177 'generated one, made by a computer:'. 178 "\n\n". 179 "`%s`", 180 $suggest)); 181 } else { 182 $form->appendRemarkupInstructions( 183 pht( 184 'Having trouble coming up with a good password? Try this '. 185 'artisinal password, hand made in small batches by our expert '. 186 'craftspeople: '. 187 "\n\n". 188 "`%s`", 189 $suggest)); 190 } 191 } 192 193 $hash_envelope = new PhutilOpaqueEnvelope($vcspassword->getPasswordHash()); 194 195 $form->appendChild( 196 id(new AphrontFormStaticControl()) 197 ->setLabel(pht('Current Algorithm')) 198 ->setValue( 199 PhabricatorPasswordHasher::getCurrentAlgorithmName($hash_envelope))); 200 201 $form->appendChild( 202 id(new AphrontFormStaticControl()) 203 ->setLabel(pht('Best Available Algorithm')) 204 ->setValue(PhabricatorPasswordHasher::getBestAlgorithmName())); 205 206 if (strlen($hash_envelope->openEnvelope())) { 207 try { 208 $can_upgrade = PhabricatorPasswordHasher::canUpgradeHash( 209 $hash_envelope); 210 } catch (PhabricatorPasswordHasherUnavailableException $ex) { 211 $can_upgrade = false; 212 $errors[] = pht( 213 'Your VCS password is currently hashed using an algorithm which is '. 214 'no longer available on this install.'); 215 $errors[] = pht( 216 'Because the algorithm implementation is missing, your password '. 217 'can not be used.'); 218 $errors[] = pht( 219 'You can set a new password to replace the old password.'); 220 } 221 222 if ($can_upgrade) { 223 $errors[] = pht( 224 'The strength of your stored VCS password hash can be upgraded. '. 225 'To upgrade, either: use the password to authenticate with a '. 226 'repository; or change your password.'); 227 } 228 } 229 230 $object_box = id(new PHUIObjectBoxView()) 231 ->setHeaderText($title) 232 ->setForm($form) 233 ->setFormErrors($errors); 234 235 $remove_form = id(new AphrontFormView()) 236 ->setUser($viewer); 237 238 if ($vcspassword->getID()) { 239 $remove_form 240 ->addHiddenInput('remove', true) 241 ->appendRemarkupInstructions( 242 pht( 243 'You can remove your VCS password, which will prevent your '. 244 'account from accessing repositories.')) 245 ->appendChild( 246 id(new AphrontFormSubmitControl()) 247 ->setValue(pht('Remove Password'))); 248 } else { 249 $remove_form->appendRemarkupInstructions( 250 pht( 251 'You do not currently have a VCS password set. If you set one, you '. 252 'can remove it here later.')); 253 } 254 255 $remove_box = id(new PHUIObjectBoxView()) 256 ->setHeaderText(pht('Remove VCS Password')) 257 ->setForm($remove_form); 258 259 $saved = null; 260 if ($request->getBool('saved')) { 261 $saved = id(new AphrontErrorView()) 262 ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) 263 ->setTitle(pht('Password Updated')) 264 ->appendChild(pht('Your VCS password has been updated.')); 265 } 266 267 return array( 268 $saved, 269 $object_box, 270 $remove_box, 271 ); 272 } 273 274 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Nov 30 09:20:46 2014 | Cross-referenced by PHPXref 0.7.1 |