2013-06-17 06:12:45 -07:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
final class PhabricatorAuthUnlinkController
|
|
|
|
|
extends PhabricatorAuthController {
|
|
|
|
|
|
2015-08-01 16:49:27 -07:00
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
|
|
|
$viewer = $this->getViewer();
|
2019-02-06 16:00:40 -08:00
|
|
|
$id = $request->getURIData('id');
|
|
|
|
|
|
|
|
|
|
$account = id(new PhabricatorExternalAccountQuery())
|
|
|
|
|
->setViewer($viewer)
|
|
|
|
|
->withIDs(array($id))
|
|
|
|
|
->requireCapabilities(
|
|
|
|
|
array(
|
|
|
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
|
|
|
PhabricatorPolicyCapability::CAN_EDIT,
|
|
|
|
|
))
|
|
|
|
|
->executeOne();
|
2013-06-17 06:12:45 -07:00
|
|
|
if (!$account) {
|
2019-02-06 16:00:40 -08:00
|
|
|
return new Aphront404Response();
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
$done_uri = '/settings/panel/external/';
|
|
|
|
|
|
|
|
|
|
$config = $account->getProviderConfig();
|
|
|
|
|
$provider = $config->getProvider();
|
|
|
|
|
if (!$provider->shouldAllowAccountUnlink()) {
|
|
|
|
|
return $this->renderNotUnlinkableErrorDialog($provider, $done_uri);
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
$confirmations = $request->getStrList('confirmations');
|
|
|
|
|
$confirmations = array_fuse($confirmations);
|
|
|
|
|
|
|
|
|
|
if (!$request->isFormPost() || !isset($confirmations['unlink'])) {
|
2019-02-06 16:00:40 -08:00
|
|
|
return $this->renderConfirmDialog($confirmations, $config, $done_uri);
|
2019-02-05 11:43:01 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that this account isn't the only account which can be used to
|
|
|
|
|
// login. We warn you when you remove your only login account.
|
2013-06-17 06:12:45 -07:00
|
|
|
if ($account->isUsableForLogin()) {
|
2019-02-06 16:00:40 -08:00
|
|
|
$other_accounts = id(new PhabricatorExternalAccountQuery())
|
|
|
|
|
->setViewer($viewer)
|
|
|
|
|
->withUserPHIDs(array($viewer->getPHID()))
|
|
|
|
|
->execute();
|
2013-06-17 06:12:45 -07:00
|
|
|
|
|
|
|
|
$valid_accounts = 0;
|
|
|
|
|
foreach ($other_accounts as $other_account) {
|
|
|
|
|
if ($other_account->isUsableForLogin()) {
|
|
|
|
|
$valid_accounts++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($valid_accounts < 2) {
|
2019-02-05 11:43:01 -08:00
|
|
|
if (!isset($confirmations['only'])) {
|
2019-02-06 16:00:40 -08:00
|
|
|
return $this->renderOnlyUsableAccountConfirmDialog(
|
|
|
|
|
$confirmations,
|
|
|
|
|
$done_uri);
|
2019-02-05 11:43:01 -08:00
|
|
|
}
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
$account->delete();
|
Terminate other sessions on credential changes
Summary:
Fixes T5509. Currently, existing sessions live on even if you change your password.
Over the course of the program, we've recieved a lot of HackerOne reports that sessions do not terminate when users change their passwords. I hold that this isn't a security vulnerability: users can explicitly manage sessions, and this is more general and more powerful than tying session termination to password resets. In particular, many installs do not use a password provider at all (and no researcher has reported this in a general, application-aware way that discusses multiple authentication providers).
That said, dealing with these false positives is vaguely time consuming, and the "expected" behavior isn't bad for users, so just align behavior with researcher expectations: when passwords are changed, providers are removed, or multi-factor authentication is added to an account, terminate all other active login sessions.
Test Plan:
- Using two browsers, established multiple login sessions.
- In one browser, changed account password. Saw session terminate and logout in the second browser.
- In one browser, removed an authentication provider. Saw session terminate and logout in the second browser.
- In one browser, added MFA. Saw session terminate and logout in the second browser.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5509
Differential Revision: https://secure.phabricator.com/D10135
2014-08-04 12:04:35 -07:00
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
id(new PhabricatorAuthSessionEngine())->terminateLoginSessions(
|
|
|
|
|
$viewer,
|
|
|
|
|
new PhutilOpaqueEnvelope(
|
|
|
|
|
$request->getCookie(PhabricatorCookies::COOKIE_SESSION)));
|
2013-06-17 06:12:45 -07:00
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
return id(new AphrontRedirectResponse())->setURI($done_uri);
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function renderNotUnlinkableErrorDialog(
|
2019-02-06 16:00:40 -08:00
|
|
|
PhabricatorAuthProvider $provider,
|
|
|
|
|
$done_uri) {
|
2013-06-17 06:12:45 -07:00
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
return $this->newDialog()
|
2013-06-17 06:12:45 -07:00
|
|
|
->setTitle(pht('Permanent Account Link'))
|
|
|
|
|
->appendChild(
|
|
|
|
|
pht(
|
2014-06-09 11:36:49 -07:00
|
|
|
'You can not unlink this account because the administrator has '.
|
2019-02-06 16:00:40 -08:00
|
|
|
'configured Phabricator to make links to "%s" accounts permanent.',
|
2013-06-17 06:12:45 -07:00
|
|
|
$provider->getProviderName()))
|
2019-02-06 16:00:40 -08:00
|
|
|
->addCancelButton($done_uri);
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
private function renderOnlyUsableAccountConfirmDialog(
|
|
|
|
|
array $confirmations,
|
|
|
|
|
$done_uri) {
|
|
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
$confirmations[] = 'only';
|
2013-06-17 06:12:45 -07:00
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
return $this->newDialog()
|
|
|
|
|
->setTitle(pht('Unlink Your Only Login Account?'))
|
|
|
|
|
->addHiddenInput('confirmations', implode(',', $confirmations))
|
|
|
|
|
->appendParagraph(
|
|
|
|
|
pht(
|
|
|
|
|
'This is the only external login account linked to your Phabicator '.
|
|
|
|
|
'account. If you remove it, you may no longer be able to log in.'))
|
|
|
|
|
->appendParagraph(
|
|
|
|
|
pht(
|
|
|
|
|
'If you lose access to your account, you can recover access by '.
|
|
|
|
|
'sending yourself an email login link from the login screen.'))
|
2019-02-06 16:00:40 -08:00
|
|
|
->addCancelButton($done_uri)
|
2019-02-05 11:43:01 -08:00
|
|
|
->addSubmitButton(pht('Unlink External Account'));
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
private function renderConfirmDialog(
|
|
|
|
|
array $confirmations,
|
|
|
|
|
PhabricatorAuthProviderConfig $config,
|
|
|
|
|
$done_uri) {
|
|
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
$confirmations[] = 'unlink';
|
2019-02-06 16:00:40 -08:00
|
|
|
$provider = $config->getProvider();
|
2019-02-05 11:43:01 -08:00
|
|
|
|
2019-02-06 16:00:40 -08:00
|
|
|
$title = pht('Unlink "%s" Account?', $provider->getProviderName());
|
|
|
|
|
$body = pht(
|
|
|
|
|
'You will no longer be able to use your %s account to '.
|
|
|
|
|
'log in to Phabricator.',
|
|
|
|
|
$provider->getProviderName());
|
2013-06-17 06:12:45 -07:00
|
|
|
|
2019-02-05 11:43:01 -08:00
|
|
|
return $this->newDialog()
|
2013-06-17 06:12:45 -07:00
|
|
|
->setTitle($title)
|
2019-02-05 11:43:01 -08:00
|
|
|
->addHiddenInput('confirmations', implode(',', $confirmations))
|
Terminate other sessions on credential changes
Summary:
Fixes T5509. Currently, existing sessions live on even if you change your password.
Over the course of the program, we've recieved a lot of HackerOne reports that sessions do not terminate when users change their passwords. I hold that this isn't a security vulnerability: users can explicitly manage sessions, and this is more general and more powerful than tying session termination to password resets. In particular, many installs do not use a password provider at all (and no researcher has reported this in a general, application-aware way that discusses multiple authentication providers).
That said, dealing with these false positives is vaguely time consuming, and the "expected" behavior isn't bad for users, so just align behavior with researcher expectations: when passwords are changed, providers are removed, or multi-factor authentication is added to an account, terminate all other active login sessions.
Test Plan:
- Using two browsers, established multiple login sessions.
- In one browser, changed account password. Saw session terminate and logout in the second browser.
- In one browser, removed an authentication provider. Saw session terminate and logout in the second browser.
- In one browser, added MFA. Saw session terminate and logout in the second browser.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5509
Differential Revision: https://secure.phabricator.com/D10135
2014-08-04 12:04:35 -07:00
|
|
|
->appendParagraph($body)
|
|
|
|
|
->appendParagraph(
|
|
|
|
|
pht(
|
|
|
|
|
'Note: Unlinking an authentication provider will terminate any '.
|
|
|
|
|
'other active login sessions.'))
|
2013-06-17 06:12:45 -07:00
|
|
|
->addSubmitButton(pht('Unlink Account'))
|
2019-02-06 16:00:40 -08:00
|
|
|
->addCancelButton($done_uri);
|
2013-06-17 06:12:45 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|