Implement new auth login flow and login validation controller

Summary: Ref T1536. None of this code is reachable. Implements new-auth login (so you can actually login) and login validation (which checks that cookies were set correctly). Test Plan: Manually enabled FB auth, went through the auth flow to login/logout. Manually hit most of the validation errors. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6162
2013-06-16 10:15:33 -07:00
parent c108ada7e4
commit 104d3221d9
5 changed files with 95 additions and 17 deletions
--- a/src/applications/auth/controller/PhabricatorAuthValidateController.php
+++ b/src/applications/auth/controller/PhabricatorAuthValidateController.php
@@ -0,0 +1,73 @@
+<?php
+
+final class PhabricatorAuthValidateController
+  extends PhabricatorAuthController {
+
+  public function shouldRequireLogin() {
+    return false;
+  }
+
+  public function processRequest() {
+    $request = $this->getRequest();
+    $viewer = $request->getUser();
+
+    $failures = array();
+
+    if (!strlen($request->getStr('phusr'))) {
+      return $this->renderErrors(
+        array(
+          pht(
+            'Login validation is missing expected parameter ("%s").',
+            'phusr')));
+    }
+
+    $expect_phusr = $request->getStr('phusr');
+    $actual_phusr = $request->getCookie('phusr');
+    if ($actual_phusr != $expect_phusr) {
+      if ($actual_phusr) {
+        $failures[] = pht(
+          "Attempted to set '%s' cookie to '%s', but your browser sent back ".
+          "a cookie with the value '%s'. Clear your browser's cookies and ".
+          "try again.",
+          'phusr',
+          $expect_phusr,
+          $actual_phusr);
+      } else {
+        $failures[] = pht(
+          "Attempted to set '%s' cookie to '%s', but your browser did not ".
+          "accept the cookie. Check that cookies are enabled, clear them, ".
+          "and try again.",
+          'phusr',
+          $expect_phusr);
+      }
+    }
+
+    if (!$failures) {
+      if (!$viewer->getPHID()) {
+        $failures[] = pht(
+          "Login cookie was set correctly, but your login session is not ".
+          "valid. Try clearing cookies and logging in again.");
+      }
+    }
+
+    if ($failures) {
+      return $this->renderErrors($failures);
+    }
+
+    $next = $request->getCookie('next_uri');
+    $request->clearCookie('next_uri');
+
+    if (!PhabricatorEnv::isValidLocalWebResource($next)) {
+      $next = '/';
+    }
+
+    return id(new AphrontRedirectResponse())->setURI($next);
+  }
+
+  private function renderErrors(array $messages) {
+    return $this->renderErrorPage(
+      pht('Login Failure'),
+      $messages);
+  }
+
+}