From a3d4f4c457ef46f52dae89c36eada8139f93961c Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Thu, 5 Sep 2013 11:16:32 -0700
Subject: [PATCH] Fix an issue with `darkconsole.always-on` and logged-out
 users

Summary:
Fixes T3796. When this got split out into tabs, the data endpoints were accidentally locked down. Open them up again if the setting is on.

Also, when you open/close the console we try to save the preference. Just no-op if you're logged out. Previously, you'd see the requests in DarkConsole since they failed.

Test Plan: Enabled `darkconsole.always-on` and toggled the console on and off as a logged-out user. Disabled the preference and verified it was no longer accessible.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3796

Differential Revision: https://secure.phabricator.com/D6886
---
 src/aphront/console/DarkConsoleController.php     | 13 +++++++++++--
 src/aphront/console/DarkConsoleDataController.php |  4 ++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/aphront/console/DarkConsoleController.php b/src/aphront/console/DarkConsoleController.php
index 6f46716312..cb11db7b5c 100644
--- a/src/aphront/console/DarkConsoleController.php
+++ b/src/aphront/console/DarkConsoleController.php
@@ -8,22 +8,31 @@ final class DarkConsoleController extends PhabricatorController {
   protected $op;
   protected $data;
 
+  public function shouldRequireLogin() {
+    return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
+  }
+
   public function processRequest() {
     $request = $this->getRequest();
     $user = $request->getUser();
+    $response = id(new AphrontAjaxResponse())->setDisableConsole(true);
+
+    if (!$user->isLoggedIn()) {
+      return $response;
+    }
 
     $visible = $request->getStr('visible');
     if (strlen($visible)) {
       $user->setConsoleVisible((int)$visible);
       $user->save();
-      return id(new AphrontAjaxResponse())->setDisableConsole(true);
+      return $response;
     }
 
     $tab = $request->getStr('tab');
     if (strlen($tab)) {
       $user->setConsoleTab($tab);
       $user->save();
-      return id(new AphrontAjaxResponse())->setDisableConsole(true);
+      return $response;
     }
 
     return new Aphront404Response();
diff --git a/src/aphront/console/DarkConsoleDataController.php b/src/aphront/console/DarkConsoleDataController.php
index af5364fea6..f761308ada 100644
--- a/src/aphront/console/DarkConsoleDataController.php
+++ b/src/aphront/console/DarkConsoleDataController.php
@@ -7,6 +7,10 @@ final class DarkConsoleDataController extends PhabricatorController {
 
   private $key;
 
+  public function shouldRequireLogin() {
+    return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
+  }
+
   public function willProcessRequest(array $data) {
     $this->key = $data['key'];
   }