src/applications/auth/controller/PhabricatorAuthValidateController.php

   1 <?php
   2
   3 final class PhabricatorAuthValidateController
   4   extends PhabricatorAuthController {
   5
   6   public function shouldRequireLogin() {
   7     return false;
   8   }
   9
  10   public function shouldAllowPartialSessions() {
  11     return true;
  12   }
  13
  14   public function shouldAllowLegallyNonCompliantUsers() {
  15     return true;
  16   }
  17
  18   public function handleRequest(AphrontRequest $request) {
  19     $viewer = $this->getViewer();
  20
  21     $failures = array();
  22
  23     if (!strlen($request->getStr('expect'))) {
  24       return $this->renderErrors(
  25         array(
  26           pht(
  27             'Login validation is missing expected parameter ("%s").',
  28             'phusr'),
  29         ));
  30     }
  31
  32     $expect_phusr = $request->getStr('expect');
  33     $actual_phusr = $request->getCookie(PhabricatorCookies::COOKIE_USERNAME);
  34     if ($actual_phusr != $expect_phusr) {
  35       if ($actual_phusr) {
  36         $failures[] = pht(
  37           "Attempted to set '%s' cookie to '%s', but your browser sent back ".
  38           "a cookie with the value '%s'. Clear your browser's cookies and ".
  39           "try again.",
  40           'phusr',
  41           $expect_phusr,
  42           $actual_phusr);
  43       } else {
  44         $failures[] = pht(
  45           "Attempted to set '%s' cookie to '%s', but your browser did not ".
  46           "accept the cookie. Check that cookies are enabled, clear them, ".
  47           "and try again.",
  48           'phusr',
  49           $expect_phusr);
  50       }
  51     }
  52
  53     if (!$failures) {
  54       if (!$viewer->getPHID()) {
  55         $failures[] = pht(
  56           'Login cookie was set correctly, but your login session is not '.
  57           'valid. Try clearing cookies and logging in again.');
  58       }
  59     }
  60
  61     if ($failures) {
  62       return $this->renderErrors($failures);
  63     }
  64
  65     $finish_uri = $this->getApplicationURI('finish/');
  66     return id(new AphrontRedirectResponse())->setURI($finish_uri);
  67   }
  68
  69   private function renderErrors(array $messages) {
  70     return $this->renderErrorPage(
  71       pht('Login Failure'),
  72       $messages);
  73   }
  74
  75 }