Correct Aphlict websocket URI construction after PHP8 compatibility changes
[phabricator.git] / src / applications / auth / controller / PhabricatorAuthNeedsMultiFactorController.php
blob0f86614b190e6868400abc7a767e314e7ca79544
1 <?php
3 final class PhabricatorAuthNeedsMultiFactorController
4 extends PhabricatorAuthController {
6 public function shouldRequireMultiFactorEnrollment() {
7 // Users need access to this controller in order to enroll in multi-factor
8 // auth.
9 return false;
12 public function shouldRequireEnabledUser() {
13 // Users who haven't been approved yet are allowed to enroll in MFA. We'll
14 // kick disabled users out later.
15 return false;
18 public function shouldRequireEmailVerification() {
19 // Users who haven't verified their email addresses yet can still enroll
20 // in MFA.
21 return false;
24 public function handleRequest(AphrontRequest $request) {
25 $viewer = $this->getViewer();
27 if ($viewer->getIsDisabled()) {
28 // We allowed unapproved and disabled users to hit this controller, but
29 // want to kick out disabled users now.
30 return new Aphront400Response();
33 $panels = $this->loadPanels();
35 $multifactor_key = id(new PhabricatorMultiFactorSettingsPanel())
36 ->getPanelKey();
38 $panel_key = $request->getURIData('pageKey');
39 if (!strlen($panel_key)) {
40 $panel_key = $multifactor_key;
43 if (!isset($panels[$panel_key])) {
44 return new Aphront404Response();
47 $nav = $this->newNavigation();
48 $nav->selectFilter($panel_key);
50 $panel = $panels[$panel_key];
52 $viewer->updateMultiFactorEnrollment();
54 if ($panel_key === $multifactor_key) {
55 $header_text = pht('Add Multi-Factor Auth');
56 $help = $this->newGuidance();
57 $panel->setIsEnrollment(true);
58 } else {
59 $header_text = $panel->getPanelName();
60 $help = null;
63 $response = $panel
64 ->setController($this)
65 ->setNavigation($nav)
66 ->processRequest($request);
68 if (($response instanceof AphrontResponse) ||
69 ($response instanceof AphrontResponseProducerInterface)) {
70 return $response;
73 $crumbs = $this->buildApplicationCrumbs()
74 ->addTextCrumb(pht('Add Multi-Factor Auth'))
75 ->setBorder(true);
77 $header = id(new PHUIHeaderView())
78 ->setHeader($header_text);
80 $view = id(new PHUITwoColumnView())
81 ->setHeader($header)
82 ->setFooter(
83 array(
84 $help,
85 $response,
86 ));
88 return $this->newPage()
89 ->setTitle(pht('Add Multi-Factor Authentication'))
90 ->setCrumbs($crumbs)
91 ->setNavigation($nav)
92 ->appendChild($view);
96 private function loadPanels() {
97 $viewer = $this->getViewer();
98 $preferences = PhabricatorUserPreferences::loadUserPreferences($viewer);
100 $panels = PhabricatorSettingsPanel::getAllDisplayPanels();
101 $base_uri = $this->newEnrollBaseURI();
103 $result = array();
104 foreach ($panels as $key => $panel) {
105 $panel
106 ->setPreferences($preferences)
107 ->setViewer($viewer)
108 ->setUser($viewer)
109 ->setOverrideURI(urisprintf('%s%s/', $base_uri, $key));
111 if (!$panel->isEnabled()) {
112 continue;
115 if (!$panel->isUserPanel()) {
116 continue;
119 if (!$panel->isMultiFactorEnrollmentPanel()) {
120 continue;
123 if (!empty($result[$key])) {
124 throw new Exception(pht(
125 "Two settings panels share the same panel key ('%s'): %s, %s.",
126 $key,
127 get_class($panel),
128 get_class($result[$key])));
131 $result[$key] = $panel;
134 return $result;
138 private function newNavigation() {
139 $viewer = $this->getViewer();
141 $enroll_uri = $this->newEnrollBaseURI();
143 $nav = id(new AphrontSideNavFilterView())
144 ->setBaseURI(new PhutilURI($enroll_uri));
146 $multifactor_key = id(new PhabricatorMultiFactorSettingsPanel())
147 ->getPanelKey();
149 $nav->addFilter(
150 $multifactor_key,
151 pht('Enroll in MFA'),
152 null,
153 'fa-exclamation-triangle blue');
155 $panels = $this->loadPanels();
157 if ($panels) {
158 $nav->addLabel(pht('Settings'));
161 foreach ($panels as $panel_key => $panel) {
162 if ($panel_key === $multifactor_key) {
163 continue;
166 $nav->addFilter(
167 $panel->getPanelKey(),
168 $panel->getPanelName(),
169 null,
170 $panel->getPanelMenuIcon());
173 return $nav;
176 private function newEnrollBaseURI() {
177 return $this->getApplicationURI('enroll/');
180 private function newGuidance() {
181 $viewer = $this->getViewer();
183 if ($viewer->getIsEnrolledInMultiFactor()) {
184 $guidance = pht(
185 '{icon check, color="green"} **Setup Complete!**'.
186 "\n\n".
187 'You have successfully configured multi-factor authentication '.
188 'for your account.'.
189 "\n\n".
190 'You can make adjustments from the [[ /settings/ | Settings ]] panel '.
191 'later.');
193 return $this->newDialog()
194 ->setTitle(pht('Multi-Factor Authentication Setup Complete'))
195 ->setWidth(AphrontDialogView::WIDTH_FULL)
196 ->appendChild(new PHUIRemarkupView($viewer, $guidance))
197 ->addCancelButton('/', pht('Continue'));
200 $views = array();
202 $messages = array();
204 $messages[] = pht(
205 'Before you can use this software, you need to add multi-factor '.
206 'authentication to your account. Multi-factor authentication helps '.
207 'secure your account by making it more difficult for attackers to '.
208 'gain access or take sensitive actions.');
210 $view = id(new PHUIInfoView())
211 ->setTitle(pht('Add Multi-Factor Authentication To Your Account'))
212 ->setSeverity(PHUIInfoView::SEVERITY_WARNING)
213 ->setErrors($messages);
215 $views[] = $view;
218 $providers = id(new PhabricatorAuthFactorProviderQuery())
219 ->setViewer($viewer)
220 ->withStatuses(
221 array(
222 PhabricatorAuthFactorProviderStatus::STATUS_ACTIVE,
224 ->execute();
225 if (!$providers) {
226 $messages = array();
228 $required_key = 'security.require-multi-factor-auth';
230 $messages[] = pht(
231 'This install has the configuration option "%s" enabled, but does '.
232 'not have any active multifactor providers configured. This means '.
233 'you are required to add MFA, but are also prevented from doing so. '.
234 'An administrator must disable "%s" or enable an MFA provider to '.
235 'allow you to continue.',
236 $required_key,
237 $required_key);
239 $view = id(new PHUIInfoView())
240 ->setTitle(pht('Multi-Factor Authentication is Misconfigured'))
241 ->setSeverity(PHUIInfoView::SEVERITY_ERROR)
242 ->setErrors($messages);
244 $views[] = $view;
247 return $views;