No OneTemporary
Actions

Size

27 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/controller/PhabricatorAuthLoginController.php b/src/applications/auth/controller/PhabricatorAuthLoginController.php
	index 29ecfaa55e..c94180c999 100644
	--- a/src/applications/auth/controller/PhabricatorAuthLoginController.php
	+++ b/src/applications/auth/controller/PhabricatorAuthLoginController.php
	@@ -1,213 +1,222 @@
	<?php

	final class PhabricatorAuthLoginController
	extends PhabricatorAuthController {

	private $providerKey;
	private $provider;

	public function shouldRequireLogin() {
	return false;
	}

	public function willProcessRequest(array $data) {
	$this->providerKey = $data['pkey'];
	}

	public function processRequest() {
	$request = $this->getRequest();
	$viewer = $request->getUser();

	$response = $this->loadProvider();
	if ($response) {
	return $response;
	}

	$provider = $this->provider;

	list($account, $response) = $provider->processLoginRequest($this);
	if ($response) {
	return $response;
	}

	if (!$account) {
	throw new Exception(
	"Auth provider failed to load an account from processLoginRequest()!");
	}

	if ($account->getUserPHID()) {
	// The account is already attached to a Phabricator user, so this is
	// either a login or a bad account link request.
	if (!$viewer->isLoggedIn()) {
	if ($provider->shouldAllowLogin()) {
	return $this->processLoginUser($account);
	} else {
	return $this->renderError(
	pht(
	'The external account ("%s") you just authenticated with is '.
	'not configured to allow logins on this Phabricator install. '.
	'An administrator may have recently disabled it.',
	$provider->getProviderName()));
	}
	} else if ($viewer->getPHID() == $account->getUserPHID()) {
	return $this->renderError(
	pht(
	'This external account ("%s") is already linked to your '.
	'Phabricator account.'));
	} else {
	return $this->renderError(
	pht(
	'The external account ("%s") you just used to login is alerady '.
	'associated with another Phabricator user account. Login to the '.
	'other Phabricator account and unlink the external account before '.
	'linking it to a new Phabricator account.',
	$provider->getProviderName()));
	}
	} else {
	// The account is not yet attached to a Phabricator user, so this is
	// either a registration or an account link request.
	if (!$viewer->isLoggedIn()) {
	if ($provider->shouldAllowRegistration()) {
	return $this->processRegisterUser($account);
	} else {
	return $this->renderError(
	pht(
	'The external account ("%s") you just authenticated with is '.
	'not configured to allow registration on this Phabricator '.
	'install. An administrator may have recently disabled it.',
	$provider->getProviderName()));
	}
	} else {
	if ($provider->shouldAllowAccountLink()) {
	return $this->processLinkUser($account);
	} else {
	return $this->renderError(
	pht(
	'The external account ("%s") you just authenticated with is '.
	'not configured to allow account linking on this Phabricator '.
	'install. An administrator may have recently disabled it.',
	$provider->getProviderName()));
	}
	}
	}

	// This should be unreachable, but fail explicitly if we get here somehow.
	return new Aphront400Response();
	}

	private function processLoginUser(PhabricatorExternalAccount $account) {
	$user = id(new PhabricatorUser())->loadOneWhere(
	'phid = %s',
	$account->getUserPHID());

	if (!$user) {
	return $this->renderError(
	pht(
	'The external account you just logged in with is not associated '.
	'with a valid Phabricator user.'));
	}

	return $this->loginUser($user);
	}

	private function processRegisterUser(PhabricatorExternalAccount $account) {
	$account_secret = $account->getAccountSecret();
	$register_uri = $this->getApplicationURI('register/'.$account_secret.'/');
	return $this->setAccountKeyAndContinue($account, $register_uri);
	}

	private function processLinkUser(PhabricatorExternalAccount $account) {
	$account_secret = $account->getAccountSecret();
	$confirm_uri = $this->getApplicationURI('confirmlink/'.$account_secret.'/');
	return $this->setAccountKeyAndContinue($account, $confirm_uri);
	}

	private function setAccountKeyAndContinue(
	PhabricatorExternalAccount $account,
	$next_uri) {

	if ($account->getUserPHID()) {
	throw new Exception("Account is already registered or linked.");
	}

	// Regenerate the registration secret key, set it on the external account,
	// set a cookie on the user's machine, and redirect them to registration.
	// See PhabricatorAuthRegisterController for discussion of the registration
	// key.

	$registration_key = Filesystem::readRandomCharacters(32);
	$account->setProperty(
	'registrationKey',
	PhabricatorHash::digest($registration_key));

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$account->save();
	unset($unguarded);

	$this->getRequest()->setCookie('phreg', $registration_key);

	return id(new AphrontRedirectResponse())->setURI($next_uri);
	}

	private function loadProvider() {
	$provider = PhabricatorAuthProvider::getEnabledProviderByKey(
	$this->providerKey);

	if (!$provider) {
	return $this->renderError(
	pht(
	'The account you are attempting to login with uses a nonexistent '.
	'or disabled authentication provider (with key "%s"). An '.
	'administrator may have recently disabled this provider.',
	$this->providerKey));
	}

	$this->provider = $provider;

	return null;
	}

	protected function renderError($message) {
	return $this->renderErrorPage(
	pht('Login Failed'),
	array($message));
	}

	public function buildProviderPageResponse(
	PhabricatorAuthProvider $provider,
	$content) {

	$crumbs = $this->buildApplicationCrumbs();
	- $crumbs->addCrumb(
	- id(new PhabricatorCrumbView())
	- ->setName(pht('Login'))
	- ->setHref($this->getApplicationURI('start/')));
	+
	+ if ($this->getRequest()->getUser()->isLoggedIn()) {
	+ $crumbs->addCrumb(
	+ id(new PhabricatorCrumbView())
	+ ->setName(pht('Link Account'))
	+ ->setHref($provider->getSettingsURI()));
	+ } else {
	+ $crumbs->addCrumb(
	+ id(new PhabricatorCrumbView())
	+ ->setName(pht('Login'))
	+ ->setHref($this->getApplicationURI('start/')));
	+ }
	+
	$crumbs->addCrumb(
	id(new PhabricatorCrumbView())
	->setName($provider->getProviderName()));

	return $this->buildApplicationPage(
	array(
	$crumbs,
	$content,
	),
	array(
	'title' => pht('Login'),
	'device' => true,
	'dust' => true,
	));
	}

	public function buildProviderErrorResponse(
	PhabricatorAuthProvider $provider,
	$message) {

	$message = pht(
	'Authentication provider ("%s") encountered an error during login. %s',
	$provider->getProviderName(),
	$message);

	return $this->renderError($message);
	}

	}
	diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
	index 3d05da8a76..5bbc7d3c20 100644
	--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
	+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
	@@ -1,250 +1,256 @@
	<?php

	abstract class PhabricatorAuthProvider {

	private $providerConfig;

	public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
	$this->providerConfig = $config;
	return $this;
	}

	public function getProviderConfig() {
	if ($this->config === null) {
	throw new Exception(
	"Call attachProviderConfig() before getProviderConfig()!");
	}
	return $this->config;
	}

	public function getNameForCreate() {
	return $this->getProviderName();
	}

	public function getDescriptionForCreate() {
	return null;
	}

	public function getProviderKey() {
	return $this->getAdapter()->getAdapterKey();
	}

	public function getProviderType() {
	return $this->getAdapter()->getAdapterType();
	}

	public function getProviderDomain() {
	return $this->getAdapter()->getAdapterDomain();
	}

	public static function getAllBaseProviders() {
	static $providers;

	if ($providers === null) {
	$objects = id(new PhutilSymbolLoader())
	->setAncestorClass(__CLASS__)
	->loadObjects();
	$providers = $objects;
	}

	return $providers;
	}

	public static function getAllProviders() {
	static $providers;

	if ($providers === null) {
	$objects = self::getAllBaseProviders();

	$providers = array();
	$from_class_map = array();
	foreach ($objects as $object) {
	$from_class = get_class($object);
	$object_providers = $object->createProviders();
	assert_instances_of($object_providers, 'PhabricatorAuthProvider');
	foreach ($object_providers as $provider) {
	$key = $provider->getProviderKey();
	if (isset($providers[$key])) {
	$first_class = $from_class_map[$key];
	throw new Exception(
	"PhabricatorAuthProviders '{$first_class}' and '{$from_class}' ".
	"both created authentication providers identified by key ".
	"'{$key}'. Provider keys must be unique.");
	}
	$providers[$key] = $provider;
	$from_class_map[$key] = $from_class;
	}
	}
	}

	return $providers;
	}

	public static function getAllEnabledProviders() {
	$providers = self::getAllProviders();
	foreach ($providers as $key => $provider) {
	if (!$provider->isEnabled()) {
	unset($providers[$key]);
	}
	}
	return $providers;
	}

	public static function getEnabledProviderByKey($provider_key) {
	return idx(self::getAllEnabledProviders(), $provider_key);
	}

	abstract public function getProviderName();
	abstract public function getAdapter();

	public function isEnabled() {
	return true;
	}

	abstract public function shouldAllowLogin();
	abstract public function shouldAllowRegistration();
	abstract public function shouldAllowAccountLink();
	abstract public function shouldAllowAccountUnlink();

	public function buildLoginForm(
	PhabricatorAuthStartController $controller) {
	- return $this->renderLoginForm($controller->getRequest(), $is_link = false);
	+ return $this->renderLoginForm($controller->getRequest(), $mode = 'start');
	}

	abstract public function processLoginRequest(
	PhabricatorAuthLoginController $controller);

	public function buildLinkForm(
	PhabricatorAuthLinkController $controller) {
	- return $this->renderLoginForm($controller->getRequest(), $is_link = true);
	+ return $this->renderLoginForm($controller->getRequest(), $mode = 'link');
	}

	protected function renderLoginForm(
	AphrontRequest $request,
	- $is_link) {
	+ $mode) {
	throw new Exception("Not implemented!");
	}

	public function extendEditForm(AphrontFormView $form) {

	}


	public function createProviders() {
	return array($this);
	}

	protected function willSaveAccount(PhabricatorExternalAccount $account) {
	return;
	}

	public function willRegisterAccount(PhabricatorExternalAccount $account) {
	return;
	}

	protected function loadOrCreateAccount($account_id) {
	if (!strlen($account_id)) {
	throw new Exception(
	"loadOrCreateAccount(...): empty account ID!");
	}

	$adapter = $this->getAdapter();
	$adapter_class = get_class($adapter);

	if (!strlen($adapter->getAdapterType())) {
	throw new Exception(
	"AuthAdapter (of class '{$adapter_class}') has an invalid ".
	"implementation: no adapter type.");
	}

	if (!strlen($adapter->getAdapterDomain())) {
	throw new Exception(
	"AuthAdapter (of class '{$adapter_class}') has an invalid ".
	"implementation: no adapter domain.");
	}

	$account = id(new PhabricatorExternalAccount())->loadOneWhere(
	'accountType = %s AND accountDomain = %s AND accountID = %s',
	$adapter->getAdapterType(),
	$adapter->getAdapterDomain(),
	$account_id);
	if (!$account) {
	$account = id(new PhabricatorExternalAccount())
	->setAccountType($adapter->getAdapterType())
	->setAccountDomain($adapter->getAdapterDomain())
	->setAccountID($account_id);
	}

	$account->setUsername($adapter->getAccountName());
	$account->setRealName($adapter->getAccountRealName());
	$account->setEmail($adapter->getAccountEmail());
	$account->setAccountURI($adapter->getAccountURI());

	try {
	$name = PhabricatorSlug::normalize($this->getProviderName());
	$name = $name.'-profile.jpg';

	// TODO: If the image has not changed, we do not need to make a new
	// file entry for it, but there's no convenient way to do this with
	// PhabricatorFile right now. The storage will get shared, so the impact
	// here is negligible.

	$image_uri = $adapter->getAccountImageURI();

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$image_file = PhabricatorFile::newFromFileDownload(
	$image_uri,
	array(
	'name' => $name,
	));
	unset($unguarded);

	$account->setProfileImagePHID($image_file->getPHID());
	} catch (Exception $ex) {
	$account->setProfileImagePHID(null);
	}

	$this->willSaveAccount($account);

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$account->save();
	unset($unguarded);

	return $account;
	}

	- protected function getLoginURI() {
	+ public function getLoginURI() {
	$app = PhabricatorApplication::getByClass('PhabricatorApplicationAuth');
	$uri = $app->getApplicationURI('/login/'.$this->getProviderKey().'/');
	return PhabricatorEnv::getURI($uri);
	}

	- protected function getCancelLinkURI() {
	+ public function getSettingsURI() {
	return '/settings/panel/external/';
	}

	+ public function getStartURI() {
	+ $app = PhabricatorApplication::getByClass('PhabricatorApplicationAuth');
	+ $uri = $app->getApplicationURI('/start/');
	+ return $uri;
	+ }
	+
	public function isDefaultRegistrationProvider() {
	return false;
	}

	public function shouldRequireRegistrationPassword() {
	return false;
	}

	public function getDefaultExternalAccount() {
	throw new Exception("Not implemented!");
	}

	public function getLoginOrder() {
	return '500-'.$this->getProviderName();
	}

	protected function getLoginIcon() {
	return 'Generic';
	}

	public function isLoginFormAButton() {
	return false;
	}

	}
	diff --git a/src/applications/auth/provider/PhabricatorAuthProviderLDAP.php b/src/applications/auth/provider/PhabricatorAuthProviderLDAP.php
	index 8d8c00b877..72ee552466 100644
	--- a/src/applications/auth/provider/PhabricatorAuthProviderLDAP.php
	+++ b/src/applications/auth/provider/PhabricatorAuthProviderLDAP.php
	@@ -1,168 +1,174 @@
	<?php

	final class PhabricatorAuthProviderLDAP
	extends PhabricatorAuthProvider {

	private $adapter;

	public function getProviderName() {
	return pht('LDAP');
	}

	public function getDescriptionForCreate() {
	return pht(
	'Configure a connection to an LDAP server so that users can use their '.
	'LDAP credentials to log in to Phabricator.');
	}


	public function isEnabled() {
	return parent::isEnabled() &&
	PhabricatorEnv::getEnvConfig('ldap.auth-enabled');
	}

	public function getAdapter() {
	if (!$this->adapter) {
	$adapter = id(new PhutilAuthAdapterLDAP())
	->setHostname(PhabricatorEnv::getEnvConfig('ldap.hostname'))
	->setPort(PhabricatorEnv::getEnvConfig('ldap.port'))
	->setBaseDistinguishedName(PhabricatorEnv::getEnvConfig('ldap.base_dn'))
	->setSearchAttribute(
	PhabricatorEnv::getEnvConfig('ldap.search_attribute'))
	->setUsernameAttribute(
	PhabricatorEnv::getEnvConfig('ldap.username-attribute'))
	->setLDAPVersion(PhabricatorEnv::getEnvConfig('ldap.version'))
	->setLDAPReferrals(PhabricatorEnv::getEnvConfig('ldap.referrals'))
	->setLDAPStartTLS(PhabricatorEnv::getEnvConfig('ldap.start-tls'))
	->setAnonymousUsername(
	PhabricatorEnv::getEnvConfig('ldap.anonymous-user-name'))
	->setAnonymousPassword(
	new PhutilOpaqueEnvelope(
	PhabricatorEnv::getEnvConfig('ldap.anonymous-user-password')))
	->setSearchFirst(PhabricatorEnv::getEnvConfig('ldap.search-first'))
	->setActiveDirectoryDomain(
	PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain'));
	$this->adapter = $adapter;
	}
	return $this->adapter;
	}

	public function shouldAllowLogin() {
	return true;
	}

	public function shouldAllowRegistration() {
	return true;
	}

	public function shouldAllowAccountLink() {
	return true;
	}

	public function shouldAllowAccountUnlink() {
	return true;
	}

	- protected function renderLoginForm(AphrontRequest $request, $is_link) {
	+ protected function renderLoginForm(AphrontRequest $request, $mode) {
	$viewer = $request->getUser();

	$dialog = id(new AphrontDialogView())
	->setSubmitURI($this->getLoginURI())
	->setUser($viewer);

	- if ($is_link) {
	+ if ($mode == 'link') {
	$dialog->setTitle(pht('Link LDAP Account'));
	$dialog->addSubmitButton(pht('Link Accounts'));
	- } else if ($this->shouldAllowRegistration()) {
	- $dialog->setTitle(pht('Login or Register with LDAP'));
	- $dialog->addSubmitButton(pht('Login or Register'));
	+ $dialog->addCancelButton($this->getSettingsURI());
	} else {
	- $dialog->setTitle(pht('Login with LDAP'));
	- $dialog->addSubmitButton(pht('Login'));
	+ if ($this->shouldAllowRegistration()) {
	+ $dialog->setTitle(pht('Login or Register with LDAP'));
	+ $dialog->addSubmitButton(pht('Login or Register'));
	+ } else {
	+ $dialog->setTitle(pht('Login with LDAP'));
	+ $dialog->addSubmitButton(pht('Login'));
	+ }
	+ if ($mode == 'login') {
	+ $dialog->addCancelButton($this->getStartURI());
	+ }
	}

	$v_user = $request->getStr('ldap_username');

	$e_user = null;
	$e_pass = null;

	$errors = array();
	if ($request->isHTTPPost()) {
	// NOTE: This is intentionally vague so as not to disclose whether a
	// given username exists.
	$e_user = pht('Invalid');
	$e_pass = pht('Invalid');
	$errors[] = pht('Username or password are incorrect.');
	}

	$form = id(new AphrontFormLayoutView())
	->setUser($viewer)
	->setFullWidth(true)
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel('LDAP Username')
	->setName('ldap_username')
	->setValue($v_user)
	->setError($e_user))
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel('LDAP Password')
	->setName('ldap_password')
	->setError($e_pass));

	if ($errors) {
	$errors = id(new AphrontErrorView())->setErrors($errors);
	}

	$dialog->appendChild($errors);
	$dialog->appendChild($form);


	return $dialog;
	}

	public function processLoginRequest(
	PhabricatorAuthLoginController $controller) {

	$request = $controller->getRequest();
	$viewer = $request->getUser();
	$response = null;
	$account = null;

	$username = $request->getStr('ldap_username');
	$password = $request->getStr('ldap_password');
	$has_password = strlen($password);
	$password = new PhutilOpaqueEnvelope($password);

	if (!strlen($username) \|\| !$has_password) {
	$response = $controller->buildProviderPageResponse(
	$this,
	- $this->renderLoginForm($request));
	+ $this->renderLoginForm($request, 'login'));
	return array($account, $response);
	}

	try {
	if (strlen($username) && $has_password) {
	$adapter = $this->getAdapter();
	$adapter->setLoginUsername($username);
	$adapter->setLoginPassword($password);

	// TODO: This calls ldap_bind() eventually, which dumps cleartext
	// passwords to the error log. See note in PhutilAuthAdapterLDAP.
	// See T3351.

	DarkConsoleErrorLogPluginAPI::enableDiscardMode();
	$account_id = $adapter->getAccountID();
	DarkConsoleErrorLogPluginAPI::disableDiscardMode();
	} else {
	throw new Exception("Username and password are required!");
	}
	} catch (Exception $ex) {
	// TODO: Make this cleaner.
	throw $ex;
	}

	return array($this->loadOrCreateAccount($account_id), $response);
	}

	}
	diff --git a/src/applications/auth/provider/PhabricatorAuthProviderOAuth.php b/src/applications/auth/provider/PhabricatorAuthProviderOAuth.php
	index 7bf1b01971..f0c12c1f82 100644
	--- a/src/applications/auth/provider/PhabricatorAuthProviderOAuth.php
	+++ b/src/applications/auth/provider/PhabricatorAuthProviderOAuth.php
	@@ -1,204 +1,204 @@
	<?php

	abstract class PhabricatorAuthProviderOAuth extends PhabricatorAuthProvider {

	protected $adapter;

	abstract protected function getOAuthClientID();
	abstract protected function getOAuthClientSecret();
	abstract protected function newOAuthAdapter();

	public function getDescriptionForCreate() {
	return pht('Configure %s OAuth.', $this->getProviderName());
	}

	public function getAdapter() {
	if (!$this->adapter) {
	$adapter = $this->newOAuthAdapter();
	$this->adapter = $adapter;
	$this->configureAdapter($adapter);
	}
	return $this->adapter;
	}

	public function isEnabled() {
	return parent::isEnabled() &&
	$this->getOAuthClientID() &&
	$this->getOAuthClientSecret();
	}

	protected function configureAdapter(PhutilAuthAdapterOAuth $adapter) {
	if ($this->getOAuthClientID()) {
	$adapter->setClientID($this->getOAuthClientID());
	}

	if ($this->getOAuthClientSecret()) {
	$adapter->setClientSecret($this->getOAuthClientSecret());
	}

	$adapter->setRedirectURI($this->getLoginURI());
	return $adapter;
	}

	public function isLoginFormAButton() {
	return true;
	}

	- protected function renderLoginForm(AphrontRequest $request, $is_link) {
	+ protected function renderLoginForm(AphrontRequest $request, $mode) {
	$viewer = $request->getUser();

	- if ($is_link) {
	+ if ($mode == 'link') {
	$button_text = pht('Link External Account');
	} else if ($this->shouldAllowRegistration()) {
	$button_text = pht('Login or Register');
	} else {
	$button_text = pht('Login');
	}

	$icon = id(new PHUIIconView())
	->setSpriteSheet(PHUIIconView::SPRITE_LOGIN)
	->setSpriteIcon($this->getLoginIcon());

	$button = id(new PHUIButtonView())
	->setSize(PHUIButtonView::BIG)
	->setColor(PHUIButtonView::GREY)
	->setIcon($icon)
	->setText($button_text)
	->setSubtext($this->getProviderName());

	$adapter = $this->getAdapter();
	$adapter->setState(PhabricatorHash::digest($request->getCookie('phcid')));

	$uri = new PhutilURI($adapter->getAuthenticateURI());
	$params = $uri->getQueryParams();
	$uri->setQueryParams(array());

	$content = array($button);

	foreach ($params as $key => $value) {
	$content[] = phutil_tag(
	'input',
	array(
	'type' => 'hidden',
	'name' => $key,
	'value' => $value,
	));
	}

	return phabricator_form(
	$viewer,
	array(
	'method' => 'GET',
	'action' => (string)$uri,
	),
	$content);
	}
	public function processLoginRequest(
	PhabricatorAuthLoginController $controller) {

	$request = $controller->getRequest();
	$adapter = $this->getAdapter();
	$account = null;
	$response = null;

	$error = $request->getStr('error');
	if ($error) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'The OAuth provider returned an error: %s',
	$error));

	return array($account, $response);
	}

	$code = $request->getStr('code');
	if (!strlen($code)) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'The OAuth provider did not return a "code" parameter in its '.
	'response.'));

	return array($account, $response);
	}

	if ($adapter->supportsStateParameter()) {
	$phcid = $request->getCookie('phcid');
	if (!strlen($phcid)) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'Your browser did not submit a "phcid" cookie with OAuth state '.
	'information in the request. Check that cookies are enabled. '.
	'If this problem persists, you may need to clear your cookies.'));
	}

	$state = $request->getStr('state');
	$expect = PhabricatorHash::digest($phcid);
	if ($state !== $expect) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'The OAuth provider did not return the correct "state" parameter '.
	'in its response. If this problem persists, you may need to clear '.
	'your cookies.'));
	}
	}

	$adapter->setCode($code);

	// NOTE: As a side effect, this will cause the OAuth adapter to request
	// an access token.

	try {
	$account_id = $adapter->getAccountID();
	} catch (Exception $ex) {
	// TODO: Handle this in a more user-friendly way.
	throw $ex;
	}

	if (!strlen($account_id)) {
	$response = $controller->buildProviderErrorResponse(
	$this,
	pht(
	'The OAuth provider failed to retrieve an account ID.'));

	return array($account, $response);
	}

	return array($this->loadOrCreateAccount($account_id), $response);
	}

	public function extendEditForm(
	AphrontFormView $form) {

	$v_id = $this->getOAuthClientID();

	$secret = $this->getOAuthClientSecret();
	if ($secret) {
	$v_secret = str_repeat('*', strlen($secret->openEnvelope()));
	} else {
	$v_secret = '';
	}

	$e_id = strlen($v_id) ? null : true;
	$e_secret = strlen($v_secret) ? null : true;

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('OAuth App ID'))
	->setName('oauth:app:id')
	->setValue($v_id)
	->setError($e_id))
	->appendChild(
	id(new AphrontFormPasswordControl())
	->setLabel(pht('OAuth App Secret'))
	->setName('oauth:app:secret')
	->setValue($v_secret)
	->setError($e_secret));

	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Dec 1, 12:20 AM (19 h, 17 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 430053
Default Alt Text: (27 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions