No OneTemporary
Actions

Size

47 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/nuance/source/NuancePhabricatorFormSourceDefinition.php b/src/applications/nuance/source/NuancePhabricatorFormSourceDefinition.php
	index 2eaf5781dc..3862cfed92 100644
	--- a/src/applications/nuance/source/NuancePhabricatorFormSourceDefinition.php
	+++ b/src/applications/nuance/source/NuancePhabricatorFormSourceDefinition.php
	@@ -1,91 +1,91 @@
	<?php

	final class NuancePhabricatorFormSourceDefinition
	extends NuanceSourceDefinition {

	public function getName() {
	- return pht('Phabricator Form');
	+ return pht('Web Form');
	}

	public function getSourceDescription() {
	return pht('Create a web form that submits into a Nuance queue.');
	}

	public function getSourceTypeConstant() {
	return 'phabricator-form';
	}

	public function getSourceViewActions(AphrontRequest $request) {
	$actions = array();

	$actions[] = id(new PhabricatorActionView())
	->setName(pht('View Form'))
	->setIcon('fa-align-justify')
	->setHref($this->getActionURI());

	return $actions;
	}

	public function handleActionRequest(AphrontRequest $request) {
	$viewer = $request->getViewer();

	// TODO: As above, this would eventually be driven by custom logic.

	if ($request->isFormPost()) {
	$properties = array(
	'complaint' => (string)$request->getStr('complaint'),
	);

	$content_source = PhabricatorContentSource::newFromRequest($request);

	$item = $this->newItemFromProperties(
	NuanceFormItemType::ITEMTYPE,
	$viewer->getPHID(),
	$properties,
	$content_source);

	$uri = $item->getURI();
	return id(new AphrontRedirectResponse())->setURI($uri);
	}

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendRemarkupInstructions(
	pht('IMPORTANT: This is a very rough prototype.'))
	->appendRemarkupInstructions(
	pht('Got a complaint? Complain here! We love complaints.'))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setName('complaint')
	->setLabel(pht('Complaint')))
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Submit Complaint')));

	$box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Complaint Form'))
	->appendChild($form);

	return $box;
	}

	public function renderItemEditProperties(
	PhabricatorUser $viewer,
	NuanceItem $item,
	PHUIPropertyListView $view) {
	$this->renderItemCommonProperties($viewer, $item, $view);
	}

	private function renderItemCommonProperties(
	PhabricatorUser $viewer,
	NuanceItem $item,
	PHUIPropertyListView $view) {

	$complaint = $item->getItemProperty('complaint');
	$complaint = new PHUIRemarkupView($viewer, $complaint);
	$view->addSectionHeader(
	pht('Complaint'), 'fa-exclamation-circle');
	$view->addTextContent($complaint);
	}

	}
	diff --git a/src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php b/src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php
	index 90e2d5a7dd..70dfd5ea8a 100644
	--- a/src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php
	+++ b/src/applications/oauthserver/application/PhabricatorOAuthServerApplication.php
	@@ -1,74 +1,76 @@
	<?php

	final class PhabricatorOAuthServerApplication extends PhabricatorApplication {

	public function getName() {
	return pht('OAuth Server');
	}

	public function getBaseURI() {
	return '/oauthserver/';
	}

	public function getShortDescription() {
	return pht('OAuth Login Provider');
	}

	public function getIcon() {
	return 'fa-hotel';
	}

	public function getTitleGlyph() {
	return "\xE2\x99\x86";
	}

	public function getFlavorText() {
	- return pht('Log In with Phabricator');
	+ return pht(
	+ 'Log In with %s',
	+ PlatformSymbols::getPlatformServerName());
	}

	public function getApplicationGroup() {
	return self::GROUP_ADMIN;
	}

	public function isPrototype() {
	return true;
	}

	public function getHelpDocumentationArticles(PhabricatorUser $viewer) {
	return array(
	array(
	'name' => pht('Using the Phabricator OAuth Server'),
	'href' => PhabricatorEnv::getDoclink(
	'Using the Phabricator OAuth Server'),
	),
	);
	}

	public function getRoutes() {
	return array(
	'/oauthserver/' => array(
	'(?:query/(?P<queryKey>[^/]+)/)?'
	=> 'PhabricatorOAuthClientListController',
	'auth/' => 'PhabricatorOAuthServerAuthController',
	'token/' => 'PhabricatorOAuthServerTokenController',
	$this->getEditRoutePattern('edit/') =>
	'PhabricatorOAuthClientEditController',
	'client/' => array(
	'disable/(?P<id>\d+)/' => 'PhabricatorOAuthClientDisableController',
	'view/(?P<id>\d+)/' => 'PhabricatorOAuthClientViewController',
	'secret/(?P<id>\d+)/' => 'PhabricatorOAuthClientSecretController',
	'test/(?P<id>\d+)/' => 'PhabricatorOAuthClientTestController',
	),
	),
	);
	}

	protected function getCustomCapabilities() {
	return array(
	PhabricatorOAuthServerCreateClientsCapability::CAPABILITY => array(
	'default' => PhabricatorPolicies::POLICY_ADMIN,
	),
	);
	}

	}
	diff --git a/src/applications/people/controller/PhabricatorPeopleApproveController.php b/src/applications/people/controller/PhabricatorPeopleApproveController.php
	index af08a6fbdc..a89dc85322 100644
	--- a/src/applications/people/controller/PhabricatorPeopleApproveController.php
	+++ b/src/applications/people/controller/PhabricatorPeopleApproveController.php
	@@ -1,60 +1,60 @@
	<?php

	final class PhabricatorPeopleApproveController
	extends PhabricatorPeopleController {

	public function handleRequest(AphrontRequest $request) {
	$viewer = $request->getViewer();

	$user = id(new PhabricatorPeopleQuery())
	->setViewer($viewer)
	->withIDs(array($request->getURIData('id')))
	->executeOne();
	if (!$user) {
	return new Aphront404Response();
	}

	$via = $request->getURIData('via');
	switch ($via) {
	case 'profile':
	$done_uri = urisprintf('/people/manage/%d/', $user->getID());
	break;
	default:
	$done_uri = $this->getApplicationURI('query/approval/');
	break;
	}

	if ($user->getIsApproved()) {
	return $this->newDialog()
	->setTitle(pht('Already Approved'))
	->appendChild(pht('This user has already been approved.'))
	->addCancelButton($done_uri);
	}

	if ($request->isFormPost()) {
	$xactions = array();

	$xactions[] = id(new PhabricatorUserTransaction())
	->setTransactionType(PhabricatorUserApproveTransaction::TRANSACTIONTYPE)
	->setNewValue(true);

	id(new PhabricatorUserTransactionEditor())
	->setActor($viewer)
	->setContentSourceFromRequest($request)
	->setContinueOnMissingFields(true)
	->setContinueOnNoEffect(true)
	->applyTransactions($user, $xactions);

	return id(new AphrontRedirectResponse())->setURI($done_uri);
	}

	return $this->newDialog()
	->setTitle(pht('Confirm Approval'))
	->appendChild(
	pht(
	- 'Allow %s to access this Phabricator install?',
	+ 'Allow %s to access this server?',
	phutil_tag('strong', array(), $user->getUsername())))
	->addCancelButton($done_uri)
	->addSubmitButton(pht('Approve Account'));
	}
	}
	diff --git a/src/applications/people/controller/PhabricatorPeopleInviteSendController.php b/src/applications/people/controller/PhabricatorPeopleInviteSendController.php
	index e611606a79..78ab7573ed 100644
	--- a/src/applications/people/controller/PhabricatorPeopleInviteSendController.php
	+++ b/src/applications/people/controller/PhabricatorPeopleInviteSendController.php
	@@ -1,231 +1,232 @@
	<?php

	final class PhabricatorPeopleInviteSendController
	extends PhabricatorPeopleInviteController {

	public function handleRequest(AphrontRequest $request) {
	$viewer = $this->getViewer();

	$this->requireApplicationCapability(
	PeopleCreateUsersCapability::CAPABILITY);

	$is_confirm = false;
	$errors = array();
	$confirm_errors = array();
	$e_emails = true;

	$message = $request->getStr('message');
	$emails = $request->getStr('emails');
	$severity = PHUIInfoView::SEVERITY_ERROR;
	if ($request->isFormPost()) {
	// NOTE: We aren't using spaces as a delimiter here because email
	// addresses with names often include spaces.
	$email_list = preg_split('/[,;\n]+/', $emails);
	foreach ($email_list as $key => $email) {
	if (!strlen(trim($email))) {
	unset($email_list[$key]);
	}
	}

	if ($email_list) {
	$e_emails = null;
	} else {
	$e_emails = pht('Required');
	$errors[] = pht(
	'To send invites, you must enter at least one email address.');
	}

	if (!$errors) {
	$is_confirm = true;

	$actions = PhabricatorAuthInviteAction::newActionListFromAddresses(
	$viewer,
	$email_list);

	$any_valid = false;
	$all_valid = true;
	foreach ($actions as $action) {
	if ($action->willSend()) {
	$any_valid = true;
	} else {
	$all_valid = false;
	}
	}

	if (!$any_valid) {
	$confirm_errors[] = pht(
	'None of the provided addresses are valid invite recipients. '.
	'Review the table below for details. Revise the address list '.
	'to continue.');
	} else if ($all_valid) {
	$confirm_errors[] = pht(
	'All of the addresses appear to be valid invite recipients. '.
	'Confirm the actions below to continue.');
	$severity = PHUIInfoView::SEVERITY_NOTICE;
	} else {
	$confirm_errors[] = pht(
	'Some of the addresses you entered do not appear to be '.
	'valid recipients. Review the table below. You can revise '.
	'the address list, or ignore these errors and continue.');
	$severity = PHUIInfoView::SEVERITY_WARNING;
	}

	if ($any_valid && $request->getBool('confirm')) {

	// TODO: The copywriting on this mail could probably be more
	// engaging and we could have a fancy HTML version.

	$template = array();
	$template[] = pht(
	- '%s has invited you to join Phabricator.',
	- $viewer->getFullName());
	+ '%s has invited you to join %s.',
	+ $viewer->getFullName(),
	+ PlatformSymbols::getPlatformServerName());

	if (strlen(trim($message))) {
	$template[] = $message;
	}

	$template[] = pht(
	'To register an account and get started, follow this link:');

	// This isn't a variable; it will be replaced later on in the
	// daemons once they generate the URI.
	$template[] = '{$INVITE_URI}';

	$template[] = pht(
	'If you already have an account, you can follow the link to '.
	'quickly verify this email address.');

	$template = implode("\n\n", $template);

	foreach ($actions as $action) {
	if ($action->willSend()) {
	$action->sendInvite($viewer, $template);
	}
	}

	// TODO: This is a bit anticlimactic. We don't really have anything
	// to show the user because the action is happening in the background
	// and the invites won't exist yet. After T5166 we can show a
	// better progress bar.
	return id(new AphrontRedirectResponse())
	->setURI($this->getApplicationURI());
	}
	}
	}

	if ($is_confirm) {
	$title = pht('Confirm Invites');
	} else {
	$title = pht('Invite Users');
	}

	$crumbs = $this->buildApplicationCrumbs();
	if ($is_confirm) {
	$crumbs->addTextCrumb(pht('Confirm'));
	} else {
	$crumbs->addTextCrumb(pht('Invite Users'));
	}
	$crumbs->setBorder(true);

	$confirm_box = null;
	$info_view = null;
	if ($is_confirm) {

	$handles = array();
	if ($actions) {
	$handles = $this->loadViewerHandles(mpull($actions, 'getUserPHID'));
	}

	$invite_table = id(new PhabricatorAuthInviteActionTableView())
	->setUser($viewer)
	->setInviteActions($actions)
	->setHandles($handles);

	$confirm_form = null;
	if ($any_valid) {
	$confirm_form = id(new AphrontFormView())
	->setUser($viewer)
	->addHiddenInput('message', $message)
	->addHiddenInput('emails', $emails)
	->addHiddenInput('confirm', true)
	->appendRemarkupInstructions(
	pht(
	'If everything looks good, click Send Invitations to '.
	'deliver email invitations these users. Otherwise, edit the '.
	'email list or personal message at the bottom of the page to '.
	'revise the invitations.'))
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(pht('Send Invitations')));
	}

	$info_view = id(new PHUIInfoView())
	->setErrors($confirm_errors)
	->setSeverity($severity);

	$confirm_box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Confirm Invites'))
	->setTable($invite_table)
	->appendChild($confirm_form)
	->setBackground(PHUIObjectBoxView::BLUE_PROPERTY);
	}

	$form = id(new AphrontFormView())
	->setUser($viewer)
	->appendRemarkupInstructions(
	pht(
	- 'To invite users to Phabricator, enter their email addresses below. '.
	+ 'To invite users, enter their email addresses below. '.
	'Separate addresses with commas or newlines.'))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Email Addresses'))
	->setName(pht('emails'))
	->setValue($emails)
	->setError($e_emails)
	->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_TALL))
	->appendRemarkupInstructions(
	pht(
	'You can optionally include a heartfelt personal message in '.
	'the email.'))
	->appendChild(
	id(new AphrontFormTextAreaControl())
	->setLabel(pht('Message'))
	->setName(pht('message'))
	->setValue($message))
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue(
	$is_confirm
	? pht('Update Preview')
	: pht('Continue'))
	->addCancelButton($this->getApplicationURI('invite/')));

	$header = id(new PHUIHeaderView())
	->setHeader($title)
	->setHeaderIcon('fa-group');

	$box = id(new PHUIObjectBoxView())
	->setHeaderText(
	$is_confirm
	? pht('Revise Invites')
	: pht('Invite Users'))
	->setFormErrors($errors)
	->setForm($form)
	->setBackground(PHUIObjectBoxView::BLUE_PROPERTY);

	$view = id(new PHUITwoColumnView())
	->setHeader($header)
	->setFooter(array(
	$info_view,
	$confirm_box,
	$box,
	));

	return $this->newPage()
	->setTitle($title)
	->setCrumbs($crumbs)
	->appendChild($view);

	}

	}
	diff --git a/src/applications/people/controller/PhabricatorPeopleNewController.php b/src/applications/people/controller/PhabricatorPeopleNewController.php
	index 858ebef234..121e464b30 100644
	--- a/src/applications/people/controller/PhabricatorPeopleNewController.php
	+++ b/src/applications/people/controller/PhabricatorPeopleNewController.php
	@@ -1,243 +1,245 @@
	<?php

	final class PhabricatorPeopleNewController
	extends PhabricatorPeopleController {

	public function handleRequest(AphrontRequest $request) {
	$type = $request->getURIData('type');
	$admin = $request->getUser();

	id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
	$admin,
	$request,
	$this->getApplicationURI());

	$is_bot = false;
	$is_list = false;
	switch ($type) {
	case 'standard':
	$this->requireApplicationCapability(
	PeopleCreateUsersCapability::CAPABILITY);
	break;
	case 'bot':
	$is_bot = true;
	break;
	case 'list':
	$is_list = true;
	break;
	default:
	return new Aphront404Response();
	}

	$user = new PhabricatorUser();
	$require_real_name = PhabricatorEnv::getEnvConfig('user.require-real-name');

	$e_username = true;
	$e_realname = $require_real_name ? true : null;
	$e_email = true;
	$errors = array();

	$welcome_checked = true;

	$new_email = null;

	if ($request->isFormPost()) {
	$welcome_checked = $request->getInt('welcome');

	$user->setUsername($request->getStr('username'));

	$new_email = $request->getStr('email');
	if (!strlen($new_email)) {
	$errors[] = pht('Email is required.');
	$e_email = pht('Required');
	} else if (!PhabricatorUserEmail::isValidAddress($new_email)) {
	$errors[] = PhabricatorUserEmail::describeValidAddresses();
	$e_email = pht('Invalid');
	} else if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
	$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
	$e_email = pht('Not Allowed');
	} else {
	$e_email = null;
	}

	$user->setRealName($request->getStr('realname'));

	if (!strlen($user->getUsername())) {
	$errors[] = pht('Username is required.');
	$e_username = pht('Required');
	} else if (!PhabricatorUser::validateUsername($user->getUsername())) {
	$errors[] = PhabricatorUser::describeValidUsername();
	$e_username = pht('Invalid');
	} else {
	$e_username = null;
	}

	if (!strlen($user->getRealName()) && $require_real_name) {
	$errors[] = pht('Real name is required.');
	$e_realname = pht('Required');
	} else {
	$e_realname = null;
	}

	if (!$errors) {
	try {

	$email = id(new PhabricatorUserEmail())
	->setAddress($new_email)
	->setIsVerified(0);

	// Automatically approve the user, since an admin is creating them.
	$user->setIsApproved(1);

	// If the user is a bot or list, approve their email too.
	if ($is_bot \|\| $is_list) {
	$email->setIsVerified(1);
	}

	id(new PhabricatorUserEditor())
	->setActor($admin)
	->createNewUser($user, $email);

	if ($is_bot) {
	id(new PhabricatorUserEditor())
	->setActor($admin)
	->makeSystemAgentUser($user, true);
	}

	if ($is_list) {
	id(new PhabricatorUserEditor())
	->setActor($admin)
	->makeMailingListUser($user, true);
	}

	if ($welcome_checked) {
	$welcome_engine = id(new PhabricatorPeopleWelcomeMailEngine())
	->setSender($admin)
	->setRecipient($user);
	if ($welcome_engine->canSendMail()) {
	$welcome_engine->sendMail();
	}
	}

	$response = id(new AphrontRedirectResponse())
	->setURI('/p/'.$user->getUsername().'/');
	return $response;
	} catch (AphrontDuplicateKeyQueryException $ex) {
	$errors[] = pht('Username and email must be unique.');

	$same_username = id(new PhabricatorUser())
	->loadOneWhere('username = %s', $user->getUsername());
	$same_email = id(new PhabricatorUserEmail())
	->loadOneWhere('address = %s', $new_email);

	if ($same_username) {
	$e_username = pht('Duplicate');
	}

	if ($same_email) {
	$e_email = pht('Duplicate');
	}
	}
	}
	}

	$form = id(new AphrontFormView())
	->setUser($admin);

	if ($is_bot) {
	$title = pht('Create New Bot');
	$form->appendRemarkupInstructions(
	pht('You are creating a new bot user account.'));
	} else if ($is_list) {
	$title = pht('Create New Mailing List');
	$form->appendRemarkupInstructions(
	pht('You are creating a new mailing list user account.'));
	} else {
	$title = pht('Create New User');
	$form->appendRemarkupInstructions(
	pht('You are creating a new standard user account.'));
	}

	$form
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Username'))
	->setName('username')
	->setValue($user->getUsername())
	->setError($e_username))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Real Name'))
	->setName('realname')
	->setValue($user->getRealName())
	->setError($e_realname))
	->appendChild(
	id(new AphrontFormTextControl())
	->setLabel(pht('Email'))
	->setName('email')
	->setValue($new_email)
	->setCaption(PhabricatorUserEmail::describeAllowedAddresses())
	->setError($e_email));

	if (!$is_bot && !$is_list) {
	$form->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'welcome',
	1,
	- pht('Send "Welcome to Phabricator" email with login instructions.'),
	+ pht(
	+ 'Send "Welcome to %s" email with login instructions.',
	+ PlatformSymbols::getPlatformServerName()),
	$welcome_checked));
	}

	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->addCancelButton($this->getApplicationURI())
	->setValue(pht('Create User')));

	if ($is_bot) {
	$form
	->appendChild(id(new AphrontFormDividerControl()))
	->appendRemarkupInstructions(
	pht(
	'Why do bot accounts need an email address?'.
	"\n\n".
	- 'Although bots do not normally receive email from Phabricator, '.
	- 'they can interact with other systems which require an email '.
	- 'address. Examples include:'.
	+ 'Although bots do not normally receive email, they can interact '.
	+ 'with other systems which require an email address. Examples '.
	+ 'include:'.
	"\n\n".
	" - If the account takes actions which //send// email, we need ".
	" an address to use in the //From// header.\n".
	" - If the account creates commits, Git and Mercurial require ".
	" an email address for authorship.\n".
	- " - If you send email //to// Phabricator on behalf of the ".
	+ " - If you send email //to// this server on behalf of the ".
	" account, the address can identify the sender.\n".
	" - Some internal authentication functions depend on accounts ".
	" having an email address.\n".
	"\n\n".
	"The address will automatically be verified, so you do not need ".
	"to be able to receive mail at this address, and can enter some ".
	"invalid or nonexistent (but correctly formatted) address like ".
	"`bot@yourcompany.com` if you prefer."));
	}

	$box = id(new PHUIObjectBoxView())
	->setHeaderText($title)
	->setFormErrors($errors)
	->setBackground(PHUIObjectBoxView::WHITE_CONFIG)
	->setForm($form);

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->addTextCrumb($title);
	$crumbs->setBorder(true);

	$view = id(new PHUITwoColumnView())
	->setFooter($box);

	return $this->newPage()
	->setTitle($title)
	->setCrumbs($crumbs)
	->appendChild($view);
	}

	}
	diff --git a/src/applications/people/mail/PhabricatorPeopleEmailLoginMailEngine.php b/src/applications/people/mail/PhabricatorPeopleEmailLoginMailEngine.php
	index c25b19c3c1..4904e269a6 100644
	--- a/src/applications/people/mail/PhabricatorPeopleEmailLoginMailEngine.php
	+++ b/src/applications/people/mail/PhabricatorPeopleEmailLoginMailEngine.php
	@@ -1,130 +1,133 @@
	<?php

	final class PhabricatorPeopleEmailLoginMailEngine
	extends PhabricatorPeopleMailEngine {

	public function validateMail() {
	$recipient = $this->getRecipient();

	if ($recipient->getIsDisabled()) {
	$this->throwValidationException(
	pht('User is Disabled'),
	pht(
	'You can not send an email login link to this email address '.
	'because the associated user account is disabled.'));
	}

	if (!$recipient->canEstablishWebSessions()) {
	$this->throwValidationException(
	pht('Not a Normal User'),
	pht(
	'You can not send an email login link to this email address '.
	'because the associated user account is not a normal user account '.
	'and can not log in to the web interface.'));
	}
	}

	protected function newMail() {
	$is_set_password = $this->isSetPasswordWorkflow();

	if ($is_set_password) {
	- $subject = pht('[Phabricator] Account Password Link');
	+ $subject = pht(
	+ '[%s] Account Password Link',
	+ PlatformSymbols::getPlatformServerName());
	} else {
	- $subject = pht('[Phabricator] Account Login Link');
	+ $subject = pht(
	+ '[%s] Account Login Link',
	+ PlatformSymbols::getPlatformServerName());
	}

	$recipient = $this->getRecipient();

	PhabricatorSystemActionEngine::willTakeAction(
	array($recipient->getPHID()),
	new PhabricatorAuthEmailLoginAction(),
	1);

	$engine = new PhabricatorAuthSessionEngine();
	$login_uri = $engine->getOneTimeLoginURI(
	$recipient,
	null,
	PhabricatorAuthSessionEngine::ONETIME_RESET);

	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
	$have_passwords = $this->isPasswordAuthEnabled();

	$body = array();

	if ($is_set_password) {
	$message_key = PhabricatorAuthEmailSetPasswordMessageType::MESSAGEKEY;
	} else {
	$message_key = PhabricatorAuthEmailLoginMessageType::MESSAGEKEY;
	}

	$message_body = PhabricatorAuthMessage::loadMessageText(
	$recipient,
	$message_key);
	if (strlen($message_body)) {
	$body[] = $this->newRemarkupText($message_body);
	}

	if ($have_passwords) {
	if ($is_set_password) {
	$body[] = pht(
	'You can use this link to set a password on your account:'.
	"\n\n %s\n",
	$login_uri);
	} else if ($is_serious) {
	$body[] = pht(
	- "You can use this link to reset your Phabricator password:".
	+ "You can use this link to reset your password:".
	"\n\n %s\n",
	$login_uri);
	} else {
	$body[] = pht(
	"Condolences on forgetting your password. You can use this ".
	"link to reset it:\n\n".
	" %s\n\n".
	"After you set a new password, consider writing it down on a ".
	"sticky note and attaching it to your monitor so you don't ".
	"forget again! Choosing a very short, easy-to-remember password ".
	"like \"cat\" or \"1234\" might also help.\n\n".
	"Best Wishes,\nPhabricator\n",
	$login_uri);

	}
	} else {
	$body[] = pht(
	- "You can use this login link to regain access to your Phabricator ".
	- "account:".
	+ "You can use this login link to regain access to your account:".
	"\n\n".
	" %s\n",
	$login_uri);
	}

	$body = implode("\n\n", $body);

	return id(new PhabricatorMetaMTAMail())
	->setSubject($subject)
	->setBody($body);
	}

	private function isPasswordAuthEnabled() {
	return (bool)PhabricatorPasswordAuthProvider::getPasswordProvider();
	}

	private function isSetPasswordWorkflow() {
	$sender = $this->getSender();
	$recipient = $this->getRecipient();

	// Users can hit the "login with an email link" workflow while trying to
	// set a password on an account which does not yet have a password. We
	// require they verify that they own the email address and send them
	// through the email login flow. In this case, the messaging is slightly
	// different.

	if ($sender->getPHID()) {
	if ($sender->getPHID() === $recipient->getPHID()) {
	return true;
	}
	}

	return false;
	}

	}
	diff --git a/src/applications/people/mail/PhabricatorPeopleUsernameMailEngine.php b/src/applications/people/mail/PhabricatorPeopleUsernameMailEngine.php
	index e62a6a4859..8ba59afafc 100644
	--- a/src/applications/people/mail/PhabricatorPeopleUsernameMailEngine.php
	+++ b/src/applications/people/mail/PhabricatorPeopleUsernameMailEngine.php
	@@ -1,58 +1,62 @@
	<?php

	final class PhabricatorPeopleUsernameMailEngine
	extends PhabricatorPeopleMailEngine {

	private $oldUsername;
	private $newUsername;

	public function setNewUsername($new_username) {
	$this->newUsername = $new_username;
	return $this;
	}

	public function getNewUsername() {
	return $this->newUsername;
	}

	public function setOldUsername($old_username) {
	$this->oldUsername = $old_username;
	return $this;
	}

	public function getOldUsername() {
	return $this->oldUsername;
	}

	public function validateMail() {
	return;
	}

	protected function newMail() {
	$sender = $this->getSender();

	$sender_username = $sender->getUsername();
	$sender_realname = $sender->getRealName();

	$old_username = $this->getOldUsername();
	$new_username = $this->getNewUsername();

	$body = sprintf(
	"%s\n\n %s\n %s\n",
	pht(
	- '%s (%s) has changed your Phabricator username.',
	+ '%s (%s) has changed your %s username.',
	$sender_username,
	- $sender_realname),
	+ $sender_realname,
	+ PlatformSymbols::getPlatformServerName()),
	pht(
	'Old Username: %s',
	$old_username),
	pht(
	'New Username: %s',
	$new_username));

	return id(new PhabricatorMetaMTAMail())
	- ->setSubject(pht('[Phabricator] Username Changed'))
	+ ->setSubject(
	+ pht(
	+ '[%s] Username Changed',
	+ PlatformSymbols::getPlatformServerName()))
	->setBody($body);
	}

	}
	diff --git a/src/applications/people/mail/PhabricatorPeopleWelcomeMailEngine.php b/src/applications/people/mail/PhabricatorPeopleWelcomeMailEngine.php
	index ec99a5a484..f75e1636bf 100644
	--- a/src/applications/people/mail/PhabricatorPeopleWelcomeMailEngine.php
	+++ b/src/applications/people/mail/PhabricatorPeopleWelcomeMailEngine.php
	@@ -1,134 +1,138 @@
	<?php

	final class PhabricatorPeopleWelcomeMailEngine
	extends PhabricatorPeopleMailEngine {

	private $welcomeMessage;

	public function setWelcomeMessage($welcome_message) {
	$this->welcomeMessage = $welcome_message;
	return $this;
	}

	public function getWelcomeMessage() {
	return $this->welcomeMessage;
	}

	public function validateMail() {
	$sender = $this->getSender();
	$recipient = $this->getRecipient();

	if (!$sender->getIsAdmin()) {
	$this->throwValidationException(
	pht('Not an Administrator'),
	pht(
	'You can not send welcome mail because you are not an '.
	'administrator. Only administrators may send welcome mail.'));
	}

	if ($recipient->getIsDisabled()) {
	$this->throwValidationException(
	pht('User is Disabled'),
	pht(
	'You can not send welcome mail to this user because their account '.
	'is disabled.'));
	}

	if (!$recipient->canEstablishWebSessions()) {
	$this->throwValidationException(
	pht('Not a Normal User'),
	pht(
	'You can not send this user welcome mail because they are not '.
	'a normal user and can not log in to the web interface. Special '.
	'users (like bots and mailing lists) are unable to establish '.
	'web sessions.'));
	}
	}

	protected function newMail() {
	$sender = $this->getSender();
	$recipient = $this->getRecipient();

	$base_uri = PhabricatorEnv::getProductionURI('/');

	$engine = new PhabricatorAuthSessionEngine();

	$uri = $engine->getOneTimeLoginURI(
	$recipient,
	$recipient->loadPrimaryEmail(),
	PhabricatorAuthSessionEngine::ONETIME_WELCOME);

	$message = array();

	$message[] = pht('Welcome to Phabricator!');

	$message[] = pht(
	'%s (%s) has created an account for you.',
	$sender->getUsername(),
	$sender->getRealName());

	$message[] = pht(
	' Username: %s',
	$recipient->getUsername());

	// If password auth is enabled, give the user specific instructions about
	// how to add a credential to their account.

	// If we aren't sure what they're supposed to be doing and passwords are
	// not enabled, just give them generic instructions.

	$use_passwords = PhabricatorPasswordAuthProvider::getPasswordProvider();
	if ($use_passwords) {
	$message[] = pht(
	- 'To log in to Phabricator, follow this link and set a password:');
	+ 'To log in, follow this link and set a password:');
	$message[] = pht(' %s', $uri);
	$message[] = pht(
	- 'After you have set a password, you can log in to Phabricator in '.
	+ 'After you have set a password, you can log in again in '.
	'the future by going here:');
	$message[] = pht(' %s', $base_uri);
	} else {
	$message[] = pht(
	'To log in to your account for the first time, follow this link:');
	$message[] = pht(' %s', $uri);
	$message[] = pht(
	- 'After you set up your account, you can log in to Phabricator in '.
	+ 'After you set up your account, you can log in again in '.
	'the future by going here:');
	$message[] = pht(' %s', $base_uri);
	}

	$message_body = $this->newBody();
	if ($message_body !== null) {
	$message[] = $message_body;
	}

	$message = implode("\n\n", $message);

	return id(new PhabricatorMetaMTAMail())
	- ->setSubject(pht('[Phabricator] Welcome to Phabricator'))
	+ ->setSubject(
	+ pht(
	+ '[%s] Welcome to %s',
	+ PlatformSymbols::getPlatformServerName(),
	+ PlatformSymbols::getPlatformServerName()))
	->setBody($message);
	}

	private function newBody() {
	$recipient = $this->getRecipient();

	$custom_body = $this->getWelcomeMessage();
	if (strlen($custom_body)) {
	return $this->newRemarkupText($custom_body);
	}

	$default_body = PhabricatorAuthMessage::loadMessageText(
	$recipient,
	PhabricatorAuthWelcomeMailMessageType::MESSAGEKEY);
	if (strlen($default_body)) {
	return $this->newRemarkupText($default_body);
	}

	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
	if (!$is_serious) {
	return pht("Love,\nPhabricator");
	}

	return null;
	}

	}
	diff --git a/src/applications/people/storage/PhabricatorUserEmail.php b/src/applications/people/storage/PhabricatorUserEmail.php
	index 4e43b2fb41..d9866f2c43 100644
	--- a/src/applications/people/storage/PhabricatorUserEmail.php
	+++ b/src/applications/people/storage/PhabricatorUserEmail.php
	@@ -1,327 +1,338 @@
	<?php

	/**
	* @task restrictions Domain Restrictions
	* @task email Email About Email
	*/
	final class PhabricatorUserEmail
	extends PhabricatorUserDAO
	implements
	PhabricatorDestructibleInterface,
	PhabricatorPolicyInterface {

	protected $userPHID;
	protected $address;
	protected $isVerified;
	protected $isPrimary;
	protected $verificationCode;

	private $user = self::ATTACHABLE;

	const MAX_ADDRESS_LENGTH = 128;

	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	self::CONFIG_COLUMN_SCHEMA => array(
	'address' => 'sort128',
	'isVerified' => 'bool',
	'isPrimary' => 'bool',
	'verificationCode' => 'text64?',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'address' => array(
	'columns' => array('address'),
	'unique' => true,
	),
	'userPHID' => array(
	'columns' => array('userPHID', 'isPrimary'),
	),
	),
	) + parent::getConfiguration();
	}

	public function getPHIDType() {
	return PhabricatorPeopleUserEmailPHIDType::TYPECONST;
	}

	public function getVerificationURI() {
	return '/emailverify/'.$this->getVerificationCode().'/';
	}

	public function save() {
	if (!$this->verificationCode) {
	$this->setVerificationCode(Filesystem::readRandomCharacters(24));
	}
	return parent::save();
	}

	public function attachUser(PhabricatorUser $user) {
	$this->user = $user;
	return $this;
	}

	public function getUser() {
	return $this->assertAttached($this->user);
	}


	/* -( Domain Restrictions )------------------------------------------------ */


	/**
	* @task restrictions
	*/
	public static function isValidAddress($address) {
	if (strlen($address) > self::MAX_ADDRESS_LENGTH) {
	return false;
	}

	// Very roughly validate that this address isn't so mangled that a
	// reasonable piece of code might completely misparse it. In particular,
	// the major risks are:
	//
	// - `PhutilEmailAddress` needs to be able to extract the domain portion
	// from it.
	// - Reasonable mail adapters should be hard-pressed to interpret one
	// address as several addresses.
	//
	// To this end, we're roughly verifying that there's some normal text, an
	// "@" symbol, and then some more normal text.

	$email_regex = '(^[a-z0-9_+.!-]+@[a-z0-9_+:.-]+\z)i';
	if (!preg_match($email_regex, $address)) {
	return false;
	}

	return true;
	}


	/**
	* @task restrictions
	*/
	public static function describeValidAddresses() {
	return pht(
	'Email addresses should be in the form "user@domain.com". The maximum '.
	'length of an email address is %s characters.',
	new PhutilNumber(self::MAX_ADDRESS_LENGTH));
	}


	/**
	* @task restrictions
	*/
	public static function isAllowedAddress($address) {
	if (!self::isValidAddress($address)) {
	return false;
	}

	$allowed_domains = PhabricatorEnv::getEnvConfig('auth.email-domains');
	if (!$allowed_domains) {
	return true;
	}

	$addr_obj = new PhutilEmailAddress($address);

	$domain = $addr_obj->getDomainName();
	if (!$domain) {
	return false;
	}

	$lower_domain = phutil_utf8_strtolower($domain);
	foreach ($allowed_domains as $allowed_domain) {
	$lower_allowed = phutil_utf8_strtolower($allowed_domain);
	if ($lower_allowed === $lower_domain) {
	return true;
	}
	}

	return false;
	}


	/**
	* @task restrictions
	*/
	public static function describeAllowedAddresses() {
	$domains = PhabricatorEnv::getEnvConfig('auth.email-domains');
	if (!$domains) {
	return null;
	}

	if (count($domains) == 1) {
	return pht('Email address must be @%s', head($domains));
	} else {
	return pht(
	'Email address must be at one of: %s',
	implode(', ', $domains));
	}
	}


	/**
	* Check if this install requires email verification.
	*
	* @return bool True if email addresses must be verified.
	*
	* @task restrictions
	*/
	public static function isEmailVerificationRequired() {
	// NOTE: Configuring required email domains implies required verification.
	return PhabricatorEnv::getEnvConfig('auth.require-email-verification') \|\|
	PhabricatorEnv::getEnvConfig('auth.email-domains');
	}


	/* -( Email About Email )-------------------------------------------------- */


	/**
	* Send a verification email from $user to this address.
	*
	* @param PhabricatorUser The user sending the verification.
	* @return this
	* @task email
	*/
	public function sendVerificationEmail(PhabricatorUser $user) {
	$username = $user->getUsername();

	$address = $this->getAddress();
	$link = PhabricatorEnv::getProductionURI($this->getVerificationURI());


	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');

	$signature = null;
	if (!$is_serious) {
	- $signature = pht("Get Well Soon,\nPhabricator");
	+ $signature = pht(
	+ "Get Well Soon,\n%s",
	+ PlatformSymbols::getPlatformServerName());
	}

	$body = sprintf(
	"%s\n\n%s\n\n %s\n\n%s",
	pht('Hi %s', $username),
	pht(
	'Please verify that you own this email address (%s) by '.
	'clicking this link:',
	$address),
	$link,
	$signature);

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($address))
	->setForceDelivery(true)
	- ->setSubject(pht('[Phabricator] Email Verification'))
	+ ->setSubject(
	+ pht(
	+ '[%s] Email Verification',
	+ PlatformSymbols::getPlatformServerName()))
	->setBody($body)
	->setRelatedPHID($user->getPHID())
	->saveAndSend();

	return $this;
	}


	/**
	* Send a notification email from $user to this address, informing the
	* recipient that this is no longer their account's primary address.
	*
	* @param PhabricatorUser The user sending the notification.
	* @param PhabricatorUserEmail New primary email address.
	* @return this
	* @task email
	*/
	public function sendOldPrimaryEmail(
	PhabricatorUser $user,
	PhabricatorUserEmail $new) {
	$username = $user->getUsername();

	$old_address = $this->getAddress();
	$new_address = $new->getAddress();

	$body = sprintf(
	"%s\n\n%s\n",
	pht('Hi %s', $username),
	pht(
	'This email address (%s) is no longer your primary email address. '.
	- 'Going forward, Phabricator will send all email to your new primary '.
	- 'email address (%s).',
	+ 'Going forward, all email will be sent to your new primary email '.
	+ 'address (%s).',
	$old_address,
	$new_address));

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($old_address))
	->setForceDelivery(true)
	- ->setSubject(pht('[Phabricator] Primary Address Changed'))
	+ ->setSubject(
	+ pht(
	+ '[%s] Primary Address Changed',
	+ PlatformSymbols::getPlatformServerName()))
	->setBody($body)
	->setFrom($user->getPHID())
	->setRelatedPHID($user->getPHID())
	->saveAndSend();
	}


	/**
	* Send a notification email from $user to this address, informing the
	* recipient that this is now their account's new primary email address.
	*
	* @param PhabricatorUser The user sending the verification.
	* @return this
	* @task email
	*/
	public function sendNewPrimaryEmail(PhabricatorUser $user) {
	$username = $user->getUsername();

	$new_address = $this->getAddress();

	$body = sprintf(
	"%s\n\n%s\n",
	pht('Hi %s', $username),
	pht(
	'This is now your primary email address (%s). Going forward, '.
	- 'Phabricator will send all email here.',
	+ 'all email will be sent here.',
	$new_address));

	id(new PhabricatorMetaMTAMail())
	->addRawTos(array($new_address))
	->setForceDelivery(true)
	- ->setSubject(pht('[Phabricator] Primary Address Changed'))
	+ ->setSubject(
	+ pht(
	+ '[%s] Primary Address Changed',
	+ PlatformSymbols::getPlatformServerName()))
	->setBody($body)
	->setFrom($user->getPHID())
	->setRelatedPHID($user->getPHID())
	->saveAndSend();

	return $this;
	}


	/* -( PhabricatorDestructibleInterface )----------------------------------- */


	public function destroyObjectPermanently(
	PhabricatorDestructionEngine $engine) {
	$this->delete();
	}


	/* -( PhabricatorPolicyInterface )----------------------------------------- */

	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	);
	}

	public function getPolicy($capability) {
	$user = $this->getUser();

	if ($this->getIsSystemAgent() \|\| $this->getIsMailingList()) {
	return PhabricatorPolicies::POLICY_ADMIN;
	}

	return $user->getPHID();
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	return false;
	}

	}
	diff --git a/src/applications/people/xaction/PhabricatorUserApproveTransaction.php b/src/applications/people/xaction/PhabricatorUserApproveTransaction.php
	index 1084f0c8fa..213b381d1a 100644
	--- a/src/applications/people/xaction/PhabricatorUserApproveTransaction.php
	+++ b/src/applications/people/xaction/PhabricatorUserApproveTransaction.php
	@@ -1,95 +1,101 @@
	<?php

	final class PhabricatorUserApproveTransaction
	extends PhabricatorUserTransactionType {

	const TRANSACTIONTYPE = 'user.approve';

	public function generateOldValue($object) {
	return (bool)$object->getIsApproved();
	}

	public function generateNewValue($object, $value) {
	return (bool)$value;
	}

	public function applyInternalEffects($object, $value) {
	$object->setIsApproved((int)$value);
	}

	public function applyExternalEffects($object, $value) {
	$user = $object;

	$actor = $this->getActor();
	$title = pht(
	- 'Phabricator Account "%s" Approved',
	+ '%s Account "%s" Approved',
	+ PlatformSymbols::getPlatformServerName(),
	$user->getUsername());

	$body = sprintf(
	"%s\n\n %s\n\n",
	pht(
	- 'Your Phabricator account (%s) has been approved by %s. You can '.
	+ 'Your %s account (%s) has been approved by %s. You can '.
	'login here:',
	+ PlatformSymbols::getPlatformServerName(),
	$user->getUsername(),
	$actor->getUsername()),
	PhabricatorEnv::getProductionURI('/'));

	$mail = id(new PhabricatorMetaMTAMail())
	->addTos(array($user->getPHID()))
	->addCCs(array($actor->getPHID()))
	- ->setSubject('[Phabricator] '.$title)
	+ ->setSubject(
	+ pht(
	+ '[%s] %s',
	+ PlatformSymbols::getPlatformServerName(),
	+ $title))
	->setForceDelivery(true)
	->setBody($body)
	->saveAndSend();
	}

	public function getTitle() {
	$new = $this->getNewValue();
	if ($new) {
	return pht(
	'%s approved this user.',
	$this->renderAuthor());
	} else {
	return pht(
	'%s rejected this user.',
	$this->renderAuthor());
	}
	}

	public function shouldHideForFeed() {
	return true;
	}

	public function validateTransactions($object, array $xactions) {
	$actor = $this->getActor();
	$errors = array();

	foreach ($xactions as $xaction) {
	$is_approved = (bool)$object->getIsApproved();

	if ((bool)$xaction->getNewValue() === $is_approved) {
	continue;
	}

	$is_admin = $actor->getIsAdmin();
	$is_omnipotent = $actor->isOmnipotent();

	if (!$is_admin && !$is_omnipotent) {
	$errors[] = $this->newInvalidError(
	pht('You must be an administrator to approve users.'));
	}
	}

	return $errors;
	}

	public function getRequiredCapabilities(
	$object,
	PhabricatorApplicationTransaction $xaction) {

	// Unlike normal user edits, approvals require admin permissions, which
	// is enforced by validateTransactions().

	return null;
	}
	}

File Metadata

Mime Type: text/x-diff
Expires: Thu, Aug 14, 3:39 AM (3 d, 21 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 194840
Default Alt Text: (47 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions