No OneTemporary
Actions

Size

39 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/application/PhabricatorAuthApplication.php b/src/applications/auth/application/PhabricatorAuthApplication.php
	index df86595b46..15d753a286 100644
	--- a/src/applications/auth/application/PhabricatorAuthApplication.php
	+++ b/src/applications/auth/application/PhabricatorAuthApplication.php
	@@ -1,154 +1,153 @@
	<?php

	final class PhabricatorAuthApplication extends PhabricatorApplication {

	public function canUninstall() {
	return false;
	}

	public function getBaseURI() {
	return '/auth/';
	}

	public function getIcon() {
	return 'fa-key';
	}

	public function isPinnedByDefault(PhabricatorUser $viewer) {
	return $viewer->getIsAdmin();
	}

	public function getName() {
	return pht('Auth');
	}

	public function getShortDescription() {
	return pht('Login/Registration');
	}

	public function getHelpDocumentationArticles(PhabricatorUser $viewer) {
	// NOTE: Although reasonable help exists for this in "Configuring Accounts
	// and Registration", specifying help items here means we get the menu
	// item in all the login/link interfaces, which is confusing and not
	// helpful.

	// TODO: Special case this, or split the auth and auth administration
	// applications?

	return array();
	}

	public function getApplicationGroup() {
	return self::GROUP_ADMIN;
	}

	public function getRoutes() {
	return array(
	'/auth/' => array(
	'' => 'PhabricatorAuthListController',
	'config/' => array(
	'new/' => 'PhabricatorAuthNewController',
	- 'new/(?P<className>[^/]+)/' => 'PhabricatorAuthEditController',
	- 'edit/(?P<id>\d+)/' => 'PhabricatorAuthEditController',
	+ 'edit/(?:(?P<id>\d+)/)?' => 'PhabricatorAuthEditController',
	'(?P<action>enable\|disable)/(?P<id>\d+)/'
	=> 'PhabricatorAuthDisableController',
	),
	'login/(?P<pkey>[^/]+)/(?:(?P<extra>[^/]+)/)?'
	=> 'PhabricatorAuthLoginController',
	'(?P<loggedout>loggedout)/' => 'PhabricatorAuthStartController',
	'invite/(?P<code>[^/]+)/' => 'PhabricatorAuthInviteController',
	'register/(?:(?P<akey>[^/]+)/)?' => 'PhabricatorAuthRegisterController',
	'start/' => 'PhabricatorAuthStartController',
	'validate/' => 'PhabricatorAuthValidateController',
	'finish/' => 'PhabricatorAuthFinishController',
	'unlink/(?P<pkey>[^/]+)/' => 'PhabricatorAuthUnlinkController',
	'(?P<action>link\|refresh)/(?P<pkey>[^/]+)/'
	=> 'PhabricatorAuthLinkController',
	'confirmlink/(?P<akey>[^/]+)/'
	=> 'PhabricatorAuthConfirmLinkController',
	'session/terminate/(?P<id>[^/]+)/'
	=> 'PhabricatorAuthTerminateSessionController',
	'token/revoke/(?P<id>[^/]+)/'
	=> 'PhabricatorAuthRevokeTokenController',
	'session/downgrade/'
	=> 'PhabricatorAuthDowngradeSessionController',
	'enroll/' => array(
	'(?:(?P<pageKey>[^/]+)/)?(?:(?P<formSaved>saved)/)?'
	=> 'PhabricatorAuthNeedsMultiFactorController',
	),
	'sshkey/' => array(
	$this->getQueryRoutePattern('for/(?P<forPHID>[^/]+)/')
	=> 'PhabricatorAuthSSHKeyListController',
	'generate/' => 'PhabricatorAuthSSHKeyGenerateController',
	'upload/' => 'PhabricatorAuthSSHKeyEditController',
	'edit/(?P<id>\d+)/' => 'PhabricatorAuthSSHKeyEditController',
	'revoke/(?P<id>\d+)/'
	=> 'PhabricatorAuthSSHKeyRevokeController',
	'view/(?P<id>\d+)/' => 'PhabricatorAuthSSHKeyViewController',
	),
	'password/' => 'PhabricatorAuthSetPasswordController',

	'mfa/' => array(
	$this->getQueryRoutePattern() =>
	'PhabricatorAuthFactorProviderListController',
	$this->getEditRoutePattern('edit/') =>
	'PhabricatorAuthFactorProviderEditController',
	'(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthFactorProviderViewController',
	'message/(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthFactorProviderMessageController',
	),

	'message/' => array(
	$this->getQueryRoutePattern() =>
	'PhabricatorAuthMessageListController',
	$this->getEditRoutePattern('edit/') =>
	'PhabricatorAuthMessageEditController',
	'(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthMessageViewController',
	),

	'contact/' => array(
	$this->getEditRoutePattern('edit/') =>
	'PhabricatorAuthContactNumberEditController',
	'(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthContactNumberViewController',
	'(?P<action>disable\|enable)/(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthContactNumberDisableController',
	'primary/(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthContactNumberPrimaryController',
	'test/(?P<id>[1-9]\d*)/' =>
	'PhabricatorAuthContactNumberTestController',
	),
	),

	'/oauth/(?P<provider>\w+)/login/'
	=> 'PhabricatorAuthOldOAuthRedirectController',

	'/login/' => array(
	'' => 'PhabricatorAuthStartController',
	'email/' => 'PhabricatorEmailLoginController',
	'once/'.
	'(?P<type>[^/]+)/'.
	'(?P<id>\d+)/'.
	'(?P<key>[^/]+)/'.
	'(?:(?P<emailID>\d+)/)?' => 'PhabricatorAuthOneTimeLoginController',
	'refresh/' => 'PhabricatorRefreshCSRFController',
	'mustverify/' => 'PhabricatorMustVerifyEmailController',
	),

	'/emailverify/(?P<code>[^/]+)/'
	=> 'PhabricatorEmailVerificationController',

	'/logout/' => 'PhabricatorLogoutController',
	);
	}

	protected function getCustomCapabilities() {
	return array(
	AuthManageProvidersCapability::CAPABILITY => array(
	'default' => PhabricatorPolicies::POLICY_ADMIN,
	),
	);
	}
	}
	diff --git a/src/applications/auth/controller/config/PhabricatorAuthEditController.php b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
	index 6ff0be4383..016fe51b1a 100644
	--- a/src/applications/auth/controller/config/PhabricatorAuthEditController.php
	+++ b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
	@@ -1,382 +1,384 @@
	<?php

	final class PhabricatorAuthEditController
	extends PhabricatorAuthProviderConfigController {

	public function handleRequest(AphrontRequest $request) {
	$this->requireApplicationCapability(
	AuthManageProvidersCapability::CAPABILITY);
	- $viewer = $request->getUser();
	- $provider_class = $request->getURIData('className');
	+
	+ $viewer = $this->getViewer();
	+ $provider_class = $request->getStr('provider');
	$config_id = $request->getURIData('id');

	if ($config_id) {
	$config = id(new PhabricatorAuthProviderConfigQuery())
	->setViewer($viewer)
	->requireCapabilities(
	array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	))
	->withIDs(array($config_id))
	->executeOne();
	if (!$config) {
	return new Aphront404Response();
	}

	$provider = $config->getProvider();
	if (!$provider) {
	return new Aphront404Response();
	}

	$is_new = false;
	} else {
	$provider = null;

	$providers = PhabricatorAuthProvider::getAllBaseProviders();
	foreach ($providers as $candidate_provider) {
	if (get_class($candidate_provider) === $provider_class) {
	$provider = $candidate_provider;
	break;
	}
	}

	if (!$provider) {
	return new Aphront404Response();
	}

	// TODO: When we have multi-auth providers, support them here.

	$configs = id(new PhabricatorAuthProviderConfigQuery())
	->setViewer($viewer)
	->withProviderClasses(array(get_class($provider)))
	->execute();

	if ($configs) {
	$id = head($configs)->getID();
	$dialog = id(new AphrontDialogView())
	->setUser($viewer)
	->setMethod('GET')
	->setSubmitURI($this->getApplicationURI('config/edit/'.$id.'/'))
	->setTitle(pht('Provider Already Configured'))
	->appendChild(
	pht(
	'This provider ("%s") already exists, and you can not add more '.
	'than one instance of it. You can edit the existing provider, '.
	'or you can choose a different provider.',
	$provider->getProviderName()))
	->addCancelButton($this->getApplicationURI('config/new/'))
	->addSubmitButton(pht('Edit Existing Provider'));

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$config = $provider->getDefaultProviderConfig();
	$provider->attachProviderConfig($config);

	$is_new = true;
	}

	$errors = array();

	$v_login = $config->getShouldAllowLogin();
	$v_registration = $config->getShouldAllowRegistration();
	$v_link = $config->getShouldAllowLink();
	$v_unlink = $config->getShouldAllowUnlink();
	$v_trust_email = $config->getShouldTrustEmails();
	$v_auto_login = $config->getShouldAutoLogin();

	if ($request->isFormPost()) {

	$properties = $provider->readFormValuesFromRequest($request);
	list($errors, $issues, $properties) = $provider->processEditForm(
	$request,
	$properties);

	$xactions = array();

	if (!$errors) {
	if ($is_new) {
	if (!strlen($config->getProviderType())) {
	$config->setProviderType($provider->getProviderType());
	}
	if (!strlen($config->getProviderDomain())) {
	$config->setProviderDomain($provider->getProviderDomain());
	}
	}

	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN)
	->setNewValue($request->getInt('allowLogin', 0));

	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION)
	->setNewValue($request->getInt('allowRegistration', 0));

	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_LINK)
	->setNewValue($request->getInt('allowLink', 0));

	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK)
	->setNewValue($request->getInt('allowUnlink', 0));

	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
	->setNewValue($request->getInt('trustEmails', 0));

	if ($provider->supportsAutoLogin()) {
	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)
	->setNewValue($request->getInt('autoLogin', 0));
	}

	foreach ($properties as $key => $value) {
	$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
	->setTransactionType(
	PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY)
	->setMetadataValue('auth:property', $key)
	->setNewValue($value);
	}

	if ($is_new) {
	$config->save();
	}

	$editor = id(new PhabricatorAuthProviderConfigEditor())
	->setActor($viewer)
	->setContentSourceFromRequest($request)
	->setContinueOnNoEffect(true)
	->applyTransactions($config, $xactions);

	if ($provider->hasSetupStep() && $is_new) {
	$id = $config->getID();
	$next_uri = $this->getApplicationURI('config/edit/'.$id.'/');
	} else {
	$next_uri = $this->getApplicationURI();
	}

	return id(new AphrontRedirectResponse())->setURI($next_uri);
	}
	} else {
	$properties = $provider->readFormValuesFromProvider();
	$issues = array();
	}

	if ($is_new) {
	if ($provider->hasSetupStep()) {
	$button = pht('Next Step');
	} else {
	$button = pht('Add Provider');
	}
	$crumb = pht('Add Provider');
	$title = pht('Add Auth Provider');
	$header_icon = 'fa-plus-square';
	$cancel_uri = $this->getApplicationURI('/config/new/');
	} else {
	$button = pht('Save');
	$crumb = pht('Edit Provider');
	$title = pht('Edit Auth Provider');
	$header_icon = 'fa-pencil';
	$cancel_uri = $this->getApplicationURI();
	}

	$header = id(new PHUIHeaderView())
	->setHeader(pht('%s: %s', $title, $provider->getProviderName()))
	->setHeaderIcon($header_icon);

	if (!$is_new) {
	if ($config->getIsEnabled()) {
	$status_name = pht('Enabled');
	$status_color = 'green';
	$status_icon = 'fa-check';
	$header->setStatus($status_icon, $status_color, $status_name);
	} else {
	$status_name = pht('Disabled');
	$status_color = 'indigo';
	$status_icon = 'fa-ban';
	$header->setStatus($status_icon, $status_color, $status_name);
	}
	}

	$config_name = 'auth.email-domains';
	$config_href = '/config/edit/'.$config_name.'/';

	$email_domains = PhabricatorEnv::getEnvConfig($config_name);
	if ($email_domains) {
	$registration_warning = pht(
	'Users will only be able to register with a verified email address '.
	'at one of the configured [[ %s \| %s ]] domains: %s',
	$config_href,
	$config_name,
	implode(', ', $email_domains));
	} else {
	$registration_warning = pht(
	"NOTE: Any user who can browse to this install's login page will be ".
	"able to register a Phabricator account. To restrict who can register ".
	"an account, configure [[ %s \| %s ]].",
	$config_href,
	$config_name);
	}

	$str_login = array(
	phutil_tag('strong', array(), pht('Allow Login:')),
	' ',
	pht(
	'Allow users to log in using this provider. If you disable login, '.
	'users can still use account integrations for this provider.'),
	);

	$str_registration = array(
	phutil_tag('strong', array(), pht('Allow Registration:')),
	' ',
	pht(
	'Allow users to register new Phabricator accounts using this '.
	'provider. If you disable registration, users can still use this '.
	'provider to log in to existing accounts, but will not be able to '.
	'create new accounts.'),
	);

	$str_link = hsprintf(
	'<strong>%s:</strong> %s',
	pht('Allow Linking Accounts'),
	pht(
	'Allow users to link account credentials for this provider to '.
	'existing Phabricator accounts. There is normally no reason to '.
	'disable this unless you are trying to move away from a provider '.
	'and want to stop users from creating new account links.'));

	$str_unlink = hsprintf(
	'<strong>%s:</strong> %s',
	pht('Allow Unlinking Accounts'),
	pht(
	'Allow users to unlink account credentials for this provider from '.
	'existing Phabricator accounts. If you disable this, Phabricator '.
	'accounts will be permanently bound to provider accounts.'));

	$str_trusted_email = hsprintf(
	'<strong>%s:</strong> %s',
	pht('Trust Email Addresses'),
	pht(
	'Phabricator will skip email verification for accounts registered '.
	'through this provider.'));
	$str_auto_login = hsprintf(
	'<strong>%s:</strong> %s',
	pht('Allow Auto Login'),
	pht(
	'Phabricator will automatically login with this provider if it is '.
	'the only available provider.'));

	$form = id(new AphrontFormView())
	->setUser($viewer)
	+ ->addHiddenInput('provider', $provider_class)
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->setLabel(pht('Allow'))
	->addCheckbox(
	'allowLogin',
	1,
	$str_login,
	$v_login))
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'allowRegistration',
	1,
	$str_registration,
	$v_registration))
	->appendRemarkupInstructions($registration_warning)
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'allowLink',
	1,
	$str_link,
	$v_link))
	->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'allowUnlink',
	1,
	$str_unlink,
	$v_unlink));

	if ($provider->shouldAllowEmailTrustConfiguration()) {
	$form->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'trustEmails',
	1,
	$str_trusted_email,
	$v_trust_email));
	}

	if ($provider->supportsAutoLogin()) {
	$form->appendChild(
	id(new AphrontFormCheckboxControl())
	->addCheckbox(
	'autoLogin',
	1,
	$str_auto_login,
	$v_auto_login));
	}

	$provider->extendEditForm($request, $form, $properties, $issues);

	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->addCancelButton($cancel_uri)
	->setValue($button));

	$help = $provider->getConfigurationHelp();
	if ($help) {
	$form->appendChild(id(new PHUIFormDividerControl()));
	$form->appendRemarkupInstructions($help);
	}

	$footer = $provider->renderConfigurationFooter();

	$crumbs = $this->buildApplicationCrumbs();
	$crumbs->addTextCrumb($crumb);
	$crumbs->setBorder(true);

	$timeline = null;
	if (!$is_new) {
	$timeline = $this->buildTransactionTimeline(
	$config,
	new PhabricatorAuthProviderConfigTransactionQuery());
	$xactions = $timeline->getTransactions();
	foreach ($xactions as $xaction) {
	$xaction->setProvider($provider);
	}
	$timeline->setShouldTerminate(true);
	}

	$form_box = id(new PHUIObjectBoxView())
	->setHeaderText(pht('Provider'))
	->setFormErrors($errors)
	->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
	->setForm($form);

	$view = id(new PHUITwoColumnView())
	->setHeader($header)
	->setFooter(array(
	$form_box,
	$footer,
	$timeline,
	));

	return $this->newPage()
	->setTitle($title)
	->setCrumbs($crumbs)
	->appendChild($view);

	}

	}
	diff --git a/src/applications/auth/controller/config/PhabricatorAuthNewController.php b/src/applications/auth/controller/config/PhabricatorAuthNewController.php
	index dbd43f9ea8..c8fd0ad8a5 100644
	--- a/src/applications/auth/controller/config/PhabricatorAuthNewController.php
	+++ b/src/applications/auth/controller/config/PhabricatorAuthNewController.php
	@@ -1,111 +1,74 @@
	<?php

	final class PhabricatorAuthNewController
	extends PhabricatorAuthProviderConfigController {

	public function handleRequest(AphrontRequest $request) {
	$this->requireApplicationCapability(
	AuthManageProvidersCapability::CAPABILITY);
	- $request = $this->getRequest();
	- $viewer = $request->getUser();

	- $providers = PhabricatorAuthProvider::getAllBaseProviders();
	-
	- $e_provider = null;
	- $errors = array();
	-
	- if ($request->isFormPost()) {
	- $provider_string = $request->getStr('provider');
	- if (!strlen($provider_string)) {
	- $e_provider = pht('Required');
	- $errors[] = pht('You must select an authentication provider.');
	- } else {
	- $found = false;
	- foreach ($providers as $provider) {
	- if (get_class($provider) === $provider_string) {
	- $found = true;
	- break;
	- }
	- }
	- if (!$found) {
	- $e_provider = pht('Invalid');
	- $errors[] = pht('You must select a valid provider.');
	- }
	- }
	+ $viewer = $this->getViewer();
	+ $cancel_uri = $this->getApplicationURI();

	- if (!$errors) {
	- return id(new AphrontRedirectResponse())->setURI(
	- $this->getApplicationURI('/config/new/'.$provider_string.'/'));
	- }
	- }
	-
	- $options = id(new AphrontFormRadioButtonControl())
	- ->setLabel(pht('Provider'))
	- ->setName('provider')
	- ->setError($e_provider);
	+ $providers = PhabricatorAuthProvider::getAllBaseProviders();

	$configured = PhabricatorAuthProvider::getAllProviders();
	$configured_classes = array();
	foreach ($configured as $configured_provider) {
	$configured_classes[get_class($configured_provider)] = true;
	}

	// Sort providers by login order, and move disabled providers to the
	// bottom.
	$providers = msort($providers, 'getLoginOrder');
	$providers = array_diff_key($providers, $configured_classes) + $providers;

	- foreach ($providers as $provider) {
	- if (isset($configured_classes[get_class($provider)])) {
	- $disabled = true;
	- $description = pht('This provider is already configured.');
	+ $menu = id(new PHUIObjectItemListView())
	+ ->setViewer($viewer)
	+ ->setBig(true)
	+ ->setFlush(true);
	+
	+ foreach ($providers as $provider_key => $provider) {
	+ $provider_class = get_class($provider);
	+
	+ $provider_uri = id(new PhutilURI('/config/edit/'))
	+ ->setQueryParam('provider', $provider_class);
	+ $provider_uri = $this->getApplicationURI($provider_uri);
	+
	+ $already_exists = isset($configured_classes[get_class($provider)]);
	+
	+ $item = id(new PHUIObjectItemView())
	+ ->setHeader($provider->getNameForCreate())
	+ ->setImageIcon($provider->newIconView())
	+ ->addAttribute($provider->getDescriptionForCreate());
	+
	+ if (!$already_exists) {
	+ $item
	+ ->setHref($provider_uri)
	+ ->setClickable(true);
	} else {
	- $disabled = false;
	- $description = $provider->getDescriptionForCreate();
	+ $item->setDisabled(true);
	}
	- $options->addButton(
	- get_class($provider),
	- $provider->getNameForCreate(),
	- $description,
	- $disabled ? 'disabled' : null,
	- $disabled);
	- }

	- $form = id(new AphrontFormView())
	- ->setUser($viewer)
	- ->appendChild($options)
	- ->appendChild(
	- id(new AphrontFormSubmitControl())
	- ->addCancelButton($this->getApplicationURI())
	- ->setValue(pht('Continue')));
	-
	- $form_box = id(new PHUIObjectBoxView())
	- ->setHeaderText(pht('Provider'))
	- ->setFormErrors($errors)
	- ->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
	- ->setForm($form);
	-
	- $crumbs = $this->buildApplicationCrumbs();
	- $crumbs->addTextCrumb(pht('Add Provider'));
	- $crumbs->setBorder(true);
	-
	- $title = pht('Add Auth Provider');
	-
	- $header = id(new PHUIHeaderView())
	- ->setHeader($title)
	- ->setHeaderIcon('fa-plus-square');
	-
	- $view = id(new PHUITwoColumnView())
	- ->setHeader($header)
	- ->setFooter(array(
	- $form_box,
	- ));
	-
	- return $this->newPage()
	- ->setTitle($title)
	- ->setCrumbs($crumbs)
	- ->appendChild($view);
	+ if ($already_exists) {
	+ $messages = array();
	+ $messages[] = pht('You already have a provider of this type.');
	+
	+ $info = id(new PHUIInfoView())
	+ ->setSeverity(PHUIInfoView::SEVERITY_WARNING)
	+ ->setErrors($messages);
	+
	+ $item->appendChild($info);
	+ }
	+
	+ $menu->addItem($item);
	+ }

	+ return $this->newDialog()
	+ ->setTitle(pht('Add Auth Provider'))
	+ ->setWidth(AphrontDialogView::WIDTH_FORM)
	+ ->appendChild($menu)
	+ ->addCancelButton($cancel_uri);
	}

	}
	diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
	index 0525edad54..bcccca5121 100644
	--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
	+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
	@@ -1,519 +1,525 @@
	<?php

	abstract class PhabricatorAuthProvider extends Phobject {

	private $providerConfig;

	public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
	$this->providerConfig = $config;
	return $this;
	}

	public function hasProviderConfig() {
	return (bool)$this->providerConfig;
	}

	public function getProviderConfig() {
	if ($this->providerConfig === null) {
	throw new PhutilInvalidStateException('attachProviderConfig');
	}
	return $this->providerConfig;
	}

	public function getConfigurationHelp() {
	return null;
	}

	public function getDefaultProviderConfig() {
	return id(new PhabricatorAuthProviderConfig())
	->setProviderClass(get_class($this))
	->setIsEnabled(1)
	->setShouldAllowLogin(1)
	->setShouldAllowRegistration(1)
	->setShouldAllowLink(1)
	->setShouldAllowUnlink(1);
	}

	public function getNameForCreate() {
	return $this->getProviderName();
	}

	public function getDescriptionForCreate() {
	return null;
	}

	public function getProviderKey() {
	return $this->getAdapter()->getAdapterKey();
	}

	public function getProviderType() {
	return $this->getAdapter()->getAdapterType();
	}

	public function getProviderDomain() {
	return $this->getAdapter()->getAdapterDomain();
	}

	public static function getAllBaseProviders() {
	return id(new PhutilClassMapQuery())
	->setAncestorClass(__CLASS__)
	->execute();
	}

	public static function getAllProviders() {
	static $providers;

	if ($providers === null) {
	$objects = self::getAllBaseProviders();

	$configs = id(new PhabricatorAuthProviderConfigQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->execute();

	$providers = array();
	foreach ($configs as $config) {
	if (!isset($objects[$config->getProviderClass()])) {
	// This configuration is for a provider which is not installed.
	continue;
	}

	$object = clone $objects[$config->getProviderClass()];
	$object->attachProviderConfig($config);

	$key = $object->getProviderKey();
	if (isset($providers[$key])) {
	throw new Exception(
	pht(
	"Two authentication providers use the same provider key ".
	"('%s'). Each provider must be identified by a unique key.",
	$key));
	}
	$providers[$key] = $object;
	}
	}

	return $providers;
	}

	public static function getAllEnabledProviders() {
	$providers = self::getAllProviders();
	foreach ($providers as $key => $provider) {
	if (!$provider->isEnabled()) {
	unset($providers[$key]);
	}
	}
	return $providers;
	}

	public static function getEnabledProviderByKey($provider_key) {
	return idx(self::getAllEnabledProviders(), $provider_key);
	}

	abstract public function getProviderName();
	abstract public function getAdapter();

	public function isEnabled() {
	return $this->getProviderConfig()->getIsEnabled();
	}

	public function shouldAllowLogin() {
	return $this->getProviderConfig()->getShouldAllowLogin();
	}

	public function shouldAllowRegistration() {
	if (!$this->shouldAllowLogin()) {
	return false;
	}

	return $this->getProviderConfig()->getShouldAllowRegistration();
	}

	public function shouldAllowAccountLink() {
	return $this->getProviderConfig()->getShouldAllowLink();
	}

	public function shouldAllowAccountUnlink() {
	return $this->getProviderConfig()->getShouldAllowUnlink();
	}

	public function shouldTrustEmails() {
	return $this->shouldAllowEmailTrustConfiguration() &&
	$this->getProviderConfig()->getShouldTrustEmails();
	}

	/**
	* Should we allow the adapter to be marked as "trusted". This is true for
	* all adapters except those that allow the user to type in emails (see
	* @{class:PhabricatorPasswordAuthProvider}).
	*/
	public function shouldAllowEmailTrustConfiguration() {
	return true;
	}

	public function buildLoginForm(PhabricatorAuthStartController $controller) {
	return $this->renderLoginForm($controller->getRequest(), $mode = 'start');
	}

	public function buildInviteForm(PhabricatorAuthStartController $controller) {
	return $this->renderLoginForm($controller->getRequest(), $mode = 'invite');
	}

	abstract public function processLoginRequest(
	PhabricatorAuthLoginController $controller);

	public function buildLinkForm(PhabricatorAuthLinkController $controller) {
	return $this->renderLoginForm($controller->getRequest(), $mode = 'link');
	}

	public function shouldAllowAccountRefresh() {
	return true;
	}

	public function buildRefreshForm(
	PhabricatorAuthLinkController $controller) {
	return $this->renderLoginForm($controller->getRequest(), $mode = 'refresh');
	}

	protected function renderLoginForm(AphrontRequest $request, $mode) {
	throw new PhutilMethodNotImplementedException();
	}

	public function createProviders() {
	return array($this);
	}

	protected function willSaveAccount(PhabricatorExternalAccount $account) {
	return;
	}

	public function willRegisterAccount(PhabricatorExternalAccount $account) {
	return;
	}

	protected function loadOrCreateAccount($account_id) {
	if (!strlen($account_id)) {
	throw new Exception(pht('Empty account ID!'));
	}

	$adapter = $this->getAdapter();
	$adapter_class = get_class($adapter);

	if (!strlen($adapter->getAdapterType())) {
	throw new Exception(
	pht(
	"AuthAdapter (of class '%s') has an invalid implementation: ".
	"no adapter type.",
	$adapter_class));
	}

	if (!strlen($adapter->getAdapterDomain())) {
	throw new Exception(
	pht(
	"AuthAdapter (of class '%s') has an invalid implementation: ".
	"no adapter domain.",
	$adapter_class));
	}

	$account = id(new PhabricatorExternalAccount())->loadOneWhere(
	'accountType = %s AND accountDomain = %s AND accountID = %s',
	$adapter->getAdapterType(),
	$adapter->getAdapterDomain(),
	$account_id);
	if (!$account) {
	$account = id(new PhabricatorExternalAccount())
	->setAccountType($adapter->getAdapterType())
	->setAccountDomain($adapter->getAdapterDomain())
	->setAccountID($account_id);
	}

	$account->setUsername($adapter->getAccountName());
	$account->setRealName($adapter->getAccountRealName());
	$account->setEmail($adapter->getAccountEmail());
	$account->setAccountURI($adapter->getAccountURI());

	$account->setProfileImagePHID(null);
	$image_uri = $adapter->getAccountImageURI();
	if ($image_uri) {
	try {
	$name = PhabricatorSlug::normalize($this->getProviderName());
	$name = $name.'-profile.jpg';

	// TODO: If the image has not changed, we do not need to make a new
	// file entry for it, but there's no convenient way to do this with
	// PhabricatorFile right now. The storage will get shared, so the impact
	// here is negligible.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$image_file = PhabricatorFile::newFromFileDownload(
	$image_uri,
	array(
	'name' => $name,
	'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
	));
	if ($image_file->isViewableImage()) {
	$image_file
	->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())
	->setCanCDN(true)
	->save();
	$account->setProfileImagePHID($image_file->getPHID());
	} else {
	$image_file->delete();
	}
	unset($unguarded);

	} catch (Exception $ex) {
	// Log this but proceed, it's not especially important that we
	// be able to pull profile images.
	phlog($ex);
	}
	}

	$this->willSaveAccount($account);

	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$account->save();
	unset($unguarded);

	return $account;
	}

	public function getLoginURI() {
	$app = PhabricatorApplication::getByClass('PhabricatorAuthApplication');
	return $app->getApplicationURI('/login/'.$this->getProviderKey().'/');
	}

	public function getSettingsURI() {
	return '/settings/panel/external/';
	}

	public function getStartURI() {
	$app = PhabricatorApplication::getByClass('PhabricatorAuthApplication');
	$uri = $app->getApplicationURI('/start/');
	return $uri;
	}

	public function isDefaultRegistrationProvider() {
	return false;
	}

	public function shouldRequireRegistrationPassword() {
	return false;
	}

	public function getDefaultExternalAccount() {
	throw new PhutilMethodNotImplementedException();
	}

	public function getLoginOrder() {
	return '500-'.$this->getProviderName();
	}

	protected function getLoginIcon() {
	return 'Generic';
	}

	+ public function newIconView() {
	+ return id(new PHUIIconView())
	+ ->setSpriteSheet(PHUIIconView::SPRITE_LOGIN)
	+ ->setSpriteIcon($this->getLoginIcon());
	+ }
	+
	public function isLoginFormAButton() {
	return false;
	}

	public function renderConfigPropertyTransactionTitle(
	PhabricatorAuthProviderConfigTransaction $xaction) {

	return null;
	}

	public function readFormValuesFromProvider() {
	return array();
	}

	public function readFormValuesFromRequest(AphrontRequest $request) {
	return array();
	}

	public function processEditForm(
	AphrontRequest $request,
	array $values) {

	$errors = array();
	$issues = array();

	return array($errors, $issues, $values);
	}

	public function extendEditForm(
	AphrontRequest $request,
	AphrontFormView $form,
	array $values,
	array $issues) {

	return;
	}

	public function willRenderLinkedAccount(
	PhabricatorUser $viewer,
	PHUIObjectItemView $item,
	PhabricatorExternalAccount $account) {

	$account_view = id(new PhabricatorAuthAccountView())
	->setExternalAccount($account)
	->setAuthProvider($this);

	$item->appendChild(
	phutil_tag(
	'div',
	array(
	'class' => 'mmr mml mst mmb',
	),
	$account_view));
	}

	/**
	* Return true to use a two-step configuration (setup, configure) instead of
	* the default single-step configuration. In practice, this means that
	* creating a new provider instance will redirect back to the edit page
	* instead of the provider list.
	*
	* @return bool True if this provider uses two-step configuration.
	*/
	public function hasSetupStep() {
	return false;
	}

	/**
	* Render a standard login/register button element.
	*
	* The `$attributes` parameter takes these keys:
	*
	* - `uri`: URI the button should take the user to when clicked.
	* - `method`: Optional HTTP method the button should use, defaults to GET.
	*
	* @param AphrontRequest HTTP request.
	* @param string Request mode string.
	* @param map Additional parameters, see above.
	* @return wild Log in button.
	*/
	protected function renderStandardLoginButton(
	AphrontRequest $request,
	$mode,
	array $attributes = array()) {

	PhutilTypeSpec::checkMap(
	$attributes,
	array(
	'method' => 'optional string',
	'uri' => 'string',
	'sigil' => 'optional string',
	));

	$viewer = $request->getUser();
	$adapter = $this->getAdapter();

	if ($mode == 'link') {
	$button_text = pht('Link External Account');
	} else if ($mode == 'refresh') {
	$button_text = pht('Refresh Account Link');
	} else if ($mode == 'invite') {
	$button_text = pht('Register Account');
	} else if ($this->shouldAllowRegistration()) {
	$button_text = pht('Log In or Register');
	} else {
	$button_text = pht('Log In');
	}

	$icon = id(new PHUIIconView())
	->setSpriteSheet(PHUIIconView::SPRITE_LOGIN)
	->setSpriteIcon($this->getLoginIcon());

	$button = id(new PHUIButtonView())
	->setSize(PHUIButtonView::BIG)
	->setColor(PHUIButtonView::GREY)
	->setIcon($icon)
	->setText($button_text)
	->setSubtext($this->getProviderName());

	$uri = $attributes['uri'];
	$uri = new PhutilURI($uri);
	$params = $uri->getQueryParams();
	$uri->setQueryParams(array());

	$content = array($button);

	foreach ($params as $key => $value) {
	$content[] = phutil_tag(
	'input',
	array(
	'type' => 'hidden',
	'name' => $key,
	'value' => $value,
	));
	}

	$static_response = CelerityAPI::getStaticResourceResponse();
	$static_response->addContentSecurityPolicyURI('form-action', (string)$uri);

	foreach ($this->getContentSecurityPolicyFormActions() as $csp_uri) {
	$static_response->addContentSecurityPolicyURI('form-action', $csp_uri);
	}

	return phabricator_form(
	$viewer,
	array(
	'method' => idx($attributes, 'method', 'GET'),
	'action' => (string)$uri,
	'sigil' => idx($attributes, 'sigil'),
	),
	$content);
	}

	public function renderConfigurationFooter() {
	return null;
	}

	public function getAuthCSRFCode(AphrontRequest $request) {
	$phcid = $request->getCookie(PhabricatorCookies::COOKIE_CLIENTID);
	if (!strlen($phcid)) {
	throw new AphrontMalformedRequestException(
	pht('Missing Client ID Cookie'),
	pht(
	'Your browser did not submit a "%s" cookie with client state '.
	'information in the request. Check that cookies are enabled. '.
	'If this problem persists, you may need to clear your cookies.',
	PhabricatorCookies::COOKIE_CLIENTID),
	true);
	}

	return PhabricatorHash::weakDigest($phcid);
	}

	protected function verifyAuthCSRFCode(AphrontRequest $request, $actual) {
	$expect = $this->getAuthCSRFCode($request);

	if (!strlen($actual)) {
	throw new Exception(
	pht(
	'The authentication provider did not return a client state '.
	'parameter in its response, but one was expected. If this '.
	'problem persists, you may need to clear your cookies.'));
	}

	if (!phutil_hashes_are_identical($actual, $expect)) {
	throw new Exception(
	pht(
	'The authentication provider did not return the correct client '.
	'state parameter in its response. If this problem persists, you may '.
	'need to clear your cookies.'));
	}
	}

	public function supportsAutoLogin() {
	return false;
	}

	public function getAutoLoginURI(AphrontRequest $request) {
	throw new PhutilMethodNotImplementedException();
	}

	protected function getContentSecurityPolicyFormActions() {
	return array();
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Jun 10, 11:27 PM (23 h, 4 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 141326
Default Alt Text: (39 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions