@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Clarify registration rules more aggressively when configuring auth
Summary: See private chatter. Make it explicitly clear when adding a provider that anyone who can browse to Phabricator can register.
Test Plan: See screenshots.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D7570
+60
-4
+26
-4
src/applications/auth/controller/config/PhabricatorAuthEditController.php
+26
-4
src/applications/auth/controller/config/PhabricatorAuthEditController.php
···
169
169
$cancel_uri = $this->getApplicationURI();
170
170
}
171
171
172
-
$str_registration = hsprintf(
173
-
'<strong>%s:</strong> %s',
174
-
pht('Allow Registration'),
172
+
$config_name = 'auth.email-domains';
173
+
$config_href = '/config/edit/'.$config_name.'/';
174
+
175
+
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
176
+
if ($email_domains) {
177
+
$registration_warning = pht(
178
+
"Users will only be able to register with a verified email address ".
179
+
"at one of the configured [[ %s | %s ]] domains: **%s**",
180
+
$config_href,
181
+
$config_name,
182
+
implode(', ', $email_domains));
183
+
} else {
184
+
$registration_warning = pht(
185
+
"NOTE: Any user who can browse to this install's login page will be ".
186
+
"able to register a Phabricator account. To restrict who can register ".
187
+
"an account, configure [[ %s | %s ]].",
188
+
$config_href,
189
+
$config_name);
190
+
}
191
+
192
+
$str_registration = array(
193
+
phutil_tag('strong', array(), pht('Allow Registration:')),
194
+
' ',
175
195
pht(
176
196
'Allow users to register new Phabricator accounts using this '.
177
197
'provider. If you disable registration, users can still use this '.
178
198
'provider to log in to existing accounts, but will not be able to '.
179
-
'create new accounts.'));
199
+
'create new accounts.'),
200
+
);
180
201
181
202
$str_link = hsprintf(
182
203
'<strong>%s:</strong> %s',
···
229
250
1,
230
251
$str_registration,
231
252
$v_registration))
253
+
->appendRemarkupInstructions($registration_warning)
232
254
->appendChild(
233
255
id(new AphrontFormCheckboxControl())
234
256
->addCheckbox(
+34
src/applications/auth/controller/config/PhabricatorAuthListController.php
+34
src/applications/auth/controller/config/PhabricatorAuthListController.php
···
90
90
id(new PhabricatorCrumbView())
91
91
->setName(pht('Auth Providers')));
92
92
93
+
$config_name = 'auth.email-domains';
94
+
$config_href = '/config/edit/'.$config_name.'/';
95
+
$config_link = phutil_tag(
96
+
'a',
97
+
array(
98
+
'href' => $config_href,
99
+
'target' => '_blank',
100
+
),
101
+
$config_name);
102
+
103
+
$warning = new AphrontErrorView();
104
+
105
+
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
106
+
if ($email_domains) {
107
+
$warning->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
108
+
$warning->setTitle(pht('Registration is Restricted'));
109
+
$warning->appendChild(
110
+
pht(
111
+
'Only users with a verified email address at one of the %s domains '.
112
+
'will be able to register a Phabricator account: %s',
113
+
$config_link,
114
+
phutil_tag('strong', array(), implode(', ', $email_domains))));
115
+
} else {
116
+
$warning->setSeverity(AphrontErrorView::SEVERITY_WARNING);
117
+
$warning->setTitle(pht('Anyone Can Register an Account'));
118
+
$warning->appendChild(
119
+
pht(
120
+
'Anyone who can browse to this Phabricator install will be able to '.
121
+
'register an account. To restrict who can register an account, '.
122
+
'configure %s.',
123
+
$config_link));
124
+
}
125
+
93
126
return $this->buildApplicationPage(
94
127
array(
95
128
$crumbs,
129
+
$warning,
96
130
$list,
97
131
),
98
132
array(