@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Drive auth config with the database

Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff.

Test Plan:
- Ran the migration.
- Saw all my old config brought forward and respected, with accurate settings.
- Ran LDAP import.
- Grepped for all removed config options.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, wez

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6243

+320 -1213
-156
conf/default.conf.php
··· 616 616 'account.minimum-password-length' => 8, 617 617 618 618 619 - // -- Facebook OAuth -------------------------------------------------------- // 620 - 621 - // Can users use Facebook credentials to login to Phabricator? 622 - 'facebook.auth-enabled' => false, 623 - 624 - // Can users use Facebook credentials to create new Phabricator accounts? 625 - 'facebook.registration-enabled' => true, 626 - 627 - // Are Facebook accounts permanently linked to Phabricator accounts, or can 628 - // the user unlink them? 629 - 'facebook.auth-permanent' => false, 630 - 631 - // The Facebook "Application ID" to use for Facebook API access. 632 - 'facebook.application-id' => null, 633 - 634 - // The Facebook "Application Secret" to use for Facebook API access. 635 - 'facebook.application-secret' => null, 636 - 637 - // Should Phabricator reject requests made by users with 638 - // Secure Browsing disabled? 639 - 'facebook.require-https-auth' => false, 640 - 641 - // -- GitHub OAuth ---------------------------------------------------------- // 642 - 643 - // Can users use GitHub credentials to login to Phabricator? 644 - 'github.auth-enabled' => false, 645 - 646 - // Can users use GitHub credentials to create new Phabricator accounts? 647 - 'github.registration-enabled' => true, 648 - 649 - // Are GitHub accounts permanently linked to Phabricator accounts, or can 650 - // the user unlink them? 651 - 'github.auth-permanent' => false, 652 - 653 - // The GitHub "Client ID" to use for GitHub API access. 654 - 'github.application-id' => null, 655 - 656 - // The GitHub "Secret" to use for GitHub API access. 657 - 'github.application-secret' => null, 658 - 659 - 660 - // -- Google OAuth ---------------------------------------------------------- // 661 - 662 - // Can users use Google credentials to login to Phabricator? 663 - 'google.auth-enabled' => false, 664 - 665 - // Can users use Google credentials to create new Phabricator accounts? 666 - 'google.registration-enabled' => true, 667 - 668 - // Are Google accounts permanently linked to Phabricator accounts, or can 669 - // the user unlink them? 670 - 'google.auth-permanent' => false, 671 - 672 - // The Google "Client ID" to use for Google API access. 673 - 'google.application-id' => null, 674 - 675 - // The Google "Client Secret" to use for Google API access. 676 - 'google.application-secret' => null, 677 - 678 - // -- LDAP Auth ----------------------------------------------------- // 679 - // Enable ldap auth 680 - 'ldap.auth-enabled' => false, 681 - 682 - // The LDAP server hostname 683 - 'ldap.hostname' => null, 684 - 685 - // The LDAP server port 686 - 'ldap.port' => 389, 687 - 688 - // The LDAP base domain name 689 - 'ldap.base_dn' => null, 690 - 691 - // The attribute to be regarded as 'username'. Has to be unique 692 - 'ldap.search_attribute' => null, 693 - 694 - // Perform a search to find a user 695 - // Many LDAP installations do not have the username in the dn, if this is 696 - // true for you set this to true and configure the username_attribute below 697 - 'ldap.search-first' => false, 698 - 699 - // The attribute to search for if you have to search for a user 700 - 'ldap.username-attribute' => null, 701 - 702 - // The attribute(s) to be regarded as 'real name'. 703 - // If more then one attribute is supplied the values of the attributes in 704 - // the array will be joined 705 - 'ldap.real_name_attributes' => array(), 706 - 707 - // A domain name to use when authenticating against Active Directory 708 - // (e.g. 'example.com') 709 - 'ldap.activedirectory_domain' => null, 710 - 711 - // The LDAP version 712 - 'ldap.version' => 3, 713 - 714 - // LDAP Referrals Option 715 - // Whether referrals should be followed by the client 716 - // Should be set to 0 if you use Windows 2003 AD 717 - 'ldap.referrals' => true, 718 - 719 - // The anonymous user name to use before searching a user. 720 - // Many LDAP installations require login even before searching a user, set 721 - // this option to enable it. 722 - 'ldap.anonymous-user-name' => null, 723 - 724 - // The password of the LDAP anonymous user. 725 - 'ldap.anonymous-user-password' => null, 726 - 727 - // Whether to use STARTTLS 728 - 'ldap.start-tls' => false, 729 - 730 - 731 - // -- Disqus OAuth ---------------------------------------------------------- // 732 - 733 - // Can users use Disqus credentials to login to Phabricator? 734 - 'disqus.auth-enabled' => false, 735 - 736 - // Can users use Disqus credentials to create new Phabricator accounts? 737 - 'disqus.registration-enabled' => true, 738 - 739 - // Are Disqus accounts permanently linked to Phabricator accounts, or can 740 - // the user unlink them? 741 - 'disqus.auth-permanent' => false, 742 - 743 - // The Disqus "Client ID" to use for Disqus API access. 744 - 'disqus.application-id' => null, 745 - 746 - // The Disqus "Client Secret" to use for Disqus API access. 747 - 'disqus.application-secret' => null, 748 - 749 - 750 - // -- Phabricator OAuth ----------------------------------------------------- // 751 - 752 - // Meta-town -- Phabricator is itself an OAuth Provider 753 - // TODO -- T887 -- make this support multiple Phabricator instances! 754 - 755 - // The URI of the Phabricator instance to use as an OAuth server. 756 - 'phabricator.oauth-uri' => null, 757 - 758 - // Can users use Phabricator credentials to login to Phabricator? 759 - 'phabricator.auth-enabled' => false, 760 - 761 - // Can users use Phabricator credentials to create new Phabricator accounts? 762 - 'phabricator.registration-enabled' => true, 763 - 764 - // Are Phabricator accounts permanently linked to Phabricator accounts, or can 765 - // the user unlink them? 766 - 'phabricator.auth-permanent' => false, 767 - 768 - // The Phabricator "Client ID" to use for Phabricator API access. 769 - 'phabricator.application-id' => null, 770 - 771 - // The Phabricator "Client Secret" to use for Phabricator API access. 772 - 'phabricator.application-secret' => null, 773 - 774 - 775 619 // -- Recaptcha ------------------------------------------------------------- // 776 620 777 621 // Is Recaptcha enabled? If disabled, captchas will not appear. You should
+158
resources/sql/patches/20130619.authconf.php
··· 1 + <?php 2 + 3 + $config_map = array( 4 + 'PhabricatorAuthProviderLDAP' => array( 5 + 'enabled' => 'ldap.auth-enabled', 6 + 'registration' => true, 7 + 'type' => 'ldap', 8 + 'domain' => 'self', 9 + ), 10 + 'PhabricatorAuthProviderOAuthDisqus' => array( 11 + 'enabled' => 'disqus.auth-enabled', 12 + 'registration' => 'disqus.registration-enabled', 13 + 'permanent' => 'disqus.auth-permanent', 14 + 'oauth.id' => 'disqus.application-id', 15 + 'oauth.secret' => 'disqus.application-secret', 16 + 'type' => 'disqus', 17 + 'domain' => 'disqus.com', 18 + ), 19 + 'PhabricatorAuthProviderOAuthFacebook' => array( 20 + 'enabled' => 'facebook.auth-enabled', 21 + 'registration' => 'facebook.registration-enabled', 22 + 'permanent' => 'facebook.auth-permanent', 23 + 'oauth.id' => 'facebook.application-id', 24 + 'oauth.secret' => 'facebook.application-secret', 25 + 'type' => 'facebook', 26 + 'domain' => 'facebook.com', 27 + ), 28 + 'PhabricatorAuthProviderOAuthGitHub' => array( 29 + 'enabled' => 'github.auth-enabled', 30 + 'registration' => 'github.registration-enabled', 31 + 'permanent' => 'github.auth-permanent', 32 + 'oauth.id' => 'github.application-id', 33 + 'oauth.secret' => 'github.application-secret', 34 + 'type' => 'github', 35 + 'domain' => 'github.com', 36 + ), 37 + 'PhabricatorAuthProviderOAuthGoogle' => array( 38 + 'enabled' => 'google.auth-enabled', 39 + 'registration' => 'google.registration-enabled', 40 + 'permanent' => 'google.auth-permanent', 41 + 'oauth.id' => 'google.application-id', 42 + 'oauth.secret' => 'google.application-secret', 43 + 'type' => 'google', 44 + 'domain' => 'google.com', 45 + ), 46 + 'PhabricatorAuthProviderPassword' => array( 47 + 'enabled' => 'auth.password-auth-enabled', 48 + 'registration' => false, 49 + 'type' => 'password', 50 + 'domain' => 'self', 51 + ), 52 + ); 53 + 54 + foreach ($config_map as $provider_class => $spec) { 55 + $enabled_key = idx($spec, 'enabled'); 56 + $enabled = PhabricatorEnv::getEnvConfigIfExists($enabled_key); 57 + 58 + if (!$enabled) { 59 + echo pht("Skipping %s (not enabled).\n", $provider_class); 60 + // This provider was not previously enabled, so we can skip migrating it. 61 + continue; 62 + } else { 63 + echo pht("Migrating %s...\n", $provider_class); 64 + } 65 + 66 + $registration_key = idx($spec, 'registration'); 67 + if ($registration_key === true) { 68 + $registration = 1; 69 + } else if ($registration_key === false) { 70 + $registration = 0; 71 + } else { 72 + $registration = (int)PhabricatorEnv::getEnvConfigIfExists( 73 + $registration_key, 74 + true); 75 + } 76 + 77 + $unlink_key = idx($spec, 'permanent'); 78 + if (!$unlink_key) { 79 + $unlink = 1; 80 + } else { 81 + $unlink = (int)(!PhabricatorEnv::getEnvConfigIfExists($unlink_key)); 82 + } 83 + 84 + $config = id(new PhabricatorAuthProviderConfig()) 85 + ->setIsEnabled(1) 86 + ->setShouldAllowLogin(1) 87 + ->setShouldAllowRegistration($registration) 88 + ->setShouldAllowLink(1) 89 + ->setShouldAllowUnlink($unlink) 90 + ->setProviderType(idx($spec, 'type')) 91 + ->setProviderDomain(idx($spec, 'domain')) 92 + ->setProviderClass($provider_class); 93 + 94 + if (isset($spec['oauth.id'])) { 95 + $config->setProperty( 96 + PhabricatorAuthProviderOAuth::PROPERTY_APP_ID, 97 + PhabricatorEnv::getEnvConfigIfExists(idx($spec, 'oauth.id'))); 98 + $config->setProperty( 99 + PhabricatorAuthProviderOAuth::PROPERTY_APP_SECRET, 100 + PhabricatorEnv::getEnvConfigIfExists(idx($spec, 'oauth.secret'))); 101 + } 102 + 103 + switch ($provider_class) { 104 + case 'PhabricatorAuthProviderOAuthFacebook': 105 + $config->setProperty( 106 + PhabricatorAuthProviderOAuthFacebook::KEY_REQUIRE_SECURE, 107 + (int)PhabricatorEnv::getEnvConfigIfExists( 108 + 'facebook.require-https-auth')); 109 + break; 110 + case 'PhabricatorAuthProviderLDAP': 111 + 112 + $ldap_map = array( 113 + PhabricatorAuthProviderLDAP::KEY_HOSTNAME 114 + => 'ldap.hostname', 115 + PhabricatorAuthProviderLDAP::KEY_PORT 116 + => 'ldap.port', 117 + PhabricatorAuthProviderLDAP::KEY_DISTINGUISHED_NAME 118 + => 'ldap.base_dn', 119 + PhabricatorAuthProviderLDAP::KEY_SEARCH_ATTRIBUTE 120 + => 'ldap.search_attribute', 121 + PhabricatorAuthProviderLDAP::KEY_USERNAME_ATTRIBUTE 122 + => 'ldap.username-attribute', 123 + PhabricatorAuthProviderLDAP::KEY_REALNAME_ATTRIBUTES 124 + => 'ldap.real_name_attributes', 125 + PhabricatorAuthProviderLDAP::KEY_VERSION 126 + => 'ldap.version', 127 + PhabricatorAuthProviderLDAP::KEY_REFERRALS 128 + => 'ldap.referrals', 129 + PhabricatorAuthProviderLDAP::KEY_START_TLS 130 + => 'ldap.start-tls', 131 + PhabricatorAuthProviderLDAP::KEY_ANONYMOUS_USERNAME 132 + => 'ldap.anonymous-user-name', 133 + PhabricatorAuthProviderLDAP::KEY_ANONYMOUS_PASSWORD 134 + => 'ldap.anonymous-user-password', 135 + PhabricatorAuthProviderLDAP::KEY_SEARCH_FIRST 136 + => 'ldap.search-first', 137 + PhabricatorAuthProviderLDAP::KEY_ACTIVEDIRECTORY_DOMAIN 138 + => 'ldap.activedirectory_domain', 139 + ); 140 + 141 + $defaults = array( 142 + 'ldap.version' => 3, 143 + 'ldap.port' => 389, 144 + ); 145 + 146 + foreach ($ldap_map as $pkey => $ckey) { 147 + $default = idx($defaults, $ckey); 148 + $config->setProperty( 149 + $pkey, 150 + PhabricatorEnv::getEnvConfigIfExists($ckey, $default)); 151 + } 152 + break; 153 + } 154 + 155 + $config->save(); 156 + } 157 + 158 + echo "Done.\n";
-15
src/__phutil_library_map__.php
··· 1012 1012 'PhabricatorExtendingPhabricatorConfigOptions' => 'applications/config/option/PhabricatorExtendingPhabricatorConfigOptions.php', 1013 1013 'PhabricatorExternalAccount' => 'applications/people/storage/PhabricatorExternalAccount.php', 1014 1014 'PhabricatorExternalAccountQuery' => 'applications/auth/query/PhabricatorExternalAccountQuery.php', 1015 - 'PhabricatorFacebookConfigOptions' => 'applications/config/option/PhabricatorFacebookConfigOptions.php', 1016 1015 'PhabricatorFactAggregate' => 'applications/fact/storage/PhabricatorFactAggregate.php', 1017 1016 'PhabricatorFactChartController' => 'applications/fact/controller/PhabricatorFactChartController.php', 1018 1017 'PhabricatorFactController' => 'applications/fact/controller/PhabricatorFactController.php', ··· 1103 1102 'PhabricatorGarbageCollectorDaemon' => 'infrastructure/daemon/PhabricatorGarbageCollectorDaemon.php', 1104 1103 'PhabricatorGestureExample' => 'applications/uiexample/examples/PhabricatorGestureExample.php', 1105 1104 'PhabricatorGitGraphStream' => 'applications/repository/daemon/PhabricatorGitGraphStream.php', 1106 - 'PhabricatorGitHubConfigOptions' => 'applications/config/option/PhabricatorGitHubConfigOptions.php', 1107 1105 'PhabricatorGlobalLock' => 'infrastructure/util/PhabricatorGlobalLock.php', 1108 1106 'PhabricatorGlobalUploadTargetView' => 'applications/files/view/PhabricatorGlobalUploadTargetView.php', 1109 - 'PhabricatorGoogleConfigOptions' => 'applications/config/option/PhabricatorGoogleConfigOptions.php', 1110 1107 'PhabricatorHandleObjectSelectorDataView' => 'applications/phid/handle/view/PhabricatorHandleObjectSelectorDataView.php', 1111 1108 'PhabricatorHash' => 'infrastructure/util/PhabricatorHash.php', 1112 1109 'PhabricatorHashTestCase' => 'infrastructure/util/__tests__/PhabricatorHashTestCase.php', ··· 1127 1124 'PhabricatorJavelinLinter' => 'infrastructure/lint/linter/PhabricatorJavelinLinter.php', 1128 1125 'PhabricatorJumpNavHandler' => 'applications/search/engine/PhabricatorJumpNavHandler.php', 1129 1126 'PhabricatorKeyValueDatabaseCache' => 'applications/cache/PhabricatorKeyValueDatabaseCache.php', 1130 - 'PhabricatorLDAPConfigOptions' => 'applications/config/option/PhabricatorLDAPConfigOptions.php', 1131 - 'PhabricatorLDAPProvider' => 'applications/auth/ldap/PhabricatorLDAPProvider.php', 1132 - 'PhabricatorLDAPUnknownUserException' => 'applications/auth/ldap/PhabricatorLDAPUnknownUserException.php', 1133 1127 'PhabricatorLintEngine' => 'infrastructure/lint/PhabricatorLintEngine.php', 1134 1128 'PhabricatorLipsumArtist' => 'applications/lipsum/image/PhabricatorLipsumArtist.php', 1135 1129 'PhabricatorLipsumGenerateWorkflow' => 'applications/lipsum/management/PhabricatorLipsumGenerateWorkflow.php', ··· 1301 1295 'PhabricatorPeopleQuery' => 'applications/people/query/PhabricatorPeopleQuery.php', 1302 1296 'PhabricatorPeopleSearchEngine' => 'applications/people/query/PhabricatorPeopleSearchEngine.php', 1303 1297 'PhabricatorPeopleTestDataGenerator' => 'applications/people/lipsum/PhabricatorPeopleTestDataGenerator.php', 1304 - 'PhabricatorPhabricatorOAuthConfigOptions' => 'applications/config/option/PhabricatorPhabricatorOAuthConfigOptions.php', 1305 1298 'PhabricatorPhameConfigOptions' => 'applications/phame/config/PhabricatorPhameConfigOptions.php', 1306 1299 'PhabricatorPholioConfigOptions' => 'applications/pholio/config/PhabricatorPholioConfigOptions.php', 1307 1300 'PhabricatorPholioMockTestDataGenerator' => 'applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php', ··· 1462 1455 'PhabricatorSetupCheckDatabase' => 'applications/config/check/PhabricatorSetupCheckDatabase.php', 1463 1456 'PhabricatorSetupCheckExtensions' => 'applications/config/check/PhabricatorSetupCheckExtensions.php', 1464 1457 'PhabricatorSetupCheckExtraConfig' => 'applications/config/check/PhabricatorSetupCheckExtraConfig.php', 1465 - 'PhabricatorSetupCheckFacebook' => 'applications/config/check/PhabricatorSetupCheckFacebook.php', 1466 1458 'PhabricatorSetupCheckFileinfo' => 'applications/config/check/PhabricatorSetupCheckFileinfo.php', 1467 1459 'PhabricatorSetupCheckGD' => 'applications/config/check/PhabricatorSetupCheckGD.php', 1468 1460 'PhabricatorSetupCheckImagemagick' => 'applications/config/check/PhabricatorSetupCheckImagemagick.php', ··· 2884 2876 1 => 'PhabricatorPolicyInterface', 2885 2877 ), 2886 2878 'PhabricatorExternalAccountQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 2887 - 'PhabricatorFacebookConfigOptions' => 'PhabricatorApplicationConfigOptions', 2888 2879 'PhabricatorFactAggregate' => 'PhabricatorFactDAO', 2889 2880 'PhabricatorFactChartController' => 'PhabricatorFactController', 2890 2881 'PhabricatorFactController' => 'PhabricatorController', ··· 2979 2970 'PhabricatorGarbageCollectorConfigOptions' => 'PhabricatorApplicationConfigOptions', 2980 2971 'PhabricatorGarbageCollectorDaemon' => 'PhabricatorDaemon', 2981 2972 'PhabricatorGestureExample' => 'PhabricatorUIExample', 2982 - 'PhabricatorGitHubConfigOptions' => 'PhabricatorApplicationConfigOptions', 2983 2973 'PhabricatorGlobalLock' => 'PhutilLock', 2984 2974 'PhabricatorGlobalUploadTargetView' => 'AphrontView', 2985 - 'PhabricatorGoogleConfigOptions' => 'PhabricatorApplicationConfigOptions', 2986 2975 'PhabricatorHashTestCase' => 'PhabricatorTestCase', 2987 2976 'PhabricatorHeaderView' => 'AphrontView', 2988 2977 'PhabricatorHelpController' => 'PhabricatorController', ··· 2999 2988 'PhabricatorInlineSummaryView' => 'AphrontView', 3000 2989 'PhabricatorJavelinLinter' => 'ArcanistLinter', 3001 2990 'PhabricatorKeyValueDatabaseCache' => 'PhutilKeyValueCache', 3002 - 'PhabricatorLDAPConfigOptions' => 'PhabricatorApplicationConfigOptions', 3003 - 'PhabricatorLDAPUnknownUserException' => 'Exception', 3004 2991 'PhabricatorLintEngine' => 'PhutilLintEngine', 3005 2992 'PhabricatorLipsumGenerateWorkflow' => 'PhabricatorLipsumManagementWorkflow', 3006 2993 'PhabricatorLipsumManagementWorkflow' => 'PhutilArgumentWorkflow', ··· 3174 3161 'PhabricatorPeopleQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 3175 3162 'PhabricatorPeopleSearchEngine' => 'PhabricatorApplicationSearchEngine', 3176 3163 'PhabricatorPeopleTestDataGenerator' => 'PhabricatorTestDataGenerator', 3177 - 'PhabricatorPhabricatorOAuthConfigOptions' => 'PhabricatorApplicationConfigOptions', 3178 3164 'PhabricatorPhameConfigOptions' => 'PhabricatorApplicationConfigOptions', 3179 3165 'PhabricatorPholioConfigOptions' => 'PhabricatorApplicationConfigOptions', 3180 3166 'PhabricatorPholioMockTestDataGenerator' => 'PhabricatorTestDataGenerator', ··· 3331 3317 'PhabricatorSetupCheckDatabase' => 'PhabricatorSetupCheck', 3332 3318 'PhabricatorSetupCheckExtensions' => 'PhabricatorSetupCheck', 3333 3319 'PhabricatorSetupCheckExtraConfig' => 'PhabricatorSetupCheck', 3334 - 'PhabricatorSetupCheckFacebook' => 'PhabricatorSetupCheck', 3335 3320 'PhabricatorSetupCheckFileinfo' => 'PhabricatorSetupCheck', 3336 3321 'PhabricatorSetupCheckGD' => 'PhabricatorSetupCheck', 3337 3322 'PhabricatorSetupCheckImagemagick' => 'PhabricatorSetupCheck',
+2 -6
src/applications/auth/application/PhabricatorApplicationAuth.php
··· 34 34 return $items; 35 35 } 36 36 37 - public function shouldAppearInLaunchView() { 38 - return false; 37 + public function getApplicationGroup() { 38 + return self::GROUP_ADMIN; 39 39 } 40 40 41 41 public function getRoutes() { 42 42 return array( 43 43 '/auth/' => array( 44 - /* 45 - 46 44 '' => 'PhabricatorAuthListController', 47 45 'config/' => array( 48 46 'new/' => 'PhabricatorAuthNewController', ··· 51 49 '(?P<action>enable|disable)/(?P<id>\d+)/' => 52 50 'PhabricatorAuthDisableController', 53 51 ), 54 - 55 - */ 56 52 'login/(?P<pkey>[^/]+)/' => 'PhabricatorAuthLoginController', 57 53 'register/(?:(?P<akey>[^/]+)/)?' => 'PhabricatorAuthRegisterController', 58 54 'start/' => 'PhabricatorAuthStartController',
-292
src/applications/auth/ldap/PhabricatorLDAPProvider.php
··· 1 - <?php 2 - 3 - final class PhabricatorLDAPProvider { 4 - // http://www.php.net/manual/en/function.ldap-errno.php#20665 states 5 - // that the number could be 31 or 49, in testing it has always been 49 6 - const LDAP_INVALID_CREDENTIALS = 49; 7 - 8 - private $userData; 9 - private $connection; 10 - 11 - public function __construct() { 12 - 13 - } 14 - 15 - public function __destruct() { 16 - if (isset($this->connection)) { 17 - ldap_unbind($this->connection); 18 - } 19 - } 20 - 21 - public function isProviderEnabled() { 22 - return PhabricatorEnv::getEnvConfig('ldap.auth-enabled'); 23 - } 24 - 25 - public function getHostname() { 26 - return PhabricatorEnv::getEnvConfig('ldap.hostname'); 27 - } 28 - 29 - public function getPort() { 30 - return PhabricatorEnv::getEnvConfig('ldap.port'); 31 - } 32 - 33 - public function getBaseDN() { 34 - return PhabricatorEnv::getEnvConfig('ldap.base_dn'); 35 - } 36 - 37 - public function getSearchAttribute() { 38 - return PhabricatorEnv::getEnvConfig('ldap.search_attribute'); 39 - } 40 - 41 - public function getUsernameAttribute() { 42 - return PhabricatorEnv::getEnvConfig('ldap.username-attribute'); 43 - } 44 - 45 - public function getLDAPVersion() { 46 - return PhabricatorEnv::getEnvConfig('ldap.version'); 47 - } 48 - 49 - public function getLDAPReferrals() { 50 - return PhabricatorEnv::getEnvConfig('ldap.referrals'); 51 - } 52 - 53 - public function getLDAPStartTLS() { 54 - return PhabricatorEnv::getEnvConfig('ldap.start-tls'); 55 - } 56 - 57 - public function bindAnonymousUserEnabled() { 58 - return strlen(trim($this->getAnonymousUserName())) > 0; 59 - } 60 - 61 - public function getAnonymousUserName() { 62 - return PhabricatorEnv::getEnvConfig('ldap.anonymous-user-name'); 63 - } 64 - 65 - public function getAnonymousUserPassword() { 66 - return PhabricatorEnv::getEnvConfig('ldap.anonymous-user-password'); 67 - } 68 - 69 - public function retrieveUserEmail() { 70 - return $this->userData['mail'][0]; 71 - } 72 - 73 - public function retrieveUserRealName() { 74 - return $this->retrieveUserRealNameFromData($this->userData); 75 - } 76 - 77 - public function retrieveUserRealNameFromData($data) { 78 - $name_attributes = PhabricatorEnv::getEnvConfig( 79 - 'ldap.real_name_attributes'); 80 - 81 - $real_name = ''; 82 - if (is_array($name_attributes)) { 83 - foreach ($name_attributes AS $attribute) { 84 - if (isset($data[$attribute][0])) { 85 - $real_name .= $data[$attribute][0].' '; 86 - } 87 - } 88 - 89 - trim($real_name); 90 - } else if (isset($data[$name_attributes][0])) { 91 - $real_name = $data[$name_attributes][0]; 92 - } 93 - 94 - if ($real_name == '') { 95 - return null; 96 - } 97 - 98 - return $real_name; 99 - } 100 - 101 - public function retrieveUsername() { 102 - $key = nonempty( 103 - $this->getUsernameAttribute(), 104 - $this->getSearchAttribute()); 105 - return $this->userData[$key][0]; 106 - } 107 - 108 - public function getConnection() { 109 - if (!isset($this->connection)) { 110 - $this->connection = ldap_connect($this->getHostname(), $this->getPort()); 111 - 112 - if (!$this->connection) { 113 - throw new Exception('Could not connect to LDAP host at '. 114 - $this->getHostname().':'.$this->getPort()); 115 - } 116 - 117 - ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 118 - $this->getLDAPVersion()); 119 - ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 120 - $this->getLDAPReferrals()); 121 - 122 - if ($this->getLDAPStartTLS()) { 123 - if (!ldap_start_tls($this->getConnection())) { 124 - throw new Exception('Unabled to initialize STARTTLS for LDAP host at '. 125 - $this->getHostname().':'.$this->getPort()); 126 - } 127 - } 128 - } 129 - 130 - return $this->connection; 131 - } 132 - 133 - public function getUserData() { 134 - return $this->userData; 135 - } 136 - 137 - private function invalidLDAPUserErrorMessage($errno, $errmsg) { 138 - return "LDAP Error #".$errno.": ".$errmsg; 139 - } 140 - 141 - public function auth($username, PhutilOpaqueEnvelope $password) { 142 - if (strlen(trim($username)) == 0) { 143 - throw new Exception('Username can not be empty'); 144 - } 145 - 146 - if (PhabricatorEnv::getEnvConfig('ldap.search-first')) { 147 - // To protect against people phishing for accounts we catch the 148 - // exception and present the default exception that would be presented 149 - // in the case of a failed bind. 150 - try { 151 - $user = $this->getUser($this->getUsernameAttribute(), $username); 152 - $username = $user[$this->getSearchAttribute()][0]; 153 - } catch (PhabricatorLDAPUnknownUserException $e) { 154 - throw new Exception( 155 - $this->invalidLDAPUserErrorMessage( 156 - self::LDAP_INVALID_CREDENTIALS, 157 - ldap_err2str(self::LDAP_INVALID_CREDENTIALS))); 158 - } 159 - } 160 - 161 - $conn = $this->getConnection(); 162 - 163 - $activeDirectoryDomain = 164 - PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain'); 165 - 166 - if ($activeDirectoryDomain) { 167 - $dn = $username.'@'.$activeDirectoryDomain; 168 - } else { 169 - if (isset($user)) { 170 - $dn = $user['dn']; 171 - } else { 172 - $dn = ldap_sprintf( 173 - '%Q=%s,%Q', 174 - $this->getSearchAttribute(), 175 - $username, 176 - $this->getBaseDN()); 177 - } 178 - } 179 - 180 - // NOTE: It is very important we suppress any messages that occur here, 181 - // because it logs passwords if it reaches an error log of any sort. 182 - DarkConsoleErrorLogPluginAPI::enableDiscardMode(); 183 - $result = @ldap_bind($conn, $dn, $password->openEnvelope()); 184 - DarkConsoleErrorLogPluginAPI::disableDiscardMode(); 185 - 186 - if (!$result) { 187 - throw new Exception( 188 - $this->invalidLDAPUserErrorMessage( 189 - ldap_errno($conn), 190 - ldap_error($conn))); 191 - } 192 - 193 - $this->userData = $this->getUser($this->getSearchAttribute(), $username); 194 - return $this->userData; 195 - } 196 - 197 - private function getUser($attribute, $username) { 198 - $conn = $this->getConnection(); 199 - 200 - if ($this->bindAnonymousUserEnabled()) { 201 - // NOTE: It is very important we suppress any messages that occur here, 202 - // because it logs passwords if it reaches an error log of any sort. 203 - DarkConsoleErrorLogPluginAPI::enableDiscardMode(); 204 - $result = ldap_bind( 205 - $conn, 206 - $this->getAnonymousUserName(), 207 - $this->getAnonymousUserPassword()); 208 - DarkConsoleErrorLogPluginAPI::disableDiscardMode(); 209 - 210 - if (!$result) { 211 - throw new Exception('Bind anonymous account failed. '. 212 - $this->invalidLDAPUserErrorMessage( 213 - ldap_errno($conn), 214 - ldap_error($conn))); 215 - } 216 - } 217 - 218 - $query = ldap_sprintf( 219 - '%Q=%S', 220 - $attribute, 221 - $username); 222 - 223 - $result = ldap_search($conn, $this->getBaseDN(), $query); 224 - 225 - if (!$result) { 226 - throw new Exception('Search failed. '. 227 - $this->invalidLDAPUserErrorMessage( 228 - ldap_errno($conn), 229 - ldap_error($conn))); 230 - } 231 - 232 - $entries = ldap_get_entries($conn, $result); 233 - 234 - if ($entries === false) { 235 - throw new Exception('Could not get entries'); 236 - } 237 - 238 - if ($entries['count'] > 1) { 239 - throw new Exception('Found more then one user with this '. 240 - $attribute); 241 - } 242 - 243 - if ($entries['count'] == 0) { 244 - throw new PhabricatorLDAPUnknownUserException('Could not find user'); 245 - } 246 - 247 - return $entries[0]; 248 - } 249 - 250 - public function search($query) { 251 - $result = ldap_search($this->getConnection(), $this->getBaseDN(), 252 - $query); 253 - 254 - if (!$result) { 255 - throw new Exception('Search failed. Please check your LDAP and HTTP '. 256 - 'logs for more information.'); 257 - } 258 - 259 - $entries = ldap_get_entries($this->getConnection(), $result); 260 - 261 - if ($entries === false) { 262 - throw new Exception('Could not get entries'); 263 - } 264 - 265 - if ($entries['count'] == 0) { 266 - throw new Exception('No results found'); 267 - } 268 - 269 - 270 - $rows = array(); 271 - 272 - for ($i = 0; $i < $entries['count']; $i++) { 273 - $row = array(); 274 - $entry = $entries[$i]; 275 - 276 - // Get username, email and realname 277 - $username = $entry[$this->getSearchAttribute()][0]; 278 - if (empty($username)) { 279 - continue; 280 - } 281 - $row[] = $username; 282 - $row[] = $entry['mail'][0]; 283 - $row[] = $this->retrieveUserRealNameFromData($entry); 284 - 285 - 286 - $rows[] = $row; 287 - } 288 - 289 - return $rows; 290 - 291 - } 292 - }
-4
src/applications/auth/ldap/PhabricatorLDAPUnknownUserException.php
··· 1 - <?php 2 - 3 - final class PhabricatorLDAPUnknownUserException extends Exception{ 4 - }
+21 -59
src/applications/auth/provider/PhabricatorAuthProvider.php
··· 75 75 ->execute(); 76 76 77 77 $providers = array(); 78 - if ($configs) { 79 - foreach ($configs as $config) { 80 - if (!isset($objects[$config->getProviderClass()])) { 81 - // This configuration is for a provider which is not installed. 82 - continue; 83 - } 78 + foreach ($configs as $config) { 79 + if (!isset($objects[$config->getProviderClass()])) { 80 + // This configuration is for a provider which is not installed. 81 + continue; 82 + } 84 83 85 - $object = clone $objects[$config->getProviderClass()]; 86 - $object->attachProviderConfig($config); 84 + $object = clone $objects[$config->getProviderClass()]; 85 + $object->attachProviderConfig($config); 87 86 88 - $key = $object->getProviderKey(); 89 - if (isset($providers[$key])) { 90 - throw new Exception( 91 - pht( 92 - "Two authentication providers use the same provider key ". 93 - "('%s'). Each provider must be identified by a unique ". 94 - "key.", 95 - $key)); 96 - } 97 - $providers[$key] = $object; 98 - } 99 - } else { 100 - // TODO: Remove this once we transition to be completely database 101 - // driven. 102 - $from_class_map = array(); 103 - foreach ($objects as $object) { 104 - $from_class = get_class($object); 105 - $object_providers = $object->createProviders(); 106 - assert_instances_of($object_providers, 'PhabricatorAuthProvider'); 107 - foreach ($object_providers as $provider) { 108 - $key = $provider->getProviderKey(); 109 - if (isset($providers[$key])) { 110 - $first_class = $from_class_map[$key]; 111 - throw new Exception( 112 - "PhabricatorAuthProviders '{$first_class}' and ". 113 - "'{$from_class}' both created authentication providers ". 114 - "identified by key '{$key}'. Provider keys must be unique."); 115 - } 116 - $providers[$key] = $provider; 117 - $from_class_map[$key] = $from_class; 118 - } 87 + $key = $object->getProviderKey(); 88 + if (isset($providers[$key])) { 89 + throw new Exception( 90 + pht( 91 + "Two authentication providers use the same provider key ". 92 + "('%s'). Each provider must be identified by a unique ". 93 + "key.", 94 + $key)); 119 95 } 96 + $providers[$key] = $object; 120 97 } 121 98 } 122 99 ··· 141 118 abstract public function getAdapter(); 142 119 143 120 public function isEnabled() { 144 - if ($this->hasProviderConfig()) { 145 - return $this->getProviderConfig()->getIsEnabled(); 146 - } 147 - return true; 121 + return $this->getProviderConfig()->getIsEnabled(); 148 122 } 149 123 150 124 public function shouldAllowLogin() { 151 - if ($this->hasProviderConfig()) { 152 - return $this->getProviderConfig()->getShouldAllowLogin(); 153 - } 154 - return true; 125 + return $this->getProviderConfig()->getShouldAllowLogin(); 155 126 } 156 127 157 128 public function shouldAllowRegistration() { 158 - if ($this->hasProviderConfig()) { 159 - return $this->getProviderConfig()->getShouldAllowRegistration(); 160 - } 161 - return true; 129 + return $this->getProviderConfig()->getShouldAllowRegistration(); 162 130 } 163 131 164 132 public function shouldAllowAccountLink() { 165 - if ($this->hasProviderConfig()) { 166 - return $this->getProviderConfig()->getShouldAllowLink(); 167 - } 168 - return true; 133 + return $this->getProviderConfig()->getShouldAllowLink(); 169 134 } 170 135 171 136 public function shouldAllowAccountUnlink() { 172 - if ($this->hasProviderConfig()) { 173 - return $this->getProviderConfig()->getShouldAllowUnlink(); 174 - } 175 - return true; 137 + return $this->getProviderConfig()->getShouldAllowUnlink(); 176 138 } 177 139 178 140 public function buildLoginForm(
+41 -53
src/applications/auth/provider/PhabricatorAuthProviderLDAP.php
··· 21 21 ->setProperty(self::KEY_VERSION, 3); 22 22 } 23 23 24 - public function isEnabled() { 25 - if ($this->hasProviderConfig()) { 26 - return parent::isEnabled(); 27 - } 28 - 29 - return parent::isEnabled() && 30 - PhabricatorEnv::getEnvConfig('ldap.auth-enabled'); 31 - } 32 - 33 24 public function getAdapter() { 34 25 if (!$this->adapter) { 26 + $conf = $this->getProviderConfig(); 35 27 $adapter = id(new PhutilAuthAdapterLDAP()) 36 - ->setHostname(PhabricatorEnv::getEnvConfig('ldap.hostname')) 37 - ->setPort(PhabricatorEnv::getEnvConfig('ldap.port')) 38 - ->setBaseDistinguishedName(PhabricatorEnv::getEnvConfig('ldap.base_dn')) 28 + ->setHostname( 29 + $conf->getProperty(self::KEY_HOSTNAME)) 30 + ->setPort( 31 + $conf->getProperty(self::KEY_PORT)) 32 + ->setBaseDistinguishedName( 33 + $conf->getProperty(self::KEY_DISTINGUISHED_NAME)) 39 34 ->setSearchAttribute( 40 - PhabricatorEnv::getEnvConfig('ldap.search_attribute')) 35 + $conf->getProperty(self::KEY_SEARCH_ATTRIBUTE)) 41 36 ->setUsernameAttribute( 42 - PhabricatorEnv::getEnvConfig('ldap.username-attribute')) 37 + $conf->getProperty(self::KEY_USERNAME_ATTRIBUTE)) 43 38 ->setRealNameAttributes( 44 - PhabricatorEnv::getEnvConfig('ldap.real_name_attributes')) 45 - ->setLDAPVersion(PhabricatorEnv::getEnvConfig('ldap.version')) 46 - ->setLDAPReferrals(PhabricatorEnv::getEnvConfig('ldap.referrals')) 47 - ->setLDAPStartTLS(PhabricatorEnv::getEnvConfig('ldap.start-tls')) 39 + $conf->getProperty(self::KEY_REALNAME_ATTRIBUTES, array())) 40 + ->setLDAPVersion( 41 + $conf->getProperty(self::KEY_VERSION)) 42 + ->setLDAPReferrals( 43 + $conf->getProperty(self::KEY_REFERRALS)) 44 + ->setLDAPStartTLS( 45 + $conf->getProperty(self::KEY_START_TLS)) 48 46 ->setAnonymousUsername( 49 - PhabricatorEnv::getEnvConfig('ldap.anonymous-user-name')) 47 + $conf->getProperty(self::KEY_ANONYMOUS_USERNAME)) 50 48 ->setAnonymousPassword( 51 - new PhutilOpaqueEnvelope( 52 - PhabricatorEnv::getEnvConfig('ldap.anonymous-user-password'))) 53 - ->setSearchFirst(PhabricatorEnv::getEnvConfig('ldap.search-first')) 49 + new PhutilOpaqueEnvelope( 50 + $conf->getProperty(self::KEY_ANONYMOUS_PASSWORD))) 51 + ->setSearchFirst( 52 + $conf->getProperty(self::KEY_SEARCH_FIRST)) 54 53 ->setActiveDirectoryDomain( 55 - PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain')); 54 + $conf->getProperty(self::KEY_ACTIVEDIRECTORY_DOMAIN)); 56 55 $this->adapter = $adapter; 57 56 } 58 57 return $this->adapter; ··· 217 216 } 218 217 219 218 public function readFormValuesFromProvider() { 220 - return array( 221 - self::KEY_HOSTNAME => 222 - PhabricatorEnv::getEnvConfig('ldap.hostname'), 223 - self::KEY_PORT => 224 - PhabricatorEnv::getEnvConfig('ldap.port'), 225 - self::KEY_DISTINGUISHED_NAME => 226 - PhabricatorEnv::getEnvConfig('ldap.base_dn'), 227 - self::KEY_SEARCH_ATTRIBUTE => 228 - PhabricatorEnv::getEnvConfig('ldap.search_attribute'), 229 - self::KEY_USERNAME_ATTRIBUTE => 230 - PhabricatorEnv::getEnvConfig('ldap.username-attribute'), 231 - self::KEY_REALNAME_ATTRIBUTES => 232 - PhabricatorEnv::getEnvConfig('ldap.real_name_attributes'), 233 - self::KEY_VERSION => 234 - PhabricatorEnv::getEnvConfig('ldap.version'), 235 - self::KEY_REFERRALS => 236 - PhabricatorEnv::getEnvConfig('ldap.referrals'), 237 - self::KEY_START_TLS => 238 - PhabricatorEnv::getEnvConfig('ldap.start-tls'), 239 - self::KEY_ANONYMOUS_USERNAME => 240 - PhabricatorEnv::getEnvConfig('ldap.anonymous-user-name'), 241 - self::KEY_ANONYMOUS_PASSWORD => 242 - PhabricatorEnv::getEnvConfig('ldap.anonymous-user-password'), 243 - self::KEY_SEARCH_FIRST => 244 - PhabricatorEnv::getEnvConfig('ldap.search-first'), 245 - self::KEY_ACTIVEDIRECTORY_DOMAIN => 246 - PhabricatorEnv::getEnvConfig('ldap.activedirectory_domain'), 247 - ); 219 + $properties = array(); 220 + foreach ($this->getPropertyLabels() as $key => $ignored) { 221 + $properties[$key] = $this->getProviderConfig()->getProperty($key); 222 + } 223 + return $properties; 248 224 } 249 225 250 226 public function readFormValuesFromRequest(AphrontRequest $request) { ··· 252 228 foreach ($this->getPropertyKeys() as $key) { 253 229 switch ($key) { 254 230 case self::KEY_REALNAME_ATTRIBUTES: 255 - $values[$key] = $request->getStrList($key); 231 + $values[$key] = $request->getStrList($key, array()); 256 232 break; 257 233 default: 258 234 $values[$key] = $request->getStr($key); ··· 337 313 ->setName($key) 338 314 ->setLabel($label) 339 315 ->setCaption($caption) 340 - ->setValue(implode(', ', $value)); 316 + ->setValue($value ? implode(', ', $value) : null); 341 317 break; 342 318 case 'password': 343 319 $control = id(new AphrontFormPasswordControl()) ··· 403 379 } 404 380 405 381 return parent::renderConfigPropertyTransactionTitle($xaction); 382 + } 383 + 384 + public static function getLDAPProvider() { 385 + $providers = self::getAllEnabledProviders(); 386 + 387 + foreach ($providers as $provider) { 388 + if ($provider instanceof PhabricatorAuthProviderLDAP) { 389 + return $provider; 390 + } 391 + } 392 + 393 + return null; 406 394 } 407 395 408 396 }
+8 -41
src/applications/auth/provider/PhabricatorAuthProviderOAuth.php
··· 4 4 5 5 protected $adapter; 6 6 7 - abstract protected function getOAuthClientID(); 8 - abstract protected function getOAuthClientSecret(); 9 7 abstract protected function newOAuthAdapter(); 10 8 11 9 public function getDescriptionForCreate() { ··· 21 19 return $this->adapter; 22 20 } 23 21 24 - public function isEnabled() { 25 - if ($this->hasProviderConfig()) { 26 - return parent::isEnabled(); 27 - } 28 - 29 - return parent::isEnabled() && 30 - $this->getOAuthClientID() && 31 - $this->getOAuthClientSecret(); 32 - } 33 - 34 22 protected function configureAdapter(PhutilAuthAdapterOAuth $adapter) { 35 - 36 - if ($this->hasProviderConfig()) { 37 - $config = $this->getProviderConfig(); 38 - $adapter->setClientID($config->getProperty(self::PROPERTY_APP_ID)); 39 - $adapter->setClientSecret( 40 - new PhutilOpaqueEnvelope( 41 - $config->getProperty(self::PROPERTY_APP_SECRET))); 42 - } else { 43 - if ($this->getOAuthClientID()) { 44 - $adapter->setClientID($this->getOAuthClientID()); 45 - } 46 - 47 - if ($this->getOAuthClientSecret()) { 48 - $adapter->setClientSecret($this->getOAuthClientSecret()); 49 - } 50 - } 51 - 23 + $config = $this->getProviderConfig(); 24 + $adapter->setClientID($config->getProperty(self::PROPERTY_APP_ID)); 25 + $adapter->setClientSecret( 26 + new PhutilOpaqueEnvelope( 27 + $config->getProperty(self::PROPERTY_APP_SECRET))); 52 28 $adapter->setRedirectURI($this->getLoginURI()); 53 29 return $adapter; 54 30 } ··· 187 163 const PROPERTY_APP_SECRET = 'oauth:app:secret'; 188 164 189 165 public function readFormValuesFromProvider() { 190 - 191 - if ($this->hasProviderConfig()) { 192 - $config = $this->getProviderConfig(); 193 - $id = $config->getProperty(self::PROPERTY_APP_ID); 194 - $secret = $config->getProperty(self::PROPERTY_APP_SECRET); 195 - } else { 196 - $id = $this->getOAuthClientID(); 197 - $secret = $this->getOAuthClientSecret(); 198 - if ($secret) { 199 - $secret = $secret->openEnvelope(); 200 - } 201 - } 166 + $config = $this->getProviderConfig(); 167 + $id = $config->getProperty(self::PROPERTY_APP_ID); 168 + $secret = $config->getProperty(self::PROPERTY_APP_SECRET); 202 169 203 170 return array( 204 171 self::PROPERTY_APP_ID => $id,
-36
src/applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php
··· 15 15 return 'Disqus'; 16 16 } 17 17 18 - public function isEnabled() { 19 - if ($this->hasProviderConfig()) { 20 - return parent::isEnabled(); 21 - } 22 - 23 - return parent::isEnabled() && 24 - PhabricatorEnv::getEnvConfig('disqus.auth-enabled'); 25 - } 26 - 27 - protected function getOAuthClientID() { 28 - return PhabricatorEnv::getEnvConfig('disqus.application-id'); 29 - } 30 - 31 - protected function getOAuthClientSecret() { 32 - $secret = PhabricatorEnv::getEnvConfig('disqus.application-secret'); 33 - if ($secret) { 34 - return new PhutilOpaqueEnvelope($secret); 35 - } 36 - return null; 37 - } 38 - 39 - public function shouldAllowRegistration() { 40 - if ($this->hasProviderConfig()) { 41 - return parent::shouldAllowRegistration(); 42 - } 43 - return PhabricatorEnv::getEnvConfig('disqus.registration-enabled'); 44 - } 45 - 46 - public function shouldAllowAccountUnlink() { 47 - if ($this->hasProviderConfig()) { 48 - return parent::shouldAllowAccountUnlink(); 49 - } 50 - 51 - return !PhabricatorEnv::getEnvConfig('disqus.auth-permanent'); 52 - } 53 - 54 18 }
+16 -41
src/applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php
··· 15 15 } 16 16 17 17 protected function newOAuthAdapter() { 18 - $secure_only = PhabricatorEnv::getEnvConfig('facebook.require-https-auth'); 18 + $require_secure = $this->getProviderConfig()->getProperty( 19 + self::KEY_REQUIRE_SECURE); 20 + 19 21 return id(new PhutilAuthAdapterOAuthFacebook()) 20 - ->setRequireSecureBrowsing($secure_only); 22 + ->setRequireSecureBrowsing($require_secure); 21 23 } 22 24 23 25 protected function getLoginIcon() { 24 26 return 'Facebook'; 25 27 } 26 28 27 - public function isEnabled() { 28 - if ($this->hasProviderConfig()) { 29 - return parent::isEnabled(); 30 - } 31 - 32 - return parent::isEnabled() && 33 - PhabricatorEnv::getEnvConfig('facebook.auth-enabled'); 34 - } 35 - 36 - protected function getOAuthClientID() { 37 - return PhabricatorEnv::getEnvConfig('facebook.application-id'); 38 - } 39 - 40 - protected function getOAuthClientSecret() { 41 - $secret = PhabricatorEnv::getEnvConfig('facebook.application-secret'); 42 - if ($secret) { 43 - return new PhutilOpaqueEnvelope($secret); 44 - } 45 - return null; 46 - } 47 - 48 - public function shouldAllowRegistration() { 49 - if ($this->hasProviderConfig()) { 50 - return parent::shouldAllowRegistration(); 51 - } 52 - return PhabricatorEnv::getEnvConfig('facebook.registration-enabled'); 53 - } 54 - 55 - public function shouldAllowAccountUnlink() { 56 - if ($this->hasProviderConfig()) { 57 - return parent::shouldAllowAccountUnlink(); 58 - } 59 - return !PhabricatorEnv::getEnvConfig('facebook.auth-permanent'); 60 - } 61 - 62 29 public function readFormValuesFromProvider() { 63 - $require_secure = PhabricatorEnv::getEnvConfig( 64 - 'facebook.require-https-auth'); 65 - 66 - // TODO: When we read from config, default this on for new providers. 30 + $require_secure = $this->getProviderConfig()->getProperty( 31 + self::KEY_REQUIRE_SECURE); 67 32 68 33 return parent::readFormValuesFromProvider() + array( 69 34 self::KEY_REQUIRE_SECURE => $require_secure, ··· 130 95 return parent::renderConfigPropertyTransactionTitle($xaction); 131 96 } 132 97 98 + public static function getFacebookApplicationID() { 99 + $providers = PhabricatorAuthProvider::getAllProviders(); 100 + $fb_provider = idx($providers, 'facebook:facebook.com'); 101 + if (!$fb_provider) { 102 + return null; 103 + } 104 + 105 + return $fb_provider->getProperty( 106 + PhabricatorAuthProviderOAuth::PROPERTY_APP_ID); 107 + } 133 108 134 109 }
-35
src/applications/auth/provider/PhabricatorAuthProviderOAuthGitHub.php
··· 15 15 return 'Github'; 16 16 } 17 17 18 - public function isEnabled() { 19 - if ($this->hasProviderConfig()) { 20 - return parent::isEnabled(); 21 - } 22 - 23 - return parent::isEnabled() && 24 - PhabricatorEnv::getEnvConfig('github.auth-enabled'); 25 - } 26 - 27 - protected function getOAuthClientID() { 28 - return PhabricatorEnv::getEnvConfig('github.application-id'); 29 - } 30 - 31 - protected function getOAuthClientSecret() { 32 - $secret = PhabricatorEnv::getEnvConfig('github.application-secret'); 33 - if ($secret) { 34 - return new PhutilOpaqueEnvelope($secret); 35 - } 36 - return null; 37 - } 38 - 39 - public function shouldAllowRegistration() { 40 - if ($this->hasProviderConfig()) { 41 - return parent::shouldAllowRegistration(); 42 - } 43 - return PhabricatorEnv::getEnvConfig('github.registration-enabled'); 44 - } 45 - 46 - public function shouldAllowAccountUnlink() { 47 - if ($this->hasProviderConfig()) { 48 - return parent::shouldAllowAccountUnlink(); 49 - } 50 - return !PhabricatorEnv::getEnvConfig('github.auth-permanent'); 51 - } 52 - 53 18 }
-34
src/applications/auth/provider/PhabricatorAuthProviderOAuthGoogle.php
··· 15 15 return 'Google'; 16 16 } 17 17 18 - public function isEnabled() { 19 - if ($this->hasProviderConfig()) { 20 - return parent::isEnabled(); 21 - } 22 - return parent::isEnabled() && 23 - PhabricatorEnv::getEnvConfig('google.auth-enabled'); 24 - } 25 - 26 - protected function getOAuthClientID() { 27 - return PhabricatorEnv::getEnvConfig('google.application-id'); 28 - } 29 - 30 - protected function getOAuthClientSecret() { 31 - $secret = PhabricatorEnv::getEnvConfig('google.application-secret'); 32 - if ($secret) { 33 - return new PhutilOpaqueEnvelope($secret); 34 - } 35 - return null; 36 - } 37 - 38 - public function shouldAllowRegistration() { 39 - if ($this->hasProviderConfig()) { 40 - return parent::shouldAllowRegistration(); 41 - } 42 - return PhabricatorEnv::getEnvConfig('google.registration-enabled'); 43 - } 44 - 45 - public function shouldAllowAccountUnlink() { 46 - if ($this->hasProviderConfig()) { 47 - return parent::shouldAllowAccountUnlink(); 48 - } 49 - return !PhabricatorEnv::getEnvConfig('google.auth-permanent'); 50 - } 51 - 52 18 public function getLoginURI() { 53 19 // TODO: Clean this up. See PhabricatorAuthOldOAuthRedirectController. 54 20 return PhabricatorEnv::getURI('/oauth/google/login/');
-9
src/applications/auth/provider/PhabricatorAuthProviderPassword.php
··· 14 14 'Allow users to login or register using a username and password.'); 15 15 } 16 16 17 - public function isEnabled() { 18 - if ($this->hasProviderConfig()) { 19 - return parent::isEnabled(); 20 - } 21 - 22 - return parent::isEnabled() && 23 - PhabricatorEnv::getEnvConfig('auth.password-auth-enabled'); 24 - } 25 - 26 17 public function getAdapter() { 27 18 if (!$this->adapter) { 28 19 $adapter = new PhutilAuthAdapterEmpty();
-37
src/applications/config/check/PhabricatorSetupCheckFacebook.php
··· 1 - <?php 2 - 3 - final class PhabricatorSetupCheckFacebook extends PhabricatorSetupCheck { 4 - 5 - protected function executeChecks() { 6 - $fb_auth = PhabricatorEnv::getEnvConfig('facebook.auth-enabled'); 7 - if (!$fb_auth) { 8 - return; 9 - } 10 - 11 - if (!PhabricatorEnv::getEnvConfig('facebook.application-id')) { 12 - $message = pht( 13 - 'You have enabled Facebook authentication, but have not provided a '. 14 - 'Facebook Application ID. Provide one or disable Facebook '. 15 - 'authentication.'); 16 - 17 - $this->newIssue('config.facebook.application-id') 18 - ->setName(pht("Facebook Application ID Not Set")) 19 - ->setMessage($message) 20 - ->addRelatedPhabricatorConfig('facebook.auth-enabled') 21 - ->addPhabricatorConfig('facebook.application-id'); 22 - } 23 - 24 - if (!PhabricatorEnv::getEnvConfig('facebook.application-secret')) { 25 - $message = pht( 26 - 'You have enabled Facebook authentication, but have not provided a '. 27 - 'Facebook Application Secret. Provide one or disable Facebook '. 28 - 'authentication.'); 29 - 30 - $this->newIssue('config.facebook.application-secret') 31 - ->setName(pht("Facebook Application Secret Not Set")) 32 - ->setMessage($message) 33 - ->addRelatedPhabricatorConfig('facebook.auth-enabled') 34 - ->addPhabricatorConfig('facebook.application-secret'); 35 - } 36 - } 37 - }
-38
src/applications/config/option/PhabricatorDisqusConfigOptions.php
··· 13 13 14 14 public function getOptions() { 15 15 return array( 16 - $this->newOption('disqus.auth-enabled', 'bool', false) 17 - ->setBoolOptions( 18 - array( 19 - pht("Enable Disqus Authentication"), 20 - pht("Disable Disqus Authentication"), 21 - )) 22 - ->setDescription( 23 - pht( 24 - 'Allow users to login to Phabricator using Disqus credentials.')), 25 - $this->newOption('disqus.registration-enabled', 'bool', true) 26 - ->setBoolOptions( 27 - array( 28 - pht("Enable Disqus Registration"), 29 - pht("Disable Disqus Registration"), 30 - )) 31 - ->setDescription( 32 - pht( 33 - 'Allow users to create new Phabricator accounts using Disqus '. 34 - 'credentials.')), 35 - $this->newOption('disqus.auth-permanent', 'bool', false) 36 - ->setBoolOptions( 37 - array( 38 - pht("Permanently Bind Disqus Accounts"), 39 - pht("Allow Disqus Account Unlinking"), 40 - )) 41 - ->setDescription( 42 - pht( 43 - 'Are Phabricator accounts permanently bound to Disqus '. 44 - 'accounts?')), 45 - $this->newOption('disqus.application-id', 'string', null) 46 - ->setDescription( 47 - pht( 48 - 'Disqus "Client ID" to use for Disqus API access.')), 49 - $this->newOption('disqus.application-secret', 'string', null) 50 - ->setMasked(true) 51 - ->setDescription( 52 - pht( 53 - 'Disqus "Secret" to use for Diqsus API access.')), 54 16 $this->newOption('disqus.shortname', 'string', null) 55 17 ->setSummary(pht("Shortname for Disqus comment widget.")) 56 18 ->setDescription(
-76
src/applications/config/option/PhabricatorFacebookConfigOptions.php
··· 1 - <?php 2 - 3 - final class PhabricatorFacebookConfigOptions 4 - extends PhabricatorApplicationConfigOptions { 5 - 6 - public function getName() { 7 - return pht("Integration with Facebook"); 8 - } 9 - 10 - public function getDescription() { 11 - return pht("Facebook authentication and integration options."); 12 - } 13 - 14 - public function getOptions() { 15 - return array( 16 - $this->newOption('facebook.auth-enabled', 'bool', false) 17 - ->setBoolOptions( 18 - array( 19 - pht("Enable Facebook Authentication"), 20 - pht("Disable Facebook Authentication"), 21 - )) 22 - ->setDescription( 23 - pht( 24 - 'Allow users to login to Phabricator using Facebook credentials.')), 25 - $this->newOption('facebook.registration-enabled', 'bool', true) 26 - ->setBoolOptions( 27 - array( 28 - pht("Enable Facebook Registration"), 29 - pht("Disable Facebook Registration"), 30 - )) 31 - ->setDescription( 32 - pht( 33 - 'Allow users to create new Phabricator accounts using Facebook '. 34 - 'credentials.')), 35 - $this->newOption('facebook.auth-permanent', 'bool', false) 36 - ->setBoolOptions( 37 - array( 38 - pht("Permanently Bind Facebook Accounts"), 39 - pht("Allow Facebook Account Unlinking"), 40 - )) 41 - ->setDescription( 42 - pht( 43 - 'Are Phabricator accounts permanently bound to Facebook '. 44 - 'accounts?')), 45 - $this->newOption('facebook.application-id', 'string', null) 46 - ->setDescription( 47 - pht( 48 - 'Facebook "Application ID" to use for Facebook API access.')), 49 - $this->newOption('facebook.application-secret', 'string', null) 50 - ->setMasked(true) 51 - ->setDescription( 52 - pht( 53 - 'Facebook "Application Secret" to use for Facebook API access.')), 54 - $this->newOption('facebook.require-https-auth', 'bool', false) 55 - ->setBoolOptions( 56 - array( 57 - pht("Require HTTPS"), 58 - pht("Do Not Require HTTPS"), 59 - )) 60 - ->setSummary( 61 - pht( 62 - 'Reject Facebook logins from accounts that do not have Facebook '. 63 - 'configured in HTTPS-only mode.')) 64 - ->setDescription( 65 - pht( 66 - 'You can require users logging in via Facebook auth have Facebook '. 67 - 'set to HTTPS-only, which ensures their Facebook cookies are '. 68 - 'SSL-only. This makes it more difficult for an attacker to '. 69 - 'escalate a cookie-sniffing attack which captures Facebook '. 70 - 'credentials into Phabricator access, but will require users '. 71 - 'change their Facebook settings if they do not have this mode '. 72 - 'enabled.')), 73 - ); 74 - } 75 - 76 - }
-57
src/applications/config/option/PhabricatorGitHubConfigOptions.php
··· 1 - <?php 2 - 3 - final class PhabricatorGitHubConfigOptions 4 - extends PhabricatorApplicationConfigOptions { 5 - 6 - public function getName() { 7 - return pht("Integration with GitHub"); 8 - } 9 - 10 - public function getDescription() { 11 - return pht("GitHub authentication and integration options."); 12 - } 13 - 14 - public function getOptions() { 15 - return array( 16 - $this->newOption('github.auth-enabled', 'bool', false) 17 - ->setBoolOptions( 18 - array( 19 - pht("Enable GitHub Authentication"), 20 - pht("Disable GitHub Authentication"), 21 - )) 22 - ->setDescription( 23 - pht( 24 - 'Allow users to login to Phabricator using GitHub credentials.')), 25 - $this->newOption('github.registration-enabled', 'bool', true) 26 - ->setBoolOptions( 27 - array( 28 - pht("Enable GitHub Registration"), 29 - pht("Disable GitHub Registration"), 30 - )) 31 - ->setDescription( 32 - pht( 33 - 'Allow users to create new Phabricator accounts using GitHub '. 34 - 'credentials.')), 35 - $this->newOption('github.auth-permanent', 'bool', false) 36 - ->setBoolOptions( 37 - array( 38 - pht("Permanently Bind GitHub Accounts"), 39 - pht("Allow GitHub Account Unlinking"), 40 - )) 41 - ->setDescription( 42 - pht( 43 - 'Are Phabricator accounts permanently bound to GitHub '. 44 - 'accounts?')), 45 - $this->newOption('github.application-id', 'string', null) 46 - ->setDescription( 47 - pht( 48 - 'GitHub "Client ID" to use for GitHub API access.')), 49 - $this->newOption('github.application-secret', 'string', null) 50 - ->setMasked(true) 51 - ->setDescription( 52 - pht( 53 - 'GitHub "Secret" to use for GitHub API access.')), 54 - ); 55 - } 56 - 57 - }
-57
src/applications/config/option/PhabricatorGoogleConfigOptions.php
··· 1 - <?php 2 - 3 - final class PhabricatorGoogleConfigOptions 4 - extends PhabricatorApplicationConfigOptions { 5 - 6 - public function getName() { 7 - return pht("Integration with Google"); 8 - } 9 - 10 - public function getDescription() { 11 - return pht("Google authentication and integration options."); 12 - } 13 - 14 - public function getOptions() { 15 - return array( 16 - $this->newOption('google.auth-enabled', 'bool', false) 17 - ->setBoolOptions( 18 - array( 19 - pht("Enable Google Authentication"), 20 - pht("Disable Google Authentication"), 21 - )) 22 - ->setDescription( 23 - pht( 24 - 'Allow users to login to Phabricator using Google credentials.')), 25 - $this->newOption('google.registration-enabled', 'bool', true) 26 - ->setBoolOptions( 27 - array( 28 - pht("Enable Google Registration"), 29 - pht("Disable Google Registration"), 30 - )) 31 - ->setDescription( 32 - pht( 33 - 'Allow users to create new Phabricator accounts using Google '. 34 - 'credentials.')), 35 - $this->newOption('google.auth-permanent', 'bool', false) 36 - ->setBoolOptions( 37 - array( 38 - pht("Permanently Bind Google Accounts"), 39 - pht("Allow Google Account Unlinking"), 40 - )) 41 - ->setDescription( 42 - pht( 43 - 'Are Phabricator accounts permanently bound to Google '. 44 - 'accounts?')), 45 - $this->newOption('google.application-id', 'string', null) 46 - ->setDescription( 47 - pht( 48 - 'Google "Client ID" to use for Google API access.')), 49 - $this->newOption('google.application-secret', 'string', null) 50 - ->setMasked(true) 51 - ->setDescription( 52 - pht( 53 - 'Google "Secret" to use for Google API access.')), 54 - ); 55 - } 56 - 57 - }
-76
src/applications/config/option/PhabricatorLDAPConfigOptions.php
··· 1 - <?php 2 - 3 - final class PhabricatorLDAPConfigOptions 4 - extends PhabricatorApplicationConfigOptions { 5 - 6 - public function getName() { 7 - return pht("Integration with LDAP"); 8 - } 9 - 10 - public function getDescription() { 11 - return pht("LDAP authentication and integration options."); 12 - } 13 - 14 - public function getOptions() { 15 - return array( 16 - $this->newOption('ldap.auth-enabled', 'bool', false) 17 - ->setBoolOptions( 18 - array( 19 - pht("Enable LDAP Authentication"), 20 - pht("Disable LDAP Authentication"), 21 - )) 22 - ->setDescription( 23 - pht('Enable LDAP for authentication and registration.')), 24 - $this->newOption('ldap.hostname', 'string', null) 25 - ->setDescription(pht('LDAP server host name.')), 26 - $this->newOption('ldap.port', 'int', 389) 27 - ->setDescription(pht('LDAP server port.')), 28 - $this->newOption('ldap.anonymous-user-name', 'string', null) 29 - ->setDescription( 30 - pht('Username to login to LDAP server with.')), 31 - $this->newOption('ldap.anonymous-user-password', 'string', null) 32 - ->setMasked(true) 33 - ->setDescription( 34 - pht('Password to login to LDAP server with.')), 35 - 36 - // TODO: I have only a vague understanding of what these options do; 37 - // improve the documentation here and provide examples. 38 - 39 - $this->newOption('ldap.base_dn', 'string', null) 40 - ->setDescription(pht('LDAP base domain name.')), 41 - $this->newOption('ldap.search_attribute', 'string', null), 42 - $this->newOption('ldap.search-first', 'bool', false) 43 - ->setBoolOptions( 44 - array( 45 - pht("Enabled"), 46 - pht("Disabled"), 47 - )), 48 - $this->newOption('ldap.username-attribute', 'string', null), 49 - $this->newOption('ldap.real_name_attributes', 'list<string>', array()) 50 - ->setDescription( 51 - pht( 52 - "Attribute or attributes to use as the user's real name. If ". 53 - "multiple attributes are provided, they will be joined with ". 54 - "spaces.")), 55 - $this->newOption('ldap.activedirectory_domain', 'string', null), 56 - $this->newOption('ldap.version', 'int', 3), 57 - $this->newOption('ldap.referrals', 'bool', true) 58 - ->setBoolOptions( 59 - array( 60 - pht("Follow referrals"), 61 - pht("Do not follow referrals"), 62 - )) 63 - ->setDescription( 64 - pht("You may need to disable this if you use Windows 2003 ". 65 - "Active Directory.")), 66 - $this->newOption('ldap.start-tls', 'bool', false) 67 - ->setBoolOptions( 68 - array( 69 - pht("Use STARTTLS"), 70 - pht("Do not use STARTTLS"), 71 - )) 72 - ->setDescription(pht("Should LDAP use STARTTLS?")) 73 - ); 74 - } 75 - 76 - }
-53
src/applications/config/option/PhabricatorPhabricatorOAuthConfigOptions.php
··· 1 - <?php 2 - 3 - final class PhabricatorPhabricatorOAuthConfigOptions 4 - extends PhabricatorApplicationConfigOptions { 5 - 6 - public function getName() { 7 - return pht("Phabricator OAuth"); 8 - } 9 - 10 - public function getDescription() { 11 - return pht("Configure Phabricator's OAuth provider."); 12 - } 13 - 14 - public function getOptions() { 15 - return array( 16 - $this->newOption('phabricator.oauth-uri', 'string', null) 17 - ->setDescription( 18 - pht( 19 - "The URI of the Phabricator instance to use as an OAuth server.")) 20 - ->addExample('https://phabricator.example.com/', pht('Valid Setting')), 21 - $this->newOption('phabricator.auth-enabled', 'bool', false) 22 - ->setDescription( 23 - pht( 24 - "Can users use Phabricator credentials to login to Phabricator?")), 25 - $this->newOption('phabricator.registration-enabled', 'bool', true) 26 - ->setDescription( 27 - pht( 28 - "Can users use Phabricator credentials to create new Phabricator ". 29 - "accounts?")), 30 - $this->newOption('phabricator.auth-permanent', 'bool', false) 31 - ->setBoolOptions( 32 - array( 33 - pht("Permanent"), 34 - pht("Able to be unlinked"), 35 - )) 36 - ->setDescription( 37 - pht( 38 - "Are Phabricator accounts permanently linked to Phabricator ". 39 - "accounts, or can the user unlink them?")), 40 - $this->newOption('phabricator.application-id', 'string', null) 41 - ->setDescription( 42 - pht( 43 - "The Phabricator 'Client ID' to use for Phabricator API access.")), 44 - $this->newOption('phabricator.application-secret', 'string', null) 45 - ->setMasked(true) 46 - ->setDescription( 47 - pht( 48 - "The Phabricator 'Client Secret' to use for Phabricator API ". 49 - "access.")), 50 - ); 51 - } 52 - 53 - }
+1 -1
src/applications/people/controller/PhabricatorPeopleController.php
··· 18 18 19 19 if ($viewer->getIsAdmin()) { 20 20 $nav->addLabel(pht('User Administration')); 21 - if (PhabricatorEnv::getEnvConfig('ldap.auth-enabled') === true) { 21 + if (PhabricatorAuthProviderLDAP::getLDAPProvider()) { 22 22 $nav->addFilter('ldap', pht('Import from LDAP')); 23 23 } 24 24
+50 -35
src/applications/people/controller/PhabricatorPeopleLdapController.php
··· 129 129 130 130 private function processSearchRequest($request) { 131 131 $panel = new AphrontPanelView(); 132 + $admin = $request->getUser(); 132 133 133 - $admin = $request->getUser(); 134 + $search = $request->getStr('query'); 135 + 136 + $ldap_provider = PhabricatorAuthProviderLDAP::getLDAPProvider(); 137 + if (!$ldap_provider) { 138 + throw new Exception("No LDAP provider enabled!"); 139 + } 134 140 135 - $username = $request->getStr('username'); 136 - $password = $request->getStr('password'); 137 - $search = $request->getStr('query'); 141 + $ldap_adapter = $ldap_provider->getAdapter(); 142 + $ldap_adapter->setLoginUsername($request->getStr('username')); 143 + $ldap_adapter->setLoginPassword( 144 + new PhutilOpaqueEnvelope($request->getStr('password'))); 145 + 146 + // This causes us to connect and bind. 147 + // TODO: Clean up this discard mode stuff. 148 + DarkConsoleErrorLogPluginAPI::enableDiscardMode(); 149 + $ldap_adapter->getAccountID(); 150 + DarkConsoleErrorLogPluginAPI::disableDiscardMode(); 151 + 152 + $results = $ldap_adapter->searchLDAP('%Q', $search); 138 153 139 - try { 140 - $ldap_provider = new PhabricatorLDAPProvider(); 141 - $envelope = new PhutilOpaqueEnvelope($password); 142 - $ldap_provider->auth($username, $envelope); 143 - $results = $ldap_provider->search($search); 144 - foreach ($results as $key => $result) { 145 - $results[$key][] = $this->renderUserInputs($result); 154 + foreach ($results as $key => $record) { 155 + $account_id = $ldap_adapter->readLDAPRecordAccountID($record); 156 + if (!$account_id) { 157 + unset($results[$key]); 158 + continue; 146 159 } 147 160 148 - $form = id(new AphrontFormView()) 149 - ->setUser($admin); 161 + $info = array( 162 + $account_id, 163 + $ldap_adapter->readLDAPRecordEmail($record), 164 + $ldap_adapter->readLDAPRecordRealName($record), 165 + ); 166 + $results[$key] = $info; 167 + $results[$key][] = $this->renderUserInputs($info); 168 + } 150 169 151 - $table = new AphrontTableView($results); 152 - $table->setHeaders( 153 - array( 154 - pht('Username'), 155 - pht('Email'), 156 - pht('Real Name'), 157 - pht('Import?'), 158 - )); 159 - $form->appendChild($table); 160 - $form->setAction($request->getRequestURI() 161 - ->alter('import', 'true')->alter('search', null)) 162 - ->appendChild( 163 - id(new AphrontFormSubmitControl()) 164 - ->setValue(pht('Import'))); 170 + $form = id(new AphrontFormView()) 171 + ->setUser($admin); 165 172 173 + $table = new AphrontTableView($results); 174 + $table->setHeaders( 175 + array( 176 + pht('Username'), 177 + pht('Email'), 178 + pht('Real Name'), 179 + pht('Import?'), 180 + )); 181 + $form->appendChild($table); 182 + $form->setAction($request->getRequestURI() 183 + ->alter('import', 'true')->alter('search', null)) 184 + ->appendChild( 185 + id(new AphrontFormSubmitControl()) 186 + ->setValue(pht('Import'))); 166 187 167 - $panel->appendChild($form); 168 - } catch (Exception $ex) { 169 - $error_view = new AphrontErrorView(); 170 - $error_view->setTitle(pht('LDAP Search Failed')); 171 - $error_view->setErrors(array($ex->getMessage())); 172 - return $error_view; 173 - } 188 + $panel->appendChild($form); 189 + 174 190 return $panel; 175 - 176 191 } 177 192 178 193 private function renderUserInputs($user) {
+1 -1
src/applications/phame/storage/PhamePost.php
··· 96 96 $options = array(); 97 97 98 98 if ($current == 'facebook' || 99 - PhabricatorEnv::getEnvConfig('facebook.application-id')) { 99 + PhabricatorAuthProviderOAuthFacebook::getFacebookApplicationID()) { 100 100 $options['facebook'] = 'Facebook'; 101 101 } 102 102 if ($current == 'disqus' ||
+1 -1
src/applications/phame/view/PhamePostView.php
··· 150 150 } 151 151 152 152 private function renderFacebookComments() { 153 - $fb_id = PhabricatorEnv::getEnvConfig('facebook.application-id'); 153 + $fb_id = PhabricatorAuthProviderOAuthFacebook::getFacebookApplicationID(); 154 154 if (!$fb_id) { 155 155 return null; 156 156 }
+17
src/infrastructure/env/PhabricatorEnv.php
··· 248 248 249 249 250 250 /** 251 + * Get the current configuration setting for a given key. If the key 252 + * does not exist, return a default value instead of throwing. This is 253 + * primarily useful for migrations involving keys which are slated for 254 + * removal. 255 + * 256 + * @task read 257 + */ 258 + public static function getEnvConfigIfExists($key, $default = null) { 259 + try { 260 + return self::getEnvConfig($key); 261 + } catch (Exception $ex) { 262 + return $default; 263 + } 264 + } 265 + 266 + 267 + /** 251 268 * Get the fully-qualified URI for a path. 252 269 * 253 270 * @task read
+4
src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php
··· 1374 1374 'type' => 'sql', 1375 1375 'name' => $this->getPatchPath('20130613.authdb.sql'), 1376 1376 ), 1377 + '20130619.authconf.php' => array( 1378 + 'type' => 'php', 1379 + 'name' => $this->getPatchPath('20130619.authconf.php'), 1380 + ), 1377 1381 ); 1378 1382 } 1379 1383 }