@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Add storage for Auth configuration in preparation for moving it into a web interface
Summary:
Ref T1536. Currently, we have about 40 auth-related configuration options. This is already roughly 20% of our config, and we want to add more providers. Additionally, we want to turn some of these auth options into multi-auth options (e.g., allow multiple Phabricator OAuth installs, or, theoretically multiple LDAP servers).
I'm going to move this into a separate "Auth" tool with a minimal CLI (`bin/auth`) interface and a more full web interface. Roughly:
- Administrators will use the app to manage authentication providers.
- The `bin/auth` CLI will provide a safety hatch if you lock yourself out by disabling all usable providers somehow.
- We'll migrate existing configuration into the app and remove it.
General goals:
- Make it much easier to configure authentication by providing an interface for it.
- Make it easier to configure everything else by reducing the total number of available options.
Test Plan: Ran storage upgrade.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T1536
Differential Revision: https://secure.phabricator.com/D6196
+128
+40
resources/sql/patches/20130613.authdb.sql
+40
resources/sql/patches/20130613.authdb.sql
···
1
+
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfig (
2
+
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
3
+
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
4
+
providerClass VARCHAR(128) NOT NULL COLLATE utf8_bin,
5
+
providerType VARCHAR(64) NOT NULL COLLATE utf8_bin,
6
+
providerDomain VARCHAR(128) NOT NULL COLLATE utf8_bin,
7
+
isEnabled BOOL NOT NULL,
8
+
shouldAllowLogin BOOL NOT NULL,
9
+
shouldAllowRegistration BOOL NOT NULL,
10
+
shouldAllowLink BOOL NOT NULL,
11
+
shouldAllowUnlink BOOL NOT NULL,
12
+
properties LONGTEXT NOT NULL COLLATE utf8_bin,
13
+
dateCreated INT UNSIGNED NOT NULL,
14
+
dateModified INT UNSIGNED NOT NULL,
15
+
UNIQUE KEY `key_phid` (phid),
16
+
KEY `key_class` (providerClass),
17
+
UNIQUE KEY `key_provider` (providerType, providerDomain)
18
+
) ENGINE=InnoDB, COLLATE utf8_general_ci;
19
+
20
+
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfigtransaction (
21
+
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
22
+
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
23
+
authorPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
24
+
objectPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
25
+
viewPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
26
+
editPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
27
+
commentPHID VARCHAR(64) COLLATE utf8_bin,
28
+
commentVersion INT UNSIGNED NOT NULL,
29
+
transactionType VARCHAR(32) NOT NULL COLLATE utf8_bin,
30
+
oldValue LONGTEXT NOT NULL COLLATE utf8_bin,
31
+
newValue LONGTEXT NOT NULL COLLATE utf8_bin,
32
+
metadata LONGTEXT NOT NULL COLLATE utf8_bin,
33
+
contentSource LONGTEXT NOT NULL COLLATE utf8_bin,
34
+
dateCreated INT UNSIGNED NOT NULL,
35
+
dateModified INT UNSIGNED NOT NULL,
36
+
37
+
UNIQUE KEY `key_phid` (phid),
38
+
KEY `key_object` (objectPHID)
39
+
40
+
) ENGINE=InnoDB, COLLATE utf8_general_ci;
+6
src/__phutil_library_map__.php
+6
src/__phutil_library_map__.php
···
817
817
'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php',
818
818
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
819
819
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
820
+
'PhabricatorAuthDAO' => 'applications/auth/storage/PhabricatorAuthDAO.php',
820
821
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
821
822
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
822
823
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
824
+
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
825
+
'PhabricatorAuthProviderConfigTransaction' => 'applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php',
823
826
'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php',
824
827
'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php',
825
828
'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php',
···
2682
2685
'PhabricatorAuthAccountView' => 'AphrontView',
2683
2686
'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController',
2684
2687
'PhabricatorAuthController' => 'PhabricatorController',
2688
+
'PhabricatorAuthDAO' => 'PhabricatorLiskDAO',
2685
2689
'PhabricatorAuthLinkController' => 'PhabricatorAuthController',
2686
2690
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
2691
+
'PhabricatorAuthProviderConfig' => 'PhabricatorAuthDAO',
2692
+
'PhabricatorAuthProviderConfigTransaction' => 'PhabricatorApplicationTransaction',
2687
2693
'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider',
2688
2694
'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider',
2689
2695
'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth',
+9
src/applications/auth/storage/PhabricatorAuthDAO.php
+9
src/applications/auth/storage/PhabricatorAuthDAO.php
+41
src/applications/auth/storage/PhabricatorAuthProviderConfig.php
+41
src/applications/auth/storage/PhabricatorAuthProviderConfig.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthProviderConfig extends PhabricatorAuthDAO {
4
+
5
+
protected $phid;
6
+
protected $providerClass;
7
+
protected $providerType;
8
+
protected $providerDomain;
9
+
10
+
protected $isEnabled = 0;
11
+
protected $shouldAllowLogin = 0;
12
+
protected $shouldAllowRegistration = 0;
13
+
protected $shouldAllowLink = 0;
14
+
protected $shouldAllowUnlink = 0;
15
+
16
+
protected $properties = array();
17
+
18
+
public function generatePHID() {
19
+
return PhabricatorPHID::generateNewPHID(
20
+
PhabricatorPHIDConstants::PHID_TYPE_AUTH);
21
+
}
22
+
23
+
public function getConfiguration() {
24
+
return array(
25
+
self::CONFIG_SERIALIZATION => array(
26
+
'properties' => self::SERIALIZATION_JSON,
27
+
),
28
+
) + parent::getConfiguration();
29
+
}
30
+
31
+
public function getProperty($key, $default = null) {
32
+
return idx($this->properties, $key, $default);
33
+
}
34
+
35
+
public function setProperty($key, $value) {
36
+
$this->properties[$key] = $value;
37
+
return $this;
38
+
}
39
+
40
+
41
+
}
+23
src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
+23
src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
···
1
+
<?php
2
+
3
+
final class PhabricatorAuthProviderConfigTransaction
4
+
extends PhabricatorApplicationTransaction {
5
+
6
+
public function getApplicationName() {
7
+
return 'auth';
8
+
}
9
+
10
+
public function getApplicationTransactionType() {
11
+
return PhabricatorPHIDConstants::PHID_TYPE_AUTH;
12
+
}
13
+
14
+
public function getApplicationTransactionCommentObject() {
15
+
return null;
16
+
}
17
+
18
+
public function getApplicationObjectTypeName() {
19
+
return pht('authentication provider');
20
+
}
21
+
22
+
}
23
+
+1
src/applications/phid/PhabricatorPHIDConstants.php
+1
src/applications/phid/PhabricatorPHIDConstants.php
+8
src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php
+8
src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php
···
191
191
'type' => 'db',
192
192
'name' => 'diviner',
193
193
),
194
+
'db.auth' => array(
195
+
'type' => 'db',
196
+
'name' => 'auth',
197
+
),
194
198
'0000.legacy.sql' => array(
195
199
'type' => 'sql',
196
200
'name' => $this->getPatchPath('0000.legacy.sql'),
···
1365
1369
'20130611.nukeldap.php' => array(
1366
1370
'type' => 'php',
1367
1371
'name' => $this->getPatchPath('20130611.nukeldap.php'),
1372
+
),
1373
+
'20130613.authdb.sql' => array(
1374
+
'type' => 'sql',
1375
+
'name' => $this->getPatchPath('20130613.authdb.sql'),
1368
1376
),
1369
1377
);
1370
1378
}