recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Reduce severity of auth provider warning

Summary:
Ref T7208. Now that we have approvals (new installs are safe by default), take those into account when generating this warning.

Try to soften the warning to cover the case discussed in T7208, hopefully without requiring additional measures.

Test Plan:
{F286014}

{F286015}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7208

Differential Revision: https://secure.phabricator.com/D11708

epriestley 8c568d88 272ce408

+71 -26
+58 -26
src/applications/auth/controller/config/PhabricatorAuthListController.php
··· 92 92 $crumbs = $this->buildApplicationCrumbs(); 93 93 $crumbs->addTextCrumb(pht('Auth Providers')); 94 94 95 - $config_name = 'auth.email-domains'; 96 - $config_href = '/config/edit/'.$config_name.'/'; 97 - $config_link = phutil_tag( 98 - 'a', 99 - array( 100 - 'href' => $config_href, 101 - 'target' => '_blank', 102 - ), 103 - $config_name); 95 + $domains_key = 'auth.email-domains'; 96 + $domains_link = $this->renderConfigLink($domains_key); 97 + $domains_value = PhabricatorEnv::getEnvConfig($domains_key); 104 98 105 - $warning = new PHUIErrorView(); 99 + $approval_key = 'auth.require-approval'; 100 + $approval_link = $this->renderConfigLink($approval_key); 101 + $approval_value = PhabricatorEnv::getEnvConfig($approval_key); 106 102 107 - $email_domains = PhabricatorEnv::getEnvConfig($config_name); 108 - if ($email_domains) { 109 - $warning->setSeverity(PHUIErrorView::SEVERITY_NOTICE); 110 - $warning->appendChild( 111 - pht( 112 - 'Only users with a verified email address at one of the %s domains '. 113 - 'will be able to register a Phabricator account: %s', 114 - $config_link, 115 - phutil_tag('strong', array(), implode(', ', $email_domains)))); 103 + $issues = array(); 104 + if ($domains_value) { 105 + $issues[] = pht( 106 + 'Phabricator is configured with an email domain whitelist (in %s), so '. 107 + 'only users with a verified email address at one of these %s '. 108 + 'allowed domain(s) will be able to register an account: %s', 109 + $domains_link, 110 + new PhutilNumber(count($domains_value)), 111 + phutil_tag('strong', array(), implode(', ', $domains_value))); 116 112 } else { 117 - $warning->setSeverity(PHUIErrorView::SEVERITY_WARNING); 118 - $warning->appendChild( 119 - pht( 120 - 'Anyone who can browse to this Phabricator install will be able to '. 121 - 'register an account. To restrict who can register an account, '. 122 - 'configure %s.', 123 - $config_link)); 113 + $issues[] = pht( 114 + 'Anyone who can browse to this Phabricator install will be able to '. 115 + 'register an account. To add email domain restrictions, configure '. 116 + '%s.', 117 + $domains_link); 124 118 } 125 119 120 + if ($approval_value) { 121 + $issues[] = pht( 122 + 'Administrative approvals are enabled (in %s), so all new users must '. 123 + 'have their accounts approved by an administrator.', 124 + $approval_link); 125 + } else { 126 + $issues[] = pht( 127 + 'Administrative approvals are disabled, so users who register will '. 128 + 'be able to use their accounts immediately. To enable approvals, '. 129 + 'configure %s.', 130 + $approval_link); 131 + } 132 + 133 + if (!$domains_value && !$approval_value) { 134 + $severity = PHUIErrorView::SEVERITY_WARNING; 135 + $issues[] = pht( 136 + 'You can safely ignore this warning if the install itself has '. 137 + 'access controls (for example, it is deployed on a VPN) or if all of '. 138 + 'the configured providers have access controls (for example, they are '. 139 + 'all private LDAP or OAuth servers).'); 140 + } else { 141 + $severity = PHUIErrorView::SEVERITY_NOTICE; 142 + } 143 + 144 + $warning = id(new PHUIErrorView()) 145 + ->setSeverity($severity) 146 + ->setErrors($issues); 147 + 126 148 $image = id(new PHUIIconView()) 127 149 ->setIconFont('fa-plus'); 128 150 $button = id(new PHUIButtonView()) ··· 150 172 array( 151 173 'title' => pht('Authentication Providers'), 152 174 )); 175 + } 176 + 177 + private function renderConfigLink($key) { 178 + return phutil_tag( 179 + 'a', 180 + array( 181 + 'href' => '/config/edit/'.$key.'/', 182 + 'target' => '_blank', 183 + ), 184 + $key); 153 185 } 154 186 155 187 }
+13
src/infrastructure/internationalization/translation/PhabricatorBaseEnglishTranslation.php
··· 911 911 'The configurations differ:', 912 912 'The configurations differ in these ways:', 913 913 ), 914 + 915 + 'Phabricator is configured with an email domain whitelist (in %s), so '. 916 + 'only users with a verified email address at one of these %s '. 917 + 'allowed domain(s) will be able to register an account: %s' => array( 918 + array( 919 + 'Phabricator is configured with an email domain whitelist (in %s), '. 920 + 'so only users with a verified email address at %3$s will be '. 921 + 'allowed to register an account.', 922 + 'Phabricator is configured with an email domain whitelist (in %s), '. 923 + 'so only users with a verified email address at one of these '. 924 + 'allowed domains will be able to register an account: %3$s', 925 + ), 926 + ), 914 927 ); 915 928 } 916 929