@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Implement an approval queue

Summary:
- Add an option for the queue.
- By default, enable it.
- Dump new users into the queue.
- Send admins an email to approve them.

Test Plan:
- Registered new accounts with queue on and off.
- As an admin, approved accounts and disabled the queue from email.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7576

+101 -16
+1
scripts/user/account_admin.php
··· 181 181 $editor->createNewUser($user, $email); 182 182 } else { 183 183 if ($verify_email) { 184 + $user->setIsEmailVerified(1); 184 185 $verify_email->setIsVerified($set_verified ? 1 : 0); 185 186 } 186 187 $editor->updateUser($user, $verify_email);
+1
scripts/user/add_user.php
··· 42 42 $user = new PhabricatorUser(); 43 43 $user->setUsername($username); 44 44 $user->setRealname($realname); 45 + $user->setIsApproved(1); 45 46 46 47 $email_object = id(new PhabricatorUserEmail()) 47 48 ->setAddress($email)
+56
src/applications/auth/controller/PhabricatorAuthRegisterController.php
··· 232 232 $user->setUsername($value_username); 233 233 $user->setRealname($value_realname); 234 234 235 + if ($is_setup) { 236 + $must_approve = false; 237 + } else { 238 + $must_approve = PhabricatorEnv::getEnvConfig( 239 + 'auth.require-approval'); 240 + } 241 + 242 + if ($must_approve) { 243 + $user->setIsApproved(0); 244 + } else { 245 + $user->setIsApproved(1); 246 + } 247 + 235 248 $user->openTransaction(); 236 249 237 250 $editor = id(new PhabricatorUserEditor()) ··· 255 268 256 269 if (!$email_obj->getIsVerified()) { 257 270 $email_obj->sendVerificationEmail($user); 271 + } 272 + 273 + if ($must_approve) { 274 + $this->sendWaitingForApprovalEmail($user); 258 275 } 259 276 260 277 return $this->loginUser($user); ··· 504 521 return $this->renderErrorPage( 505 522 pht('Registration Failed'), 506 523 array($message)); 524 + } 525 + 526 + private function sendWaitingForApprovalEmail(PhabricatorUser $user) { 527 + $title = '[Phabricator] '.pht( 528 + 'New User "%s" Awaiting Approval', 529 + $user->getUsername()); 530 + 531 + $body = new PhabricatorMetaMTAMailBody(); 532 + 533 + $body->addRawSection( 534 + pht( 535 + 'Newly registered user "%s" is awaiting account approval by an '. 536 + 'administrator.', 537 + $user->getUsername())); 538 + 539 + $body->addTextSection( 540 + pht('APPROVAL QUEUE'), 541 + PhabricatorEnv::getProductionURI( 542 + '/people/query/approval/')); 543 + 544 + $body->addTextSection( 545 + pht('DISABLE APPROVAL QUEUE'), 546 + PhabricatorEnv::getProductionURI( 547 + '/config/edit/auth.require-approval/')); 548 + 549 + $admins = id(new PhabricatorPeopleQuery()) 550 + ->setViewer(PhabricatorUser::getOmnipotentUser()) 551 + ->withIsAdmin(true) 552 + ->execute(); 553 + 554 + if (!$admins) { 555 + return; 556 + } 557 + 558 + $mail = id(new PhabricatorMetaMTAMail()) 559 + ->addTos(mpull($admins, 'getPHID')) 560 + ->setSubject($title) 561 + ->setBody($body->render()) 562 + ->saveAndSend(); 507 563 } 508 564 509 565 }
+1 -1
src/applications/config/controller/PhabricatorConfigEditController.php
··· 490 490 491 491 $table[] = phutil_tag('tr', array(), array( 492 492 phutil_tag('th', array(), $description), 493 - phutil_tag('th', array(), $value), 493 + phutil_tag('td', array(), $value), 494 494 )); 495 495 } 496 496
+36 -13
src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
··· 21 21 "Maximum number of simultaneous web sessions each user is ". 22 22 "permitted to have. Setting this to '1' will prevent a user from ". 23 23 "logging in on more than one browser at the same time.")), 24 - $this->newOption('auth.sessions.conduit', 'int', 5) 24 + $this->newOption('auth.sessions.conduit', 'int', 5) 25 25 ->setSummary( 26 26 pht( 27 27 "Number of simultaneous Conduit sessions each user is permitted.")) ··· 29 29 pht( 30 30 "Maximum number of simultaneous Conduit sessions each user is ". 31 31 "permitted to have.")), 32 - $this->newOption('auth.require-email-verification', 'bool', false) 32 + $this->newOption('auth.require-email-verification', 'bool', false) 33 33 ->setBoolOptions( 34 34 array( 35 35 pht("Require email verification"), ··· 41 41 pht( 42 42 "If true, email addresses must be verified (by clicking a link ". 43 43 "in an email) before a user can login. By default, verification ". 44 - "is optional unless 'auth.email-domains' is nonempty.")), 45 - $this->newOption('auth.email-domains', 'list<string>', array()) 44 + "is optional unless {{auth.email-domains}} is nonempty.")), 45 + $this->newOption('auth.require-approval', 'bool', true) 46 + ->setBoolOptions( 47 + array( 48 + pht("Require Administrators to Approve Accounts"), 49 + pht("Don't Require Manual Approval"), 50 + )) 51 + ->setSummary( 52 + pht("Require administrators to approve new accounts.")) 53 + ->setDescription( 54 + pht( 55 + "Newly registered Phabricator accounts can either be placed ". 56 + "into a manual approval queue for administrative review, or ". 57 + "automatically activated immediately. The approval queue is ". 58 + "enabled by default because it gives you greater control over ". 59 + "who can register an account and access Phabricator.\n\n". 60 + "If your install is completely public, or on a VPN, or users can ". 61 + "only register with a trusted provider like LDAP, or you've ". 62 + "otherwise configured Phabricator to prevent unauthorized ". 63 + "registration, you can disable the queue to reduce administrative ". 64 + "overhead.\n\n". 65 + "NOTE: Before you disable the queue, make sure ". 66 + "{{auth.email-domains}} is configured correctly for your ". 67 + "install!")), 68 + $this->newOption('auth.email-domains', 'list<string>', array()) 46 69 ->setSummary(pht("Only allow registration from particular domains.")) 47 70 ->setDescription( 48 71 pht( 49 72 "You can restrict allowed email addresses to certain domains ". 50 - "(like 'yourcompany.com') by setting a list of allowed domains ". 51 - "here. Users will only be allowed to register using email ". 73 + "(like `yourcompany.com`) by setting a list of allowed domains ". 74 + "here.\n\nUsers will only be allowed to register using email ". 52 75 "addresses at one of the domains, and will only be able to add ". 53 76 "new email addresses for these domains. If you configure this, ". 54 - "it implies 'auth.require-email-verification'.\n\n". 55 - "You should omit the '@' from domains. Note that the domain must ". 56 - "match exactly. If you allow 'yourcompany.com', that permits ". 57 - "'joe@yourcompany.com' but rejects 'joe@mail.yourcompany.com'.")) 77 + "it implies {{auth.require-email-verification}}.\n\n". 78 + "You should omit the `@` from domains. Note that the domain must ". 79 + "match exactly. If you allow `yourcompany.com`, that permits ". 80 + "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`.")) 58 81 ->addExample( 59 82 "yourcompany.com\nmail.yourcompany.com", 60 83 pht('Valid Setting')), 61 - $this->newOption('auth.login-message', 'string', null) 84 + $this->newOption('auth.login-message', 'string', null) 62 85 ->setLocked(true) 63 86 ->setSummary(pht("A block of HTML displayed on the login screen.")) 64 87 ->setDescription( ··· 66 89 "You can provide an arbitrary block of HTML here, which will ". 67 90 "appear on the login screen. Normally, you'd use this to provide ". 68 91 "login or registration instructions to users.")), 69 - $this->newOption('account.editable', 'bool', true) 92 + $this->newOption('account.editable', 'bool', true) 70 93 ->setBoolOptions( 71 94 array( 72 95 pht("Allow editing"), ··· 83 106 "synchronize account information from some other authoritative ". 84 107 "system, you can disable this to ensure information remains ". 85 108 "consistent across both systems.")), 86 - $this->newOption('account.minimum-password-length', 'int', 8) 109 + $this->newOption('account.minimum-password-length', 'int', 8) 87 110 ->setSummary(pht("Minimum password length.")) 88 111 ->setDescription( 89 112 pht(
+3
src/applications/people/controller/PhabricatorPeopleEditController.php
··· 182 182 ->setAddress($new_email) 183 183 ->setIsVerified(0); 184 184 185 + // Automatically approve the user, since an admin is creating them. 186 + $user->setIsApproved(1); 187 + 185 188 id(new PhabricatorUserEditor()) 186 189 ->setActor($admin) 187 190 ->createNewUser($user, $email);
+1 -1
src/applications/people/storage/PhabricatorUser.php
··· 30 30 protected $isAdmin = 0; 31 31 protected $isDisabled = 0; 32 32 protected $isEmailVerified = 0; 33 - protected $isApproved = 1; 33 + protected $isApproved = 0; 34 34 35 35 private $profileImage = null; 36 36 private $profile = null;
+2 -1
src/infrastructure/testing/PhabricatorTestCase.php
··· 181 181 182 182 $user = id(new PhabricatorUser()) 183 183 ->setRealName("Test User {$seed}}") 184 - ->setUserName("test{$seed}"); 184 + ->setUserName("test{$seed}") 185 + ->setIsApproved(1); 185 186 186 187 $email = id(new PhabricatorUserEmail()) 187 188 ->setAddress("testuser{$seed}@example.com")