@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Prepare for db-driven auth configuration by making proviers operate in dual modes

Summary:
Ref T1536. This sets us for the "Config -> Database" migration. Basically:

- If stuff is defined in the database, respect the database stuff (no installs have anything defined yet since they can't reach the interfaces/code).
- Otherwise, respect the config stuff (all installs currently do this).

Test Plan: Saw database stuff respected when database stuff was defined; saw config stuff respected otherwise.

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6240

+184 -93
+7 -12
src/applications/auth/controller/config/PhabricatorAuthEditController.php
··· 60 60 throw new Exception("This provider is already configured!"); 61 61 } 62 62 63 - $config = id(new PhabricatorAuthProviderConfig()) 64 - ->setProviderClass(get_class($provider)) 65 - ->setShouldAllowLogin(1) 66 - ->setShouldAllowRegistration(1) 67 - ->setShouldAllowLink(1) 68 - ->setShouldAllowUnlink(1); 63 + $config = $provider->getDefaultProviderConfig(); 64 + $provider->attachProviderConfig($config); 69 65 70 66 $is_new = true; 71 67 } ··· 87 83 88 84 if (!$errors) { 89 85 if ($is_new) { 90 - $xactions[] = id(new PhabricatorAuthProviderConfigTransaction()) 91 - ->setTransactionType( 92 - PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE) 93 - ->setNewValue(1); 94 - 95 86 $config->setProviderType($provider->getProviderType()); 96 87 $config->setProviderDomain($provider->getProviderDomain()); 97 88 } ··· 177 168 178 169 $status_tag = id(new PhabricatorTagView()) 179 170 ->setType(PhabricatorTagView::TYPE_STATE); 180 - if ($config->getIsEnabled()) { 171 + if ($is_new) { 172 + $status_tag 173 + ->setName(pht('New Provider')) 174 + ->setBackgroundColor('blue'); 175 + } else if ($config->getIsEnabled()) { 181 176 $status_tag 182 177 ->setName(pht('Enabled')) 183 178 ->setBackgroundColor('green');
+88 -19
src/applications/auth/provider/PhabricatorAuthProvider.php
··· 9 9 return $this; 10 10 } 11 11 12 + public function hasProviderConfig() { 13 + return (bool)$this->providerConfig; 14 + } 15 + 12 16 public function getProviderConfig() { 13 - if ($this->config === null) { 17 + if ($this->providerConfig === null) { 14 18 throw new Exception( 15 19 "Call attachProviderConfig() before getProviderConfig()!"); 16 20 } 17 - return $this->config; 21 + return $this->providerConfig; 22 + } 23 + 24 + public function getDefaultProviderConfig() { 25 + return id(new PhabricatorAuthProviderConfig()) 26 + ->setProviderClass(get_class($this)) 27 + ->setIsEnabled(1) 28 + ->setShouldAllowLogin(1) 29 + ->setShouldAllowRegistration(1) 30 + ->setShouldAllowLink(1) 31 + ->setShouldAllowUnlink(1); 18 32 } 19 33 20 34 public function getNameForCreate() { ··· 56 70 if ($providers === null) { 57 71 $objects = self::getAllBaseProviders(); 58 72 73 + $configs = id(new PhabricatorAuthProviderConfigQuery()) 74 + ->setViewer(PhabricatorUser::getOmnipotentUser()) 75 + ->execute(); 76 + 59 77 $providers = array(); 60 - $from_class_map = array(); 61 - foreach ($objects as $object) { 62 - $from_class = get_class($object); 63 - $object_providers = $object->createProviders(); 64 - assert_instances_of($object_providers, 'PhabricatorAuthProvider'); 65 - foreach ($object_providers as $provider) { 66 - $key = $provider->getProviderKey(); 78 + if ($configs) { 79 + foreach ($configs as $config) { 80 + if (!isset($objects[$config->getProviderClass()])) { 81 + // This configuration is for a provider which is not installed. 82 + continue; 83 + } 84 + 85 + $object = clone $objects[$config->getProviderClass()]; 86 + $object->attachProviderConfig($config); 87 + 88 + $key = $object->getProviderKey(); 67 89 if (isset($providers[$key])) { 68 - $first_class = $from_class_map[$key]; 69 90 throw new Exception( 70 - "PhabricatorAuthProviders '{$first_class}' and '{$from_class}' ". 71 - "both created authentication providers identified by key ". 72 - "'{$key}'. Provider keys must be unique."); 91 + pht( 92 + "Two authentication providers use the same provider key ". 93 + "('%s'). Each provider must be identified by a unique ". 94 + "key.", 95 + $key)); 96 + } 97 + $providers[$key] = $object; 98 + } 99 + } else { 100 + // TODO: Remove this once we transition to be completely database 101 + // driven. 102 + $from_class_map = array(); 103 + foreach ($objects as $object) { 104 + $from_class = get_class($object); 105 + $object_providers = $object->createProviders(); 106 + assert_instances_of($object_providers, 'PhabricatorAuthProvider'); 107 + foreach ($object_providers as $provider) { 108 + $key = $provider->getProviderKey(); 109 + if (isset($providers[$key])) { 110 + $first_class = $from_class_map[$key]; 111 + throw new Exception( 112 + "PhabricatorAuthProviders '{$first_class}' and ". 113 + "'{$from_class}' both created authentication providers ". 114 + "identified by key '{$key}'. Provider keys must be unique."); 115 + } 116 + $providers[$key] = $provider; 117 + $from_class_map[$key] = $from_class; 73 118 } 74 - $providers[$key] = $provider; 75 - $from_class_map[$key] = $from_class; 76 119 } 77 120 } 78 121 } ··· 98 141 abstract public function getAdapter(); 99 142 100 143 public function isEnabled() { 144 + if ($this->hasProviderConfig()) { 145 + return $this->getProviderConfig()->getIsEnabled(); 146 + } 101 147 return true; 102 148 } 103 149 104 - abstract public function shouldAllowLogin(); 105 - abstract public function shouldAllowRegistration(); 106 - abstract public function shouldAllowAccountLink(); 107 - abstract public function shouldAllowAccountUnlink(); 150 + public function shouldAllowLogin() { 151 + if ($this->hasProviderConfig()) { 152 + return $this->getProviderConfig()->getShouldAllowLogin(); 153 + } 154 + return true; 155 + } 156 + 157 + public function shouldAllowRegistration() { 158 + if ($this->hasProviderConfig()) { 159 + return $this->getProviderConfig()->getShouldAllowRegistration(); 160 + } 161 + return true; 162 + } 163 + 164 + public function shouldAllowAccountLink() { 165 + if ($this->hasProviderConfig()) { 166 + return $this->getProviderConfig()->getShouldAllowLink(); 167 + } 168 + return true; 169 + } 170 + 171 + public function shouldAllowAccountUnlink() { 172 + if ($this->hasProviderConfig()) { 173 + return $this->getProviderConfig()->getShouldAllowUnlink(); 174 + } 175 + return true; 176 + } 108 177 109 178 public function buildLoginForm( 110 179 PhabricatorAuthStartController $controller) {
+9 -16
src/applications/auth/provider/PhabricatorAuthProviderLDAP.php
··· 15 15 'LDAP credentials to log in to Phabricator.'); 16 16 } 17 17 18 + public function getDefaultProviderConfig() { 19 + return parent::getDefaultProviderConfig() 20 + ->setProperty(self::KEY_PORT, 389) 21 + ->setProperty(self::KEY_VERSION, 3); 22 + } 18 23 19 24 public function isEnabled() { 25 + if ($this->hasProviderConfig()) { 26 + return parent::isEnabled(); 27 + } 28 + 20 29 return parent::isEnabled() && 21 30 PhabricatorEnv::getEnvConfig('ldap.auth-enabled'); 22 31 } ··· 47 56 $this->adapter = $adapter; 48 57 } 49 58 return $this->adapter; 50 - } 51 - 52 - public function shouldAllowLogin() { 53 - return true; 54 - } 55 - 56 - public function shouldAllowRegistration() { 57 - return true; 58 - } 59 - 60 - public function shouldAllowAccountLink() { 61 - return true; 62 - } 63 - 64 - public function shouldAllowAccountUnlink() { 65 - return true; 66 59 } 67 60 68 61 protected function renderLoginForm(AphrontRequest $request, $mode) {
+31 -10
src/applications/auth/provider/PhabricatorAuthProviderOAuth.php
··· 22 22 } 23 23 24 24 public function isEnabled() { 25 + if ($this->hasProviderConfig()) { 26 + return parent::isEnabled(); 27 + } 28 + 25 29 return parent::isEnabled() && 26 30 $this->getOAuthClientID() && 27 31 $this->getOAuthClientSecret(); 28 32 } 29 33 30 34 protected function configureAdapter(PhutilAuthAdapterOAuth $adapter) { 31 - if ($this->getOAuthClientID()) { 32 - $adapter->setClientID($this->getOAuthClientID()); 33 - } 35 + 36 + if ($this->hasProviderConfig()) { 37 + $config = $this->getProviderConfig(); 38 + $adapter->setClientID($config->getProperty(self::PROPERTY_APP_ID)); 39 + $adapter->setClientSecret( 40 + new PhutilOpaqueEnvelope( 41 + $config->getProperty(self::PROPERTY_APP_SECRET))); 42 + } else { 43 + if ($this->getOAuthClientID()) { 44 + $adapter->setClientID($this->getOAuthClientID()); 45 + } 34 46 35 - if ($this->getOAuthClientSecret()) { 36 - $adapter->setClientSecret($this->getOAuthClientSecret()); 47 + if ($this->getOAuthClientSecret()) { 48 + $adapter->setClientSecret($this->getOAuthClientSecret()); 49 + } 37 50 } 38 51 39 52 $adapter->setRedirectURI($this->getLoginURI()); ··· 174 187 const PROPERTY_APP_SECRET = 'oauth:app:secret'; 175 188 176 189 public function readFormValuesFromProvider() { 177 - $secret = $this->getOAuthClientSecret(); 178 - if ($secret) { 179 - $secret = $secret->openEnvelope(); 190 + 191 + if ($this->hasProviderConfig()) { 192 + $config = $this->getProviderConfig(); 193 + $id = $config->getProperty(self::PROPERTY_APP_ID); 194 + $secret = $config->getProperty(self::PROPERTY_APP_SECRET); 195 + } else { 196 + $id = $this->getOAuthClientID(); 197 + $secret = $this->getOAuthClientSecret(); 198 + if ($secret) { 199 + $secret = $secret->openEnvelope(); 200 + } 180 201 } 181 202 182 203 return array( 183 - self::PROPERTY_APP_ID => $this->getOAuthClientID(), 204 + self::PROPERTY_APP_ID => $id, 184 205 self::PROPERTY_APP_SECRET => $secret, 185 206 ); 186 207 } ··· 208 229 209 230 if (!strlen($values[$key_secret])) { 210 231 $errors[] = pht('Application secret is required.'); 211 - $issues[$key_id] = pht('Required'); 232 + $issues[$key_secret] = pht('Required'); 212 233 } 213 234 214 235 // If the user has not changed the secret, don't update it (that is,
+11 -8
src/applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php
··· 16 16 } 17 17 18 18 public function isEnabled() { 19 + if ($this->hasProviderConfig()) { 20 + return parent::isEnabled(); 21 + } 22 + 19 23 return parent::isEnabled() && 20 24 PhabricatorEnv::getEnvConfig('disqus.auth-enabled'); 21 25 } ··· 32 36 return null; 33 37 } 34 38 35 - public function shouldAllowLogin() { 36 - return true; 37 - } 38 - 39 39 public function shouldAllowRegistration() { 40 + if ($this->hasProviderConfig()) { 41 + return parent::shouldAllowRegistration(); 42 + } 40 43 return PhabricatorEnv::getEnvConfig('disqus.registration-enabled'); 41 44 } 42 45 43 - public function shouldAllowAccountLink() { 44 - return true; 45 - } 46 + public function shouldAllowAccountUnlink() { 47 + if ($this->hasProviderConfig()) { 48 + return parent::shouldAllowAccountUnlink(); 49 + } 46 50 47 - public function shouldAllowAccountUnlink() { 48 51 return !PhabricatorEnv::getEnvConfig('disqus.auth-permanent'); 49 52 } 50 53
+15 -8
src/applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php
··· 9 9 return pht('Facebook'); 10 10 } 11 11 12 + public function getDefaultProviderConfig() { 13 + return parent::getDefaultProviderConfig() 14 + ->setProperty(self::KEY_REQUIRE_SECURE, 1); 15 + } 16 + 12 17 protected function newOAuthAdapter() { 13 18 $secure_only = PhabricatorEnv::getEnvConfig('facebook.require-https-auth'); 14 19 return id(new PhutilAuthAdapterOAuthFacebook()) ··· 20 25 } 21 26 22 27 public function isEnabled() { 28 + if ($this->hasProviderConfig()) { 29 + return parent::isEnabled(); 30 + } 31 + 23 32 return parent::isEnabled() && 24 33 PhabricatorEnv::getEnvConfig('facebook.auth-enabled'); 25 34 } ··· 36 45 return null; 37 46 } 38 47 39 - public function shouldAllowLogin() { 40 - return true; 41 - } 42 - 43 48 public function shouldAllowRegistration() { 49 + if ($this->hasProviderConfig()) { 50 + return parent::shouldAllowRegistration(); 51 + } 44 52 return PhabricatorEnv::getEnvConfig('facebook.registration-enabled'); 45 53 } 46 54 47 - public function shouldAllowAccountLink() { 48 - return true; 49 - } 50 - 51 55 public function shouldAllowAccountUnlink() { 56 + if ($this->hasProviderConfig()) { 57 + return parent::shouldAllowAccountUnlink(); 58 + } 52 59 return !PhabricatorEnv::getEnvConfig('facebook.auth-permanent'); 53 60 } 54 61
+10 -8
src/applications/auth/provider/PhabricatorAuthProviderOAuthGitHub.php
··· 16 16 } 17 17 18 18 public function isEnabled() { 19 + if ($this->hasProviderConfig()) { 20 + return parent::isEnabled(); 21 + } 22 + 19 23 return parent::isEnabled() && 20 24 PhabricatorEnv::getEnvConfig('github.auth-enabled'); 21 25 } ··· 32 36 return null; 33 37 } 34 38 35 - public function shouldAllowLogin() { 36 - return true; 37 - } 38 - 39 39 public function shouldAllowRegistration() { 40 + if ($this->hasProviderConfig()) { 41 + return parent::shouldAllowRegistration(); 42 + } 40 43 return PhabricatorEnv::getEnvConfig('github.registration-enabled'); 41 44 } 42 45 43 - public function shouldAllowAccountLink() { 44 - return true; 45 - } 46 - 47 46 public function shouldAllowAccountUnlink() { 47 + if ($this->hasProviderConfig()) { 48 + return parent::shouldAllowAccountUnlink(); 49 + } 48 50 return !PhabricatorEnv::getEnvConfig('github.auth-permanent'); 49 51 } 50 52
+9 -8
src/applications/auth/provider/PhabricatorAuthProviderOAuthGoogle.php
··· 16 16 } 17 17 18 18 public function isEnabled() { 19 + if ($this->hasProviderConfig()) { 20 + return parent::isEnabled(); 21 + } 19 22 return parent::isEnabled() && 20 23 PhabricatorEnv::getEnvConfig('google.auth-enabled'); 21 24 } ··· 32 35 return null; 33 36 } 34 37 35 - public function shouldAllowLogin() { 36 - return true; 37 - } 38 - 39 38 public function shouldAllowRegistration() { 39 + if ($this->hasProviderConfig()) { 40 + return parent::shouldAllowRegistration(); 41 + } 40 42 return PhabricatorEnv::getEnvConfig('google.registration-enabled'); 41 43 } 42 44 43 - public function shouldAllowAccountLink() { 44 - return true; 45 - } 46 - 47 45 public function shouldAllowAccountUnlink() { 46 + if ($this->hasProviderConfig()) { 47 + return parent::shouldAllowAccountUnlink(); 48 + } 48 49 return !PhabricatorEnv::getEnvConfig('google.auth-permanent'); 49 50 } 50 51
+4 -4
src/applications/auth/provider/PhabricatorAuthProviderPassword.php
··· 15 15 } 16 16 17 17 public function isEnabled() { 18 + if ($this->hasProviderConfig()) { 19 + return parent::isEnabled(); 20 + } 21 + 18 22 return parent::isEnabled() && 19 23 PhabricatorEnv::getEnvConfig('auth.password-auth-enabled'); 20 24 } ··· 32 36 public function getLoginOrder() { 33 37 // Make sure username/password appears first if it is enabled. 34 38 return '100-'.$this->getProviderName(); 35 - } 36 - 37 - public function shouldAllowLogin() { 38 - return true; 39 39 } 40 40 41 41 public function shouldAllowRegistration() {