setViewer(PhabricatorUser::getOmnipotentUser()) ->execute(); $did_warn = false; if (!$configs) { $message = pht( 'You have not configured any authentication providers yet. You '. 'should add a provider (like username/password, LDAP, or GitHub '. 'OAuth) so users can register and log in. You can add and configure '. 'providers using the Auth Application.'); $this ->newIssue('auth.noproviders') ->setShortName(pht('No Auth Providers')) ->setName(pht('No Authentication Providers Configured')) ->setMessage($message) ->addLink('/auth/', pht('Auth Application')); $did_warn = true; } // This check is meant for new administrators, but we don't want to // show both this warning and the "No Auth Providers" warning. Also, // show this as a reminder to go back and do a `bin/auth lock` after // they make their desired changes. $is_locked = PhabricatorEnv::getEnvConfig('auth.lock-config'); if (!$is_locked && !$did_warn) { $message = pht( 'Your authentication provider configuration is unlocked. Once you '. 'finish setting up or modifying authentication, you should lock the '. 'configuration to prevent unauthorized changes.'. "\n\n". 'Leaving your authentication provider configuration unlocked '. 'increases the damage that a compromised administrator account can '. 'do to your install. For example, an attacker who compromises an '. 'administrator account can change authentication providers to point '. 'at a server they control and attempt to intercept usernames and '. 'passwords.'. "\n\n". 'To prevent this attack, you should configure authentication, and '. 'then lock the configuration by running "bin/auth lock" from the '. 'command line. This will prevent changing the authentication config '. 'without first running "bin/auth unlock".'); $this ->newIssue('auth.config-unlocked') ->setShortName(pht('Auth Config Unlocked')) ->setName(pht('Authentication Configuration Unlocked')) ->setSummary( pht( 'Authentication configuration is currently unlocked. Once you '. 'finish configuring authentication, you should lock it.')) ->setMessage($message) ->addRelatedPhabricatorConfig('auth.lock-config') ->addCommand( hsprintf( '%s $./bin/auth lock', PlatformSymbols::getPlatformServerPath())); } } }