Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/phabricator
 Path: blob/master/src/applications/auth/controller/config/PhabricatorAuthEditController.php
12261 views
1
<?php

2


3
final class PhabricatorAuthEditController

4
  extends PhabricatorAuthProviderConfigController {

5


6
  public function handleRequest(AphrontRequest $request) {

7
    $this->requireApplicationCapability(

8
      AuthManageProvidersCapability::CAPABILITY);

9


10
    $viewer = $this->getViewer();

11
    $provider_class = $request->getStr('provider');

12
    $config_id = $request->getURIData('id');

13


14
    if ($config_id) {

15
      $config = id(new PhabricatorAuthProviderConfigQuery())

16
        ->setViewer($viewer)

17
        ->requireCapabilities(

18
          array(

19
            PhabricatorPolicyCapability::CAN_VIEW,

20
            PhabricatorPolicyCapability::CAN_EDIT,

21
          ))

22
        ->withIDs(array($config_id))

23
        ->executeOne();

24
      if (!$config) {

25
        return new Aphront404Response();

26
      }

27


28
      $provider = $config->getProvider();

29
      if (!$provider) {

30
        return new Aphront404Response();

31
      }

32


33
      $is_new = false;

34
    } else {

35
      $provider = null;

36


37
      $providers = PhabricatorAuthProvider::getAllBaseProviders();

38
      foreach ($providers as $candidate_provider) {

39
        if (get_class($candidate_provider) === $provider_class) {

40
          $provider = $candidate_provider;

41
          break;

42
        }

43
      }

44


45
      if (!$provider) {

46
        return new Aphront404Response();

47
      }

48


49
      // TODO: When we have multi-auth providers, support them here.

50


51
      $configs = id(new PhabricatorAuthProviderConfigQuery())

52
        ->setViewer($viewer)

53
        ->withProviderClasses(array(get_class($provider)))

54
        ->execute();

55


56
      if ($configs) {

57
        $id = head($configs)->getID();

58
        $dialog = id(new AphrontDialogView())

59
          ->setUser($viewer)

60
          ->setMethod('GET')

61
          ->setSubmitURI($this->getApplicationURI('config/edit/'.$id.'/'))

62
          ->setTitle(pht('Provider Already Configured'))

63
          ->appendChild(

64
            pht(

65
              'This provider ("%s") already exists, and you can not add more '.

66
              'than one instance of it. You can edit the existing provider, '.

67
              'or you can choose a different provider.',

68
              $provider->getProviderName()))

69
          ->addCancelButton($this->getApplicationURI('config/new/'))

70
          ->addSubmitButton(pht('Edit Existing Provider'));

71


72
        return id(new AphrontDialogResponse())->setDialog($dialog);

73
      }

74


75
      $config = $provider->getDefaultProviderConfig();

76
      $provider->attachProviderConfig($config);

77


78
      $is_new = true;

79
    }

80


81
    $errors = array();

82
    $validation_exception = null;

83


84
    $v_login = $config->getShouldAllowLogin();

85
    $v_registration = $config->getShouldAllowRegistration();

86
    $v_link = $config->getShouldAllowLink();

87
    $v_unlink = $config->getShouldAllowUnlink();

88
    $v_trust_email = $config->getShouldTrustEmails();

89
    $v_auto_login = $config->getShouldAutoLogin();

90


91
    if ($request->isFormPost()) {

92


93
      $properties = $provider->readFormValuesFromRequest($request);

94
      list($errors, $issues, $properties) = $provider->processEditForm(

95
        $request,

96
        $properties);

97


98
      $xactions = array();

99


100
      if (!$errors) {

101
        if ($is_new) {

102
          if (!strlen($config->getProviderType())) {

103
            $config->setProviderType($provider->getProviderType());

104
          }

105
          if (!strlen($config->getProviderDomain())) {

106
            $config->setProviderDomain($provider->getProviderDomain());

107
          }

108
        }

109


110
        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

111
          ->setTransactionType(

112
            PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN)

113
          ->setNewValue($request->getInt('allowLogin', 0));

114


115
        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

116
          ->setTransactionType(

117
            PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION)

118
          ->setNewValue($request->getInt('allowRegistration', 0));

119


120
        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

121
          ->setTransactionType(

122
            PhabricatorAuthProviderConfigTransaction::TYPE_LINK)

123
          ->setNewValue($request->getInt('allowLink', 0));

124


125
        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

126
          ->setTransactionType(

127
            PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK)

128
          ->setNewValue($request->getInt('allowUnlink', 0));

129


130
        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

131
          ->setTransactionType(

132
            PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)

133
          ->setNewValue($request->getInt('trustEmails', 0));

134


135
        if ($provider->supportsAutoLogin()) {

136
          $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

137
            ->setTransactionType(

138
              PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)

139
            ->setNewValue($request->getInt('autoLogin', 0));

140
        }

141


142
        foreach ($properties as $key => $value) {

143
          $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())

144
            ->setTransactionType(

145
              PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY)

146
            ->setMetadataValue('auth:property', $key)

147
            ->setNewValue($value);

148
        }

149


150
        if ($is_new) {

151
          $config->save();

152
        }

153


154
        $editor = id(new PhabricatorAuthProviderConfigEditor())

155
          ->setActor($viewer)

156
          ->setContentSourceFromRequest($request)

157
          ->setContinueOnNoEffect(true);

158


159
        try {

160
          $editor->applyTransactions($config, $xactions);

161
          $next_uri = $config->getURI();

162


163
          return id(new AphrontRedirectResponse())->setURI($next_uri);

164
        } catch (Exception $ex) {

165
          $validation_exception = $ex;

166
        }

167
      }

168
    } else {

169
      $properties = $provider->readFormValuesFromProvider();

170
      $issues = array();

171
    }

172


173
    if ($is_new) {

174
      if ($provider->hasSetupStep()) {

175
        $button = pht('Next Step');

176
      } else {

177
        $button = pht('Add Provider');

178
      }

179
      $crumb = pht('Add Provider');

180
      $title = pht('Add Auth Provider');

181
      $header_icon = 'fa-plus-square';

182
      $cancel_uri = $this->getApplicationURI('/config/new/');

183
    } else {

184
      $button = pht('Save');

185
      $crumb = pht('Edit Provider');

186
      $title = pht('Edit Auth Provider');

187
      $header_icon = 'fa-pencil';

188
      $cancel_uri = $config->getURI();

189
    }

190


191
    $header = id(new PHUIHeaderView())

192
      ->setHeader(pht('%s: %s', $title, $provider->getProviderName()))

193
      ->setHeaderIcon($header_icon);

194


195
    if (!$is_new) {

196
      if ($config->getIsEnabled()) {

197
        $status_name = pht('Enabled');

198
        $status_color = 'green';

199
        $status_icon = 'fa-check';

200
        $header->setStatus($status_icon, $status_color, $status_name);

201
      } else {

202
        $status_name = pht('Disabled');

203
        $status_color = 'indigo';

204
        $status_icon = 'fa-ban';

205
        $header->setStatus($status_icon, $status_color, $status_name);

206
      }

207
    }

208


209
    $config_name = 'auth.email-domains';

210
    $config_href = '/config/edit/'.$config_name.'/';

211


212
    $email_domains = PhabricatorEnv::getEnvConfig($config_name);

213
    if ($email_domains) {

214
      $registration_warning = pht(

215
        'Users will only be able to register with a verified email address '.

216
        'at one of the configured [[ %s | %s ]] domains: **%s**',

217
        $config_href,

218
        $config_name,

219
        implode(', ', $email_domains));

220
    } else {

221
      $registration_warning = pht(

222
        "NOTE: Any user who can browse to this install's login page will be ".

223
        "able to register an account. To restrict who can register ".

224
        "an account, configure [[ %s | %s ]].",

225
        $config_href,

226
        $config_name);

227
    }

228


229
    $str_login = array(

230
      phutil_tag('strong', array(), pht('Allow Login:')),

231
      ' ',

232
      pht(

233
        'Allow users to log in using this provider. If you disable login, '.

234
        'users can still use account integrations for this provider.'),

235
    );

236


237
    $str_registration = array(

238
      phutil_tag('strong', array(), pht('Allow Registration:')),

239
      ' ',

240
      pht(

241
        'Allow users to register new accounts using this provider. If you '.

242
        'disable registration, users can still use this provider to log in '.

243
        'to existing accounts, but will not be able to create new accounts.'),

244
    );

245


246
    $str_link = hsprintf(

247
      '<strong>%s:</strong> %s',

248
      pht('Allow Linking Accounts'),

249
      pht(

250
        'Allow users to link account credentials for this provider to '.

251
        'existing accounts. There is normally no reason to disable this '.

252
        'unless you are trying to move away from a provider and want to '.

253
        'stop users from creating new account links.'));

254


255
    $str_unlink = hsprintf(

256
      '<strong>%s:</strong> %s',

257
      pht('Allow Unlinking Accounts'),

258
      pht(

259
        'Allow users to unlink account credentials for this provider from '.

260
        'existing accounts. If you disable this, accounts will be '.

261
        'permanently bound to provider accounts.'));

262


263
    $str_trusted_email = hsprintf(

264
      '<strong>%s:</strong> %s',

265
      pht('Trust Email Addresses'),

266
      pht(

267
        'Skip email verification for accounts registered '.

268
        'through this provider.'));

269
    $str_auto_login = hsprintf(

270
      '<strong>%s:</strong> %s',

271
      pht('Allow Auto Login'),

272
      pht(

273
        'Automatically log in with this provider if it is '.

274
        'the only available provider.'));

275


276
    $form = id(new AphrontFormView())

277
      ->setUser($viewer)

278
      ->addHiddenInput('provider', $provider_class)

279
      ->appendChild(

280
        id(new AphrontFormCheckboxControl())

281
          ->setLabel(pht('Allow'))

282
          ->addCheckbox(

283
            'allowLogin',

284
            1,

285
            $str_login,

286
            $v_login))

287
      ->appendChild(

288
        id(new AphrontFormCheckboxControl())

289
          ->addCheckbox(

290
            'allowRegistration',

291
            1,

292
            $str_registration,

293
            $v_registration))

294
      ->appendRemarkupInstructions($registration_warning)

295
      ->appendChild(

296
        id(new AphrontFormCheckboxControl())

297
          ->addCheckbox(

298
            'allowLink',

299
            1,

300
            $str_link,

301
            $v_link))

302
      ->appendChild(

303
        id(new AphrontFormCheckboxControl())

304
          ->addCheckbox(

305
            'allowUnlink',

306
            1,

307
            $str_unlink,

308
            $v_unlink));

309


310
    if ($provider->shouldAllowEmailTrustConfiguration()) {

311
      $form->appendChild(

312
        id(new AphrontFormCheckboxControl())

313
          ->addCheckbox(

314
            'trustEmails',

315
            1,

316
            $str_trusted_email,

317
            $v_trust_email));

318
    }

319


320
    if ($provider->supportsAutoLogin()) {

321
      $form->appendChild(

322
        id(new AphrontFormCheckboxControl())

323
          ->addCheckbox(

324
            'autoLogin',

325
            1,

326
            $str_auto_login,

327
            $v_auto_login));

328
    }

329


330
    $provider->extendEditForm($request, $form, $properties, $issues);

331


332
    $locked_config_key = 'auth.lock-config';

333
    $is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);

334


335
    $locked_warning = null;

336
    if ($is_locked && !$validation_exception) {

337
      $message = pht(

338
        'Authentication provider configuration is locked, and can not be '.

339
        'changed without being unlocked. See the configuration setting %s '.

340
        'for details.',

341
        phutil_tag(

342
          'a',

343
          array(

344
            'href' => '/config/edit/'.$locked_config_key,

345
          ),

346
          $locked_config_key));

347
      $locked_warning = id(new PHUIInfoView())

348
        ->setViewer($viewer)

349
        ->setSeverity(PHUIInfoView::SEVERITY_WARNING)

350
        ->setErrors(array($message));

351
    }

352


353
    $form

354
      ->appendChild(

355
        id(new AphrontFormSubmitControl())

356
          ->addCancelButton($cancel_uri)

357
          ->setDisabled($is_locked)

358
          ->setValue($button));

359


360


361
    $help = $provider->getConfigurationHelp();

362
    if ($help) {

363
      $form->appendChild(id(new PHUIFormDividerControl()));

364
      $form->appendRemarkupInstructions($help);

365
    }

366


367
    $footer = $provider->renderConfigurationFooter();

368


369
    $crumbs = $this->buildApplicationCrumbs();

370
    $crumbs->addTextCrumb($crumb);

371
    $crumbs->setBorder(true);

372


373
    $form_box = id(new PHUIObjectBoxView())

374
      ->setHeaderText(pht('Provider'))

375
      ->setFormErrors($errors)

376
      ->setValidationException($validation_exception)

377
      ->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)

378
      ->setForm($form);

379


380


381


382
    $view = id(new PHUITwoColumnView())

383
      ->setHeader($header)

384
      ->setFooter(array(

385
        $locked_warning,

386
        $form_box,

387
        $footer,

388
      ));

389


390
    return $this->newPage()

391
      ->setTitle($title)

392
      ->setCrumbs($crumbs)

393
      ->appendChild($view);

394


395
  }

396


397
}

398


399