2011-01-24 03:09:16 +01:00
|
|
|
<?php
|
|
|
|
|
|
2012-03-10 00:46:25 +01:00
|
|
|
final class PhabricatorPeopleEditController
|
|
|
|
|
extends PhabricatorPeopleController {
|
2011-01-24 03:09:16 +01:00
|
|
|
|
|
|
|
|
public function processRequest() {
|
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$request = $this->getRequest();
|
|
|
|
|
$admin = $request->getUser();
|
2011-02-20 01:46:14 +01:00
|
|
|
|
2013-02-21 23:10:22 +01:00
|
|
|
$crumbs = $this->buildApplicationCrumbs($this->buildSideNavView());
|
2011-05-12 19:06:54 +02:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$user = new PhabricatorUser();
|
|
|
|
|
$base_uri = '/people/edit/';
|
|
|
|
|
$crumbs->addTextCrumb(pht('Create New User'), $base_uri);
|
2011-05-12 19:06:54 +02:00
|
|
|
|
|
|
|
|
$content = array();
|
|
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$response = $this->processBasicRequest($user);
|
2011-05-12 19:06:54 +02:00
|
|
|
if ($response instanceof AphrontResponse) {
|
|
|
|
|
return $response;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$content[] = $response;
|
|
|
|
|
|
2012-08-14 00:27:21 +02:00
|
|
|
return $this->buildApplicationPage(
|
2014-04-02 21:06:17 +02:00
|
|
|
array(
|
|
|
|
|
$crumbs,
|
|
|
|
|
$content,
|
|
|
|
|
),
|
2011-05-12 19:06:54 +02:00
|
|
|
array(
|
2013-02-21 23:10:22 +01:00
|
|
|
'title' => pht('Edit User'),
|
|
|
|
|
'device' => true,
|
2011-05-12 19:06:54 +02:00
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function processBasicRequest(PhabricatorUser $user) {
|
|
|
|
|
$request = $this->getRequest();
|
|
|
|
|
$admin = $request->getUser();
|
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
$e_username = true;
|
|
|
|
|
$e_realname = true;
|
|
|
|
|
$e_email = true;
|
|
|
|
|
$errors = array();
|
|
|
|
|
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$welcome_checked = true;
|
|
|
|
|
|
2012-05-07 19:29:33 +02:00
|
|
|
$new_email = null;
|
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
$request = $this->getRequest();
|
|
|
|
|
if ($request->isFormPost()) {
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$welcome_checked = $request->getInt('welcome');
|
|
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$user->setUsername($request->getStr('username'));
|
|
|
|
|
|
|
|
|
|
$new_email = $request->getStr('email');
|
|
|
|
|
if (!strlen($new_email)) {
|
|
|
|
|
$errors[] = pht('Email is required.');
|
|
|
|
|
$e_email = pht('Required');
|
|
|
|
|
} else if (!PhabricatorUserEmail::isAllowedAddress($new_email)) {
|
|
|
|
|
$e_email = pht('Invalid');
|
|
|
|
|
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
|
|
|
|
|
} else {
|
|
|
|
|
$e_email = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
2014-04-02 21:06:17 +02:00
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
$user->setRealName($request->getStr('realname'));
|
|
|
|
|
|
|
|
|
|
if (!strlen($user->getUsername())) {
|
2013-02-21 23:10:22 +01:00
|
|
|
$errors[] = pht("Username is required.");
|
|
|
|
|
$e_username = pht('Required');
|
2012-01-16 16:30:28 +01:00
|
|
|
} else if (!PhabricatorUser::validateUsername($user->getUsername())) {
|
2012-06-06 16:09:05 +02:00
|
|
|
$errors[] = PhabricatorUser::describeValidUsername();
|
2013-02-21 23:10:22 +01:00
|
|
|
$e_username = pht('Invalid');
|
2011-05-12 19:06:54 +02:00
|
|
|
} else {
|
|
|
|
|
$e_username = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!strlen($user->getRealName())) {
|
2013-02-21 23:10:22 +01:00
|
|
|
$errors[] = pht('Real name is required.');
|
|
|
|
|
$e_realname = pht('Required');
|
2011-05-12 19:06:54 +02:00
|
|
|
} else {
|
|
|
|
|
$e_realname = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$errors) {
|
2011-05-12 19:06:54 +02:00
|
|
|
try {
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$email = id(new PhabricatorUserEmail())
|
|
|
|
|
->setAddress($new_email)
|
|
|
|
|
->setIsVerified(0);
|
|
|
|
|
|
|
|
|
|
// Automatically approve the user, since an admin is creating them.
|
|
|
|
|
$user->setIsApproved(1);
|
2012-05-07 19:29:33 +02:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
id(new PhabricatorUserEditor())
|
|
|
|
|
->setActor($admin)
|
|
|
|
|
->createNewUser($user, $email);
|
2013-11-13 20:24:56 +01:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
if ($request->getStr('role') == 'agent') {
|
2012-05-25 16:30:44 +02:00
|
|
|
id(new PhabricatorUserEditor())
|
|
|
|
|
->setActor($admin)
|
2014-04-02 21:06:17 +02:00
|
|
|
->makeSystemAgentUser($user, true);
|
2012-07-26 23:41:14 +02:00
|
|
|
}
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
|
2012-07-26 23:41:14 +02:00
|
|
|
if ($welcome_checked) {
|
|
|
|
|
$user->sendWelcomeEmail($admin);
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
}
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$response = id(new AphrontRedirectResponse())
|
2014-04-02 21:06:17 +02:00
|
|
|
->setURI('/p/'.$user->getUsername().'/');
|
2011-05-12 19:06:54 +02:00
|
|
|
return $response;
|
|
|
|
|
} catch (AphrontQueryDuplicateKeyException $ex) {
|
2013-02-21 23:10:22 +01:00
|
|
|
$errors[] = pht('Username and email must be unique.');
|
2011-05-12 19:06:54 +02:00
|
|
|
|
|
|
|
|
$same_username = id(new PhabricatorUser())
|
|
|
|
|
->loadOneWhere('username = %s', $user->getUsername());
|
2012-05-07 19:29:33 +02:00
|
|
|
$same_email = id(new PhabricatorUserEmail())
|
|
|
|
|
->loadOneWhere('address = %s', $new_email);
|
2011-05-12 19:06:54 +02:00
|
|
|
|
|
|
|
|
if ($same_username) {
|
2013-02-21 23:10:22 +01:00
|
|
|
$e_username = pht('Duplicate');
|
2011-05-12 19:06:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($same_email) {
|
2013-02-21 23:10:22 +01:00
|
|
|
$e_email = pht('Duplicate');
|
2011-05-12 19:06:54 +02:00
|
|
|
}
|
|
|
|
|
}
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$form = new AphrontFormView();
|
2011-05-12 19:06:54 +02:00
|
|
|
$form->setUser($admin);
|
2014-04-02 21:06:17 +02:00
|
|
|
$form->setAction('/people/edit/');
|
2011-01-24 03:09:16 +01:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$is_immutable = false;
|
2011-01-24 03:09:16 +01:00
|
|
|
|
|
|
|
|
$form
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormTextControl())
|
2013-02-21 23:10:22 +01:00
|
|
|
->setLabel(pht('Username'))
|
2011-01-24 03:09:16 +01:00
|
|
|
->setName('username')
|
|
|
|
|
->setValue($user->getUsername())
|
|
|
|
|
->setError($e_username)
|
2012-06-16 02:02:20 +02:00
|
|
|
->setDisabled($is_immutable))
|
2011-01-24 03:09:16 +01:00
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormTextControl())
|
2013-02-21 23:10:22 +01:00
|
|
|
->setLabel(pht('Real Name'))
|
2011-01-24 03:09:16 +01:00
|
|
|
->setName('realname')
|
|
|
|
|
->setValue($user->getRealName())
|
2012-05-07 19:29:33 +02:00
|
|
|
->setError($e_realname));
|
|
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$form->appendChild(
|
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
|
->setLabel(pht('Email'))
|
|
|
|
|
->setName('email')
|
|
|
|
|
->setDisabled($is_immutable)
|
|
|
|
|
->setValue($new_email)
|
|
|
|
|
->setCaption(PhabricatorUserEmail::describeAllowedAddresses())
|
|
|
|
|
->setError($e_email));
|
2012-05-07 19:29:33 +02:00
|
|
|
|
|
|
|
|
$form->appendChild($this->getRoleInstructions());
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$form
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormSelectControl())
|
|
|
|
|
->setLabel(pht('Role'))
|
|
|
|
|
->setName('role')
|
|
|
|
|
->setValue('user')
|
|
|
|
|
->setOptions(
|
|
|
|
|
array(
|
|
|
|
|
'user' => pht('Normal User'),
|
|
|
|
|
'agent' => pht('System Agent'),
|
|
|
|
|
))
|
|
|
|
|
->setCaption(
|
|
|
|
|
pht('You can create a "system agent" account for bots, '.
|
|
|
|
|
'scripts, etc.')))
|
|
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormCheckboxControl())
|
|
|
|
|
->addCheckbox(
|
|
|
|
|
'welcome',
|
|
|
|
|
1,
|
|
|
|
|
pht('Send "Welcome to Phabricator" email.'),
|
|
|
|
|
$welcome_checked));
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
|
|
|
|
|
$form
|
2011-01-24 03:09:16 +01:00
|
|
|
->appendChild(
|
|
|
|
|
id(new AphrontFormSubmitControl())
|
2014-04-02 21:06:17 +02:00
|
|
|
->addCancelButton($this->getApplicationURI())
|
2013-02-21 23:10:22 +01:00
|
|
|
->setValue(pht('Save')));
|
2011-01-24 03:09:16 +01:00
|
|
|
|
2014-04-02 21:06:17 +02:00
|
|
|
$title = pht('Create New User');
|
2011-01-24 03:09:16 +01:00
|
|
|
|
2013-09-25 20:23:29 +02:00
|
|
|
$form_box = id(new PHUIObjectBoxView())
|
2013-08-26 20:53:11 +02:00
|
|
|
->setHeaderText($title)
|
2014-01-10 18:17:37 +01:00
|
|
|
->setFormErrors($errors)
|
2013-08-26 20:53:11 +02:00
|
|
|
->setForm($form);
|
|
|
|
|
|
|
|
|
|
return array($form_box);
|
2011-05-12 19:06:54 +02:00
|
|
|
}
|
|
|
|
|
|
2012-04-09 00:10:00 +02:00
|
|
|
private function getRoleInstructions() {
|
2013-01-18 03:57:09 +01:00
|
|
|
$roles_link = phutil_tag(
|
2012-04-09 00:10:00 +02:00
|
|
|
'a',
|
|
|
|
|
array(
|
|
|
|
|
'href' => PhabricatorEnv::getDoclink(
|
2012-04-10 19:15:40 +02:00
|
|
|
'article/User_Guide_Account_Roles.html'),
|
2012-04-09 00:10:00 +02:00
|
|
|
'target' => '_blank',
|
|
|
|
|
),
|
2013-02-21 23:10:22 +01:00
|
|
|
pht('User Guide: Account Roles'));
|
2012-04-09 00:10:00 +02:00
|
|
|
|
2013-11-11 18:23:23 +01:00
|
|
|
return phutil_tag(
|
|
|
|
|
'p',
|
|
|
|
|
array('class' => 'aphront-form-instructions'),
|
|
|
|
|
pht('For a detailed explanation of account roles, see %s.', $roles_link));
|
2012-04-09 00:10:00 +02:00
|
|
|
}
|
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
