revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 11:22:40 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/people/storage/PhabricatorRegistrationProfile.php

85 lines
1.8 KiB
PHP
Raw Normal View History

New Registration Workflow Summary: Currently, registration and authentication are pretty messy. Two concrete problems: - The `PhabricatorLDAPRegistrationController` and `PhabricatorOAuthDefaultRegistrationController` controllers are giant copy/pastes of one another. This is really bad. - We can't practically implement OpenID because we can't reissue the authentication request. Additionally, the OAuth registration controller can be replaced wholesale by config, which is a huge API surface area and a giant mess. Broadly, the problem right now is that registration does too much: we hand it some set of indirect credentials (like OAuth tokens) and expect it to take those the entire way to a registered user. Instead, break registration into smaller steps: - User authenticates with remote service. - Phabricator pulls information (remote account ID, username, email, real name, profile picture, etc) from the remote service and saves it as `PhabricatorUserCredentials`. - Phabricator hands the `PhabricatorUserCredentials` to the registration form, which is agnostic about where they originate from: it can process LDAP credentials, OAuth credentials, plain old email credentials, HTTP basic auth credentials, etc. This doesn't do anything yet -- there is no way to create credentials objects (and no storage patch), but I wanted to get any initial feedback, especially about the event call for T2394. In particular, I think the implementation would look something like this: $profile = $event->getValue('profile') $username = $profile->getDefaultUsername(); $is_employee = is_this_a_facebook_employee($username); if (!$is_employee) { throw new Exception("You are not employed at Facebook."); } $fbid = get_fbid_for_facebook_username($username); $profile->setDefaultEmail($fbid); $profile->setCanEditUsername(false); $profile->setCanEditEmail(false); $profile->setCanEditRealName(false); $profile->setShouldVerifyEmail(true); Seem reasonable? Test Plan: N/A yet, probably fatals. Reviewers: vrana, btrahan, codeblock, chad Reviewed By: btrahan CC: aran, asherkin, nh, wez Maniphest Tasks: T1536, T2394 Differential Revision: https://secure.phabricator.com/D4647
2013-06-16 19:13:49 +02:00
<?php
final class PhabricatorRegistrationProfile extends Phobject {
private $defaultUsername;
private $defaultEmail;
private $defaultRealName;
private $canEditUsername;
private $canEditEmail;
private $canEditRealName;
private $shouldVerifyEmail;
public function setShouldVerifyEmail($should_verify_email) {
$this->shouldVerifyEmail = $should_verify_email;
return $this;
}
public function getShouldVerifyEmail() {
return $this->shouldVerifyEmail;
}
public function setCanEditEmail($can_edit_email) {
$this->canEditEmail = $can_edit_email;
return $this;
}
public function getCanEditEmail() {
return $this->canEditEmail;
}
public function setCanEditRealName($can_edit_real_name) {
$this->canEditRealName = $can_edit_real_name;
return $this;
}
public function getCanEditRealName() {
return $this->canEditRealName;
}
public function setCanEditUsername($can_edit_username) {
$this->canEditUsername = $can_edit_username;
return $this;
}
public function getCanEditUsername() {
return $this->canEditUsername;
}
public function setDefaultEmail($default_email) {
$this->defaultEmail = $default_email;
return $this;
}
public function getDefaultEmail() {
return $this->defaultEmail;
}
public function setDefaultRealName($default_real_name) {
$this->defaultRealName = $default_real_name;
return $this;
}
public function getDefaultRealName() {
return $this->defaultRealName;
}
public function setDefaultUsername($default_username) {
$this->defaultUsername = $default_username;
return $this;
}
public function getDefaultUsername() {
return $this->defaultUsername;
}
public function getCanEditAnything() {
return $this->getCanEditUsername() ||
$this->getCanEditEmail() ||
$this->getCanEditRealName();
}
}
Copy permalink