phorge-phorge/src/applications/auth/provider/PhabricatorAuthProviderOAuthFacebook.php

<?php

final class PhabricatorAuthProviderOAuthFacebook
  extends PhabricatorAuthProviderOAuth {

  const KEY_REQUIRE_SECURE = 'oauth:facebook:require-secure';

  public function getProviderName() {
    return pht('Facebook');
  }

  public function getDefaultProviderConfig() {
    return parent::getDefaultProviderConfig()
      ->setProperty(self::KEY_REQUIRE_SECURE, 1);
  }

  protected function newOAuthAdapter() {
    $require_secure = $this->getProviderConfig()->getProperty(
      self::KEY_REQUIRE_SECURE);

    return id(new PhutilAuthAdapterOAuthFacebook())
      ->setRequireSecureBrowsing($require_secure);
  }

  protected function getLoginIcon() {
    return 'Facebook';
  }

  public function readFormValuesFromProvider() {
    $require_secure = $this->getProviderConfig()->getProperty(
      self::KEY_REQUIRE_SECURE);

    return parent::readFormValuesFromProvider() + array(
      self::KEY_REQUIRE_SECURE => $require_secure,
    );
  }

  public function readFormValuesFromRequest(AphrontRequest $request) {
    return parent::readFormValuesFromRequest($request) + array(
      self::KEY_REQUIRE_SECURE => $request->getBool(self::KEY_REQUIRE_SECURE),
    );
  }

  public function extendEditForm(
    AphrontRequest $request,
    AphrontFormView $form,
    array $values,
    array $issues) {

    parent::extendEditForm($request, $form, $values, $issues);

    $key_require = self::KEY_REQUIRE_SECURE;
    $v_require = idx($values, $key_require);

    $form
      ->appendChild(
        id(new AphrontFormCheckboxControl())
          ->addCheckbox(
            $key_require,
            $v_require,
            pht(
              "%s ".
              "Require users to enable 'secure browsing' on Facebook in order ".
              "to use Facebook to authenticate with Phabricator. This ".
              "improves security by preventing an attacker from capturing ".
              "an insecure Facebook session and escalating it into a ".
              "Phabricator session. Enabling it is recommended.",
              hsprintf(
                '<strong>%s</strong>',
                pht('Require Secure Browsing:')))));
  }

  public function renderConfigPropertyTransactionTitle(
    PhabricatorAuthProviderConfigTransaction $xaction) {

    $author_phid = $xaction->getAuthorPHID();
    $old = $xaction->getOldValue();
    $new = $xaction->getNewValue();
    $key = $xaction->getMetadataValue(
      PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);

    switch ($key) {
      case self::KEY_REQUIRE_SECURE:
        if ($new) {
          return pht(
            '%s turned "Require Secure Browsing" on.',
            $xaction->renderHandleLink($author_phid));
        } else {
          return pht(
            '%s turned "Require Secure Browsing" off.',
            $xaction->renderHandleLink($author_phid));
        }
    }

    return parent::renderConfigPropertyTransactionTitle($xaction);
  }

  public static function getFacebookApplicationID() {
    $providers = PhabricatorAuthProvider::getAllProviders();
    $fb_provider = idx($providers, 'facebook:facebook.com');
    if (!$fb_provider) {
      return null;
    }

    return $fb_provider->getProperty(
      PhabricatorAuthProviderOAuth::PROPERTY_APP_ID);
  }

}
Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`<?php`

			`final class PhabricatorAuthProviderOAuthFacebook`
			`extends PhabricatorAuthProviderOAuth {`

Restore/respect "require secure browsing" for Facebook (phabricator) Summary: Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login. Respect the existing option, and support it in the UI. The UI part isn't reachable yet. Test Plan: {F46723} Reviewers: chad, btrahan Reviewed By: chad CC: arice, wez, aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6224 2013-06-19 00:52:01 +02:00			`const KEY_REQUIRE_SECURE = 'oauth:facebook:require-secure';`

Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`public function getProviderName() {`
			`return pht('Facebook');`
			`}`

Prepare for db-driven auth configuration by making proviers operate in dual modes Summary: Ref T1536. This sets us for the "Config -> Database" migration. Basically: - If stuff is defined in the database, respect the database stuff (no installs have anything defined yet since they can't reach the interfaces/code). - Otherwise, respect the config stuff (all installs currently do this). Test Plan: Saw database stuff respected when database stuff was defined; saw config stuff respected otherwise. Reviewers: chad, btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6240 2013-06-20 20:17:53 +02:00			`public function getDefaultProviderConfig() {`
			`return parent::getDefaultProviderConfig()`
			`->setProperty(self::KEY_REQUIRE_SECURE, 1);`
			`}`

Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`protected function newOAuthAdapter() {`
Drive auth config with the database Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff. Test Plan: - Ran the migration. - Saw all my old config brought forward and respected, with accurate settings. - Ran LDAP import. - Grepped for all removed config options. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran, wez Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6243 2013-06-20 20:18:11 +02:00			`$require_secure = $this->getProviderConfig()->getProperty(`
			`self::KEY_REQUIRE_SECURE);`

Restore/respect "require secure browsing" for Facebook (phabricator) Summary: Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login. Respect the existing option, and support it in the UI. The UI part isn't reachable yet. Test Plan: {F46723} Reviewers: chad, btrahan Reviewed By: chad CC: arice, wez, aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6224 2013-06-19 00:52:01 +02:00			`return id(new PhutilAuthAdapterOAuthFacebook())`
Drive auth config with the database Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff. Test Plan: - Ran the migration. - Saw all my old config brought forward and respected, with accurate settings. - Ran LDAP import. - Grepped for all removed config options. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran, wez Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6243 2013-06-20 20:18:11 +02:00			`->setRequireSecureBrowsing($require_secure);`
Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`}`

Add login buttons for button logins, fix LDAP form Summary: Ref T1536. Test Plan: {F46555} {F46556} Reviewers: chad, btrahan Reviewed By: chad CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6209 2013-06-17 01:31:57 +02:00			`protected function getLoginIcon() {`
			`return 'Facebook';`
			`}`

Restore/respect "require secure browsing" for Facebook (phabricator) Summary: Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login. Respect the existing option, and support it in the UI. The UI part isn't reachable yet. Test Plan: {F46723} Reviewers: chad, btrahan Reviewed By: chad CC: arice, wez, aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6224 2013-06-19 00:52:01 +02:00			`public function readFormValuesFromProvider() {`
Drive auth config with the database Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff. Test Plan: - Ran the migration. - Saw all my old config brought forward and respected, with accurate settings. - Ran LDAP import. - Grepped for all removed config options. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran, wez Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6243 2013-06-20 20:18:11 +02:00			`$require_secure = $this->getProviderConfig()->getProperty(`
			`self::KEY_REQUIRE_SECURE);`
Restore/respect "require secure browsing" for Facebook (phabricator) Summary: Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login. Respect the existing option, and support it in the UI. The UI part isn't reachable yet. Test Plan: {F46723} Reviewers: chad, btrahan Reviewed By: chad CC: arice, wez, aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6224 2013-06-19 00:52:01 +02:00
			`return parent::readFormValuesFromProvider() + array(`
			`self::KEY_REQUIRE_SECURE => $require_secure,`
			`);`
			`}`

			`public function readFormValuesFromRequest(AphrontRequest $request) {`
			`return parent::readFormValuesFromRequest($request) + array(`
			`self::KEY_REQUIRE_SECURE => $request->getBool(self::KEY_REQUIRE_SECURE),`
			`);`
			`}`

			`public function extendEditForm(`
			`AphrontRequest $request,`
			`AphrontFormView $form,`
			`array $values,`
			`array $issues) {`

			`parent::extendEditForm($request, $form, $values, $issues);`

			`$key_require = self::KEY_REQUIRE_SECURE;`
			`$v_require = idx($values, $key_require);`

			`$form`
			`->appendChild(`
			`id(new AphrontFormCheckboxControl())`
			`->addCheckbox(`
			`$key_require,`
			`$v_require,`
			`pht(`
			`"%s ".`
			`"Require users to enable 'secure browsing' on Facebook in order ".`
			`"to use Facebook to authenticate with Phabricator. This ".`
			`"improves security by preventing an attacker from capturing ".`
			`"an insecure Facebook session and escalating it into a ".`
			`"Phabricator session. Enabling it is recommended.",`
			`hsprintf(`
			`'<strong>%s</strong>',`
			`pht('Require Secure Browsing:')))));`
			`}`

			`public function renderConfigPropertyTransactionTitle(`
			`PhabricatorAuthProviderConfigTransaction $xaction) {`

			`$author_phid = $xaction->getAuthorPHID();`
			`$old = $xaction->getOldValue();`
			`$new = $xaction->getNewValue();`
			`$key = $xaction->getMetadataValue(`
			`PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);`

			`switch ($key) {`
			`case self::KEY_REQUIRE_SECURE:`
			`if ($new) {`
			`return pht(`
			`'%s turned "Require Secure Browsing" on.',`
			`$xaction->renderHandleLink($author_phid));`
			`} else {`
			`return pht(`
			`'%s turned "Require Secure Browsing" off.',`
			`$xaction->renderHandleLink($author_phid));`
			`}`
			`}`

			`return parent::renderConfigPropertyTransactionTitle($xaction);`
			`}`

Drive auth config with the database Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff. Test Plan: - Ran the migration. - Saw all my old config brought forward and respected, with accurate settings. - Ran LDAP import. - Grepped for all removed config options. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran, wez Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6243 2013-06-20 20:18:11 +02:00			`public static function getFacebookApplicationID() {`
			`$providers = PhabricatorAuthProvider::getAllProviders();`
			`$fb_provider = idx($providers, 'facebook:facebook.com');`
			`if (!$fb_provider) {`
			`return null;`
			`}`

			`return $fb_provider->getProperty(`
			`PhabricatorAuthProviderOAuth::PROPERTY_APP_ID);`
			`}`
Restore/respect "require secure browsing" for Facebook (phabricator) Summary: Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login. Respect the existing option, and support it in the UI. The UI part isn't reachable yet. Test Plan: {F46723} Reviewers: chad, btrahan Reviewed By: chad CC: arice, wez, aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6224 2013-06-19 00:52:01 +02:00
Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`}`