2011-01-24 03:09:16 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright 2011 Facebook, Inc.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
class PhabricatorPeopleEditController extends PhabricatorPeopleController {
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
public function shouldRequireAdmin() {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
private $id;
|
|
|
|
private $view;
|
2011-01-24 03:09:16 +01:00
|
|
|
|
|
|
|
public function willProcessRequest(array $data) {
|
2011-05-12 19:06:54 +02:00
|
|
|
$this->id = idx($data, 'id');
|
|
|
|
$this->view = idx($data, 'view');
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
public function processRequest() {
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$request = $this->getRequest();
|
|
|
|
$admin = $request->getUser();
|
2011-02-20 01:46:14 +01:00
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
if ($this->id) {
|
|
|
|
$user = id(new PhabricatorUser())->load($this->id);
|
2011-01-24 03:09:16 +01:00
|
|
|
if (!$user) {
|
|
|
|
return new Aphront404Response();
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$user = new PhabricatorUser();
|
|
|
|
}
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$views = array(
|
|
|
|
'basic' => 'Basic Information',
|
|
|
|
'role' => 'Edit Role',
|
2011-05-17 22:15:19 +02:00
|
|
|
'cert' => 'Conduit Certificate',
|
2011-05-12 19:06:54 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
if (!$user->getID()) {
|
|
|
|
$view = 'basic';
|
|
|
|
} else if (isset($views[$this->view])) {
|
|
|
|
$view = $this->view;
|
|
|
|
} else {
|
|
|
|
$view = 'basic';
|
|
|
|
}
|
|
|
|
|
|
|
|
$content = array();
|
|
|
|
|
|
|
|
if ($request->getStr('saved')) {
|
|
|
|
$notice = new AphrontErrorView();
|
|
|
|
$notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
|
2011-06-29 18:59:50 +02:00
|
|
|
$notice->setTitle('Changes Saved');
|
2011-05-12 19:06:54 +02:00
|
|
|
$notice->appendChild('<p>Your changes were saved.</p>');
|
|
|
|
$content[] = $notice;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch ($view) {
|
|
|
|
case 'basic':
|
|
|
|
$response = $this->processBasicRequest($user);
|
|
|
|
break;
|
|
|
|
case 'role':
|
|
|
|
$response = $this->processRoleRequest($user);
|
|
|
|
break;
|
2011-05-17 22:15:19 +02:00
|
|
|
case 'cert':
|
|
|
|
$response = $this->processCertificateRequest($user);
|
|
|
|
break;
|
2011-05-12 19:06:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($response instanceof AphrontResponse) {
|
|
|
|
return $response;
|
|
|
|
}
|
|
|
|
|
|
|
|
$content[] = $response;
|
|
|
|
|
|
|
|
if ($user->getID()) {
|
|
|
|
$side_nav = new AphrontSideNavView();
|
|
|
|
$side_nav->appendChild($content);
|
|
|
|
foreach ($views as $key => $name) {
|
|
|
|
$side_nav->addNavItem(
|
|
|
|
phutil_render_tag(
|
|
|
|
'a',
|
|
|
|
array(
|
|
|
|
'href' => '/people/edit/'.$user->getID().'/'.$key.'/',
|
|
|
|
'class' => ($key == $view)
|
|
|
|
? 'aphront-side-nav-selected'
|
|
|
|
: null,
|
|
|
|
),
|
|
|
|
phutil_escape_html($name)));
|
|
|
|
}
|
|
|
|
$content = $side_nav;
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->buildStandardPageResponse(
|
|
|
|
$content,
|
|
|
|
array(
|
|
|
|
'title' => 'Edit User',
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
private function processBasicRequest(PhabricatorUser $user) {
|
|
|
|
$request = $this->getRequest();
|
|
|
|
$admin = $request->getUser();
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
$e_username = true;
|
|
|
|
$e_realname = true;
|
|
|
|
$e_email = true;
|
|
|
|
$errors = array();
|
|
|
|
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$welcome_checked = true;
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
$request = $this->getRequest();
|
|
|
|
if ($request->isFormPost()) {
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$welcome_checked = $request->getInt('welcome');
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
if (!$user->getID()) {
|
|
|
|
$user->setUsername($request->getStr('username'));
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$user->setEmail($request->getStr('email'));
|
|
|
|
|
|
|
|
if ($request->getStr('role') == 'agent') {
|
|
|
|
$user->setIsSystemAgent(true);
|
|
|
|
}
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
$user->setRealName($request->getStr('realname'));
|
|
|
|
|
|
|
|
if (!strlen($user->getUsername())) {
|
|
|
|
$errors[] = "Username is required.";
|
|
|
|
$e_username = 'Required';
|
|
|
|
} else if (!preg_match('/^[a-z0-9]+$/', $user->getUsername())) {
|
|
|
|
$errors[] = "Username must consist of only numbers and letters.";
|
|
|
|
$e_username = 'Invalid';
|
2011-05-12 19:06:54 +02:00
|
|
|
} else {
|
|
|
|
$e_username = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!strlen($user->getRealName())) {
|
|
|
|
$errors[] = 'Real name is required.';
|
|
|
|
$e_realname = 'Required';
|
2011-05-12 19:06:54 +02:00
|
|
|
} else {
|
|
|
|
$e_realname = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!strlen($user->getEmail())) {
|
|
|
|
$errors[] = 'Email is required.';
|
|
|
|
$e_email = 'Required';
|
2011-05-12 19:06:54 +02:00
|
|
|
} else {
|
|
|
|
$e_email = null;
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!$errors) {
|
2011-05-12 19:06:54 +02:00
|
|
|
try {
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
$is_new = !$user->getID();
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$user->save();
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
if ($is_new) {
|
|
|
|
$log = PhabricatorUserLog::newLog(
|
|
|
|
$admin,
|
|
|
|
$user,
|
|
|
|
PhabricatorUserLog::ACTION_CREATE);
|
|
|
|
$log->save();
|
|
|
|
|
|
|
|
if ($welcome_checked) {
|
|
|
|
$admin_username = $admin->getUserName();
|
|
|
|
$admin_realname = $admin->getRealName();
|
|
|
|
$user_username = $user->getUserName();
|
|
|
|
|
|
|
|
$base_uri = PhabricatorEnv::getProductionURI('/');
|
|
|
|
|
|
|
|
$uri = $user->getEmailLoginURI();
|
|
|
|
$body = <<<EOBODY
|
|
|
|
Welcome to Phabricator!
|
|
|
|
|
|
|
|
{$admin_username} ({$admin_realname}) has created an account for you.
|
|
|
|
|
|
|
|
Username: {$user_username}
|
|
|
|
|
|
|
|
To login to Phabricator, follow this link and set a password:
|
|
|
|
|
|
|
|
{$uri}
|
|
|
|
|
|
|
|
After you have set a password, you can login in the future by going here:
|
|
|
|
|
|
|
|
{$base_uri}
|
|
|
|
|
|
|
|
Love,
|
|
|
|
Phabricator
|
|
|
|
|
|
|
|
EOBODY;
|
|
|
|
$mail = id(new PhabricatorMetaMTAMail())
|
|
|
|
->addTos(array($user->getPHID()))
|
|
|
|
->setSubject('[Phabricator] Welcome to Phabricator')
|
|
|
|
->setBody($body)
|
|
|
|
->setFrom($admin->getPHID())
|
|
|
|
->saveAndSend();
|
|
|
|
}
|
|
|
|
}
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
$response = id(new AphrontRedirectResponse())
|
|
|
|
->setURI('/people/edit/'.$user->getID().'/?saved=true');
|
|
|
|
return $response;
|
|
|
|
} catch (AphrontQueryDuplicateKeyException $ex) {
|
|
|
|
$errors[] = 'Username and email must be unique.';
|
|
|
|
|
|
|
|
$same_username = id(new PhabricatorUser())
|
|
|
|
->loadOneWhere('username = %s', $user->getUsername());
|
|
|
|
$same_email = id(new PhabricatorUser())
|
|
|
|
->loadOneWhere('email = %s', $user->getEmail());
|
|
|
|
|
|
|
|
if ($same_username) {
|
|
|
|
$e_username = 'Duplicate';
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($same_email) {
|
|
|
|
$e_email = 'Duplicate';
|
|
|
|
}
|
|
|
|
}
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$error_view = null;
|
|
|
|
if ($errors) {
|
|
|
|
$error_view = id(new AphrontErrorView())
|
|
|
|
->setTitle('Form Errors')
|
|
|
|
->setErrors($errors);
|
|
|
|
}
|
|
|
|
|
|
|
|
$form = new AphrontFormView();
|
2011-05-12 19:06:54 +02:00
|
|
|
$form->setUser($admin);
|
|
|
|
if ($user->getID()) {
|
|
|
|
$form->setAction('/people/edit/'.$user->getID().'/');
|
2011-01-24 03:09:16 +01:00
|
|
|
} else {
|
|
|
|
$form->setAction('/people/edit/');
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($user->getID()) {
|
|
|
|
$is_immutable = true;
|
|
|
|
} else {
|
|
|
|
$is_immutable = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$form
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel('Username')
|
|
|
|
->setName('username')
|
|
|
|
->setValue($user->getUsername())
|
|
|
|
->setError($e_username)
|
|
|
|
->setDisabled($is_immutable)
|
|
|
|
->setCaption('Usernames are permanent and can not be changed later!'))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel('Real Name')
|
|
|
|
->setName('realname')
|
|
|
|
->setValue($user->getRealName())
|
|
|
|
->setError($e_realname))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel('Email')
|
|
|
|
->setName('email')
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
->setDisabled($is_immutable)
|
2011-01-24 03:09:16 +01:00
|
|
|
->setValue($user->getEmail())
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
->setError($e_email));
|
|
|
|
|
|
|
|
if (!$user->getID()) {
|
|
|
|
$form
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSelectControl())
|
|
|
|
->setLabel('Role')
|
|
|
|
->setName('role')
|
|
|
|
->setValue('user')
|
|
|
|
->setOptions(
|
|
|
|
array(
|
|
|
|
'user' => 'Normal User',
|
|
|
|
'agent' => 'System Agent',
|
|
|
|
))
|
|
|
|
->setCaption(
|
|
|
|
'You can create a "system agent" account for bots, scripts, '.
|
|
|
|
'etc.'))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormCheckboxControl())
|
|
|
|
->addCheckbox(
|
|
|
|
'welcome',
|
|
|
|
1,
|
|
|
|
'Send "Welcome to Phabricator" email.',
|
|
|
|
$welcome_checked));
|
|
|
|
} else {
|
|
|
|
$form->appendChild(
|
|
|
|
id(new AphrontFormStaticControl())
|
|
|
|
->setLabel('Role')
|
|
|
|
->setValue(
|
|
|
|
$user->getIsSystemAgent()
|
|
|
|
? 'System Agent'
|
|
|
|
: 'Normal User'));
|
|
|
|
}
|
|
|
|
|
|
|
|
$form
|
2011-01-24 03:09:16 +01:00
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSubmitControl())
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
->setValue('Save'));
|
2011-01-24 03:09:16 +01:00
|
|
|
|
|
|
|
$panel = new AphrontPanelView();
|
|
|
|
if ($user->getID()) {
|
|
|
|
$panel->setHeader('Edit User');
|
|
|
|
} else {
|
|
|
|
$panel->setHeader('Create New User');
|
|
|
|
}
|
|
|
|
|
|
|
|
$panel->appendChild($form);
|
|
|
|
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
return array($error_view, $panel);
|
|
|
|
}
|
|
|
|
|
|
|
|
private function processRoleRequest(PhabricatorUser $user) {
|
|
|
|
$request = $this->getRequest();
|
|
|
|
$admin = $request->getUser();
|
|
|
|
|
|
|
|
$is_self = ($user->getID() == $admin->getID());
|
|
|
|
|
|
|
|
$errors = array();
|
|
|
|
|
|
|
|
if ($request->isFormPost()) {
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
|
|
|
|
$log_template = PhabricatorUserLog::newLog(
|
|
|
|
$admin,
|
|
|
|
$user,
|
|
|
|
null);
|
|
|
|
|
|
|
|
$logs = array();
|
|
|
|
|
2011-05-12 19:06:54 +02:00
|
|
|
if ($is_self) {
|
|
|
|
$errors[] = "You can not edit your own role.";
|
|
|
|
} else {
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
$new_admin = (bool)$request->getBool('is_admin');
|
|
|
|
$old_admin = (bool)$user->getIsAdmin();
|
|
|
|
if ($new_admin != $old_admin) {
|
|
|
|
$log = clone $log_template;
|
|
|
|
$log->setAction(PhabricatorUserLog::ACTION_ADMIN);
|
|
|
|
$log->setOldValue($old_admin);
|
|
|
|
$log->setNewValue($new_admin);
|
|
|
|
$user->setIsAdmin($new_admin);
|
|
|
|
$logs[] = $log;
|
|
|
|
}
|
|
|
|
|
|
|
|
$new_disabled = (bool)$request->getBool('is_disabled');
|
|
|
|
$old_disabled = (bool)$user->getIsDisabled();
|
|
|
|
if ($new_disabled != $old_disabled) {
|
|
|
|
$log = clone $log_template;
|
|
|
|
$log->setAction(PhabricatorUserLog::ACTION_DISABLE);
|
|
|
|
$log->setOldValue($old_disabled);
|
|
|
|
$log->setNewValue($new_disabled);
|
|
|
|
$user->setIsDisabled($new_disabled);
|
|
|
|
$logs[] = $log;
|
|
|
|
}
|
2011-05-12 19:06:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!$errors) {
|
|
|
|
$user->save();
|
Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
2011-05-18 03:42:21 +02:00
|
|
|
foreach ($logs as $log) {
|
|
|
|
$log->save();
|
|
|
|
}
|
2011-05-12 19:06:54 +02:00
|
|
|
return id(new AphrontRedirectResponse())
|
|
|
|
->setURI($request->getRequestURI()->alter('saved', 'true'));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$error_view = null;
|
|
|
|
if ($errors) {
|
|
|
|
$error_view = id(new AphrontErrorView())
|
|
|
|
->setTitle('Form Errors')
|
|
|
|
->setErrors($errors);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$form = id(new AphrontFormView())
|
|
|
|
->setUser($admin)
|
|
|
|
->setAction($request->getRequestURI()->alter('saved', null));
|
|
|
|
|
|
|
|
if ($is_self) {
|
|
|
|
$form->appendChild(
|
|
|
|
'<p class="aphront-form-instructions">NOTE: You can not edit your own '.
|
|
|
|
'role.</p>');
|
|
|
|
}
|
|
|
|
|
|
|
|
$form
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormCheckboxControl())
|
|
|
|
->addCheckbox(
|
|
|
|
'is_admin',
|
|
|
|
1,
|
|
|
|
'Admin: wields absolute power.',
|
|
|
|
$user->getIsAdmin())
|
|
|
|
->setDisabled($is_self))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormCheckboxControl())
|
|
|
|
->addCheckbox(
|
|
|
|
'is_disabled',
|
|
|
|
1,
|
|
|
|
'Disabled: can not login.',
|
|
|
|
$user->getIsDisabled())
|
|
|
|
->setDisabled($is_self));
|
|
|
|
|
|
|
|
if (!$is_self) {
|
|
|
|
$form
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormSubmitControl())
|
|
|
|
->setValue('Edit Role'));
|
|
|
|
}
|
|
|
|
|
|
|
|
$panel = new AphrontPanelView();
|
|
|
|
$panel->setHeader('Edit Role');
|
|
|
|
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
|
|
|
|
$panel->appendChild($form);
|
|
|
|
|
|
|
|
return array($error_view, $panel);
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|
|
|
|
|
2011-05-17 22:15:19 +02:00
|
|
|
private function processCertificateRequest($user) {
|
|
|
|
$request = $this->getRequest();
|
|
|
|
$admin = $request->getUser();
|
|
|
|
|
|
|
|
|
|
|
|
$form = new AphrontFormView();
|
|
|
|
$form
|
|
|
|
->setUser($admin)
|
|
|
|
->setAction($request->getRequestURI())
|
|
|
|
->appendChild(
|
|
|
|
'<p class="aphront-form-instructions">You can use this certificate '.
|
|
|
|
'to write scripts or bots which interface with Phabricator over '.
|
|
|
|
'Conduit.</p>');
|
|
|
|
|
|
|
|
if ($user->getIsSystemAgent()) {
|
|
|
|
$form
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextControl())
|
|
|
|
->setLabel('Username')
|
|
|
|
->setValue($user->getUsername()))
|
|
|
|
->appendChild(
|
|
|
|
id(new AphrontFormTextAreaControl())
|
|
|
|
->setLabel('Certificate')
|
|
|
|
->setValue($user->getConduitCertificate()));
|
|
|
|
} else {
|
|
|
|
$form->appendChild(
|
|
|
|
id(new AphrontFormStaticControl())
|
|
|
|
->setLabel('Certificate')
|
|
|
|
->setValue(
|
Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-30 23:59:17 +02:00
|
|
|
'You may only view the certificates of System Agents.'));
|
2011-05-17 22:15:19 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$panel = new AphrontPanelView();
|
|
|
|
$panel->setHeader('Conduit Certificate');
|
|
|
|
$panel->setWidth(AphrontPanelView::WIDTH_FORM);
|
|
|
|
|
|
|
|
$panel->appendChild($form);
|
|
|
|
|
|
|
|
return array($panel);
|
|
|
|
}
|
|
|
|
|
2011-01-24 03:09:16 +01:00
|
|
|
}
|