phorge-phorge/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php

<?php

final class PhabricatorAuthenticationConfigOptions
  extends PhabricatorApplicationConfigOptions {

  public function getName() {
    return pht("Authentication");
  }

  public function getDescription() {
    return pht("Options relating to authentication.");
  }

  public function getOptions() {
    return array(
      $this->newOption('auth.require-email-verification', 'bool', false)
        ->setBoolOptions(
          array(
            pht("Require email verification"),
            pht("Don't require email verification")
          ))
        ->setSummary(
          pht("Require email verification before a user can log in."))
        ->setDescription(
          pht(
            "If true, email addresses must be verified (by clicking a link ".
            "in an email) before a user can login. By default, verification ".
            "is optional unless {{auth.email-domains}} is nonempty.")),
      $this->newOption('auth.require-approval', 'bool', true)
        ->setBoolOptions(
          array(
            pht("Require Administrators to Approve Accounts"),
            pht("Don't Require Manual Approval"),
          ))
        ->setSummary(
          pht("Require administrators to approve new accounts."))
        ->setDescription(
          pht(
            "Newly registered Phabricator accounts can either be placed ".
            "into a manual approval queue for administrative review, or ".
            "automatically activated immediately. The approval queue is ".
            "enabled by default because it gives you greater control over ".
            "who can register an account and access Phabricator.\n\n".
            "If your install is completely public, or on a VPN, or users can ".
            "only register with a trusted provider like LDAP, or you've ".
            "otherwise configured Phabricator to prevent unauthorized ".
            "registration, you can disable the queue to reduce administrative ".
            "overhead.\n\n".
            "NOTE: Before you disable the queue, make sure ".
            "{{auth.email-domains}} is configured correctly for your ".
            "install!")),
      $this->newOption('auth.email-domains', 'list<string>', array())
        ->setSummary(pht("Only allow registration from particular domains."))
        ->setDescription(
          pht(
            "You can restrict allowed email addresses to certain domains ".
            "(like `yourcompany.com`) by setting a list of allowed domains ".
            "here.\n\nUsers will only be allowed to register using email ".
            "addresses at one of the domains, and will only be able to add ".
            "new email addresses for these domains. If you configure this, ".
            "it implies {{auth.require-email-verification}}.\n\n".
            "You should omit the `@` from domains. Note that the domain must ".
            "match exactly. If you allow `yourcompany.com`, that permits ".
            "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`."))
        ->addExample(
          "yourcompany.com\nmail.yourcompany.com",
          pht('Valid Setting')),
      $this->newOption('auth.login-message', 'string', null)
        ->setLocked(true)
        ->setSummary(pht("A block of HTML displayed on the login screen."))
        ->setDescription(
          pht(
            "You can provide an arbitrary block of HTML here, which will ".
            "appear on the login screen. Normally, you'd use this to provide ".
            "login or registration instructions to users.")),
      $this->newOption('account.editable', 'bool', true)
        ->setBoolOptions(
          array(
            pht("Allow editing"),
            pht("Prevent editing")
          ))
        ->setSummary(
          pht(
            "Determines whether or not basic account information is ".
            "editable."))
        ->setDescription(
          pht(
            "Is basic account information (email, real name, profile ".
            "picture) editable? If you set up Phabricator to automatically ".
            "synchronize account information from some other authoritative ".
            "system, you can disable this to ensure information remains ".
            "consistent across both systems.")),
      $this->newOption('account.minimum-password-length', 'int', 8)
        ->setSummary(pht("Minimum password length."))
        ->setDescription(
          pht(
            "When users set or reset a password, it must have at least this ".
            "many characters.")),
    );
  }

}
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`<?php`

			`final class PhabricatorAuthenticationConfigOptions`
			`extends PhabricatorApplicationConfigOptions {`

			`public function getName() {`
			`return pht("Authentication");`
			`}`

			`public function getDescription() {`
			`return pht("Options relating to authentication.");`
			`}`

			`public function getOptions() {`
			`return array(`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`$this->newOption('auth.require-email-verification', 'bool', false)`
Default to "True" and "False" for bool options. Summary: Rather than throwing if we don't `setOptions()`, let's just default to `true` and `false`. Test Plan: Removed a `setOptions()` call temporarily and saw options default to `true` / `false`. Reviewers: epriestley, btrahan, chad Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4368 2013-01-09 17:14:26 +01:00			`->setBoolOptions(`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`array(`
			`pht("Require email verification"),`
Fix reversed order of boolean config options. Summary: See discussion in D4355, this fixes reversed bool logic. Test Plan: - Quickly viewed in the web interface to make sure it didn't break anything. - Saved `ldap.auth-enabled` with correct boolean value in the db. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4357 2013-01-07 22:50:03 +01:00			`pht("Don't require email verification")`
			`))`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->setSummary(`
			`pht("Require email verification before a user can log in."))`
			`->setDescription(`
			`pht(`
			`"If true, email addresses must be verified (by clicking a link ".`
			`"in an email) before a user can login. By default, verification ".`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`"is optional unless {{auth.email-domains}} is nonempty.")),`
			`$this->newOption('auth.require-approval', 'bool', true)`
			`->setBoolOptions(`
			`array(`
			`pht("Require Administrators to Approve Accounts"),`
			`pht("Don't Require Manual Approval"),`
			`))`
			`->setSummary(`
			`pht("Require administrators to approve new accounts."))`
			`->setDescription(`
			`pht(`
			`"Newly registered Phabricator accounts can either be placed ".`
			`"into a manual approval queue for administrative review, or ".`
			`"automatically activated immediately. The approval queue is ".`
			`"enabled by default because it gives you greater control over ".`
			`"who can register an account and access Phabricator.\n\n".`
			`"If your install is completely public, or on a VPN, or users can ".`
			`"only register with a trusted provider like LDAP, or you've ".`
			`"otherwise configured Phabricator to prevent unauthorized ".`
			`"registration, you can disable the queue to reduce administrative ".`
			`"overhead.\n\n".`
			`"NOTE: Before you disable the queue, make sure ".`
			`"{{auth.email-domains}} is configured correctly for your ".`
			`"install!")),`
			`$this->newOption('auth.email-domains', 'list<string>', array())`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->setSummary(pht("Only allow registration from particular domains."))`
			`->setDescription(`
			`pht(`
			`"You can restrict allowed email addresses to certain domains ".`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			"(like `yourcompany.com`) by setting a list of allowed domains ".
			`"here.\n\nUsers will only be allowed to register using email ".`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`"addresses at one of the domains, and will only be able to add ".`
			`"new email addresses for these domains. If you configure this, ".`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`"it implies {{auth.require-email-verification}}.\n\n".`
			"You should omit the `@` from domains. Note that the domain must ".
			"match exactly. If you allow `yourcompany.com`, that permits ".
			"`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`."))
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->addExample(`
			`"yourcompany.com\nmail.yourcompany.com",`
			`pht('Valid Setting')),`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`$this->newOption('auth.login-message', 'string', null)`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->setLocked(true)`
			`->setSummary(pht("A block of HTML displayed on the login screen."))`
			`->setDescription(`
			`pht(`
			`"You can provide an arbitrary block of HTML here, which will ".`
			`"appear on the login screen. Normally, you'd use this to provide ".`
			`"login or registration instructions to users.")),`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`$this->newOption('account.editable', 'bool', true)`
Default to "True" and "False" for bool options. Summary: Rather than throwing if we don't `setOptions()`, let's just default to `true` and `false`. Test Plan: Removed a `setOptions()` call temporarily and saw options default to `true` / `false`. Reviewers: epriestley, btrahan, chad Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4368 2013-01-09 17:14:26 +01:00			`->setBoolOptions(`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`array(`
			`pht("Allow editing"),`
Fix reversed order of boolean config options. Summary: See discussion in D4355, this fixes reversed bool logic. Test Plan: - Quickly viewed in the web interface to make sure it didn't break anything. - Saved `ldap.auth-enabled` with correct boolean value in the db. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4357 2013-01-07 22:50:03 +01:00			`pht("Prevent editing")`
			`))`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->setSummary(`
			`pht(`
			`"Determines whether or not basic account information is ".`
			`"editable."))`
			`->setDescription(`
			`pht(`
			`"Is basic account information (email, real name, profile ".`
			`"picture) editable? If you set up Phabricator to automatically ".`
			`"synchronize account information from some other authoritative ".`
			`"system, you can disable this to ensure information remains ".`
			`"consistent across both systems.")),`
Implement an approval queue Summary: - Add an option for the queue. - By default, enable it. - Dump new users into the queue. - Send admins an email to approve them. Test Plan: - Registered new accounts with queue on and off. - As an admin, approved accounts and disabled the queue from email. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7576 2013-11-13 20:24:56 +01:00			`$this->newOption('account.minimum-password-length', 'int', 8)`
First go at Authentication config options. Test Plan: Looked at them in the web UI. Reviewers: epriestley, chad, btrahan Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2255 Differential Revision: https://secure.phabricator.com/D4355 2013-01-07 21:48:39 +01:00			`->setSummary(pht("Minimum password length."))`
			`->setDescription(`
			`pht(`
			`"When users set or reset a password, it must have at least this ".`
			`"many characters.")),`
			`);`
			`}`

			`}`