phorge-phorge/src/applications/auth/controller/PhabricatorAuthStartController.php

<?php

final class PhabricatorAuthStartController
  extends PhabricatorAuthController {

  public function shouldRequireLogin() {
    return false;
  }

  public function processRequest() {
    $request = $this->getRequest();
    $viewer = $request->getUser();

    if ($viewer->isLoggedIn()) {
      // Kick the user home if they are already logged in.
      return id(new AphrontRedirectResponse())->setURI('/');
    }

    if ($request->isAjax()) {
      return $this->processAjaxRequest();
    }

    if ($request->isConduit()) {
      return $this->processConduitRequest();
    }

    if ($request->getCookie('phusr') && $request->getCookie('phsid')) {
      // The session cookie is invalid, so clear it.
      $request->clearCookie('phusr');
      $request->clearCookie('phsid');

      return $this->renderError(
        pht(
          "Your login session is invalid. Try reloading the page and logging ".
          "in again. If that does not work, clear your browser cookies."));
    }


    $providers = PhabricatorAuthProvider::getAllEnabledProviders();
    foreach ($providers as $key => $provider) {
      if (!$provider->shouldAllowLogin()) {
        unset($providers[$key]);
      }
    }

    if (!$providers) {
      return $this->renderError(
        pht(
          "This Phabricator install is not configured with any enabled ".
          "authentication providers which can be used to log in."));
    }

    $next_uri = $request->getStr('next');
    if (!$next_uri) {
      $next_uri_path = $this->getRequest()->getPath();
      if ($next_uri_path == '/auth/start/') {
        $next_uri = '/';
      } else {
        $next_uri = $this->getRequest()->getRequestURI();
      }
    }

    if (!$request->isFormPost()) {
      $request->setCookie('next_uri', $next_uri);
    }

    $out = array();
    foreach ($providers as $provider) {
      $out[] = $provider->buildLoginForm($this);
    }

    $login_message = PhabricatorEnv::getEnvConfig('auth.login-message');
    $login_message = phutil_safe_html($login_message);

    $crumbs = $this->buildApplicationCrumbs();
    $crumbs->addCrumb(
      id(new PhabricatorCrumbView())
        ->setName(pht('Login')));

    return $this->buildApplicationPage(
      array(
        $crumbs,
        $login_message,
        $out,
      ),
      array(
        'title' => pht('Login to Phabricator'),
        'device' => true,
        'dust' => true,
      ));
  }


  private function processAjaxRequest() {
    $request = $this->getRequest();
    $viewer = $request->getViewer();

    // We end up here if the user clicks a workflow link that they need to
    // login to use. We give them a dialog saying "You need to login...".

    if ($request->isDialogFormPost()) {
      return id(new AphrontRedirectResponse())->setURI(
        $request->getRequestURI());
    }

    $dialog = new AphrontDialogView();
    $dialog->setUser($viewer);
    $dialog->setTitle(pht('Login Required'));
    $dialog->appendChild(pht('You must login to continue.'));
    $dialog->addSubmitButton(pht('Login'));
    $dialog->addCancelButton('/');

    return id(new AphrontDialogResponse())->setDialog($dialog);
  }


  private function processConduitRequest() {
    $request = $this->getRequest();
    $viewer = $request->getViewer();

    // A common source of errors in Conduit client configuration is getting
    // the request path wrong. The client will end up here, so make some
    // effort to give them a comprehensible error message.

    $request_path = $this->getRequest()->getPath();
    $conduit_path = '/api/<method>';
    $example_path = '/api/conduit.ping';

    $message = pht(
      'ERROR: You are making a Conduit API request to "%s", but the correct '.
      'HTTP request path to use in order to access a COnduit method is "%s" '.
      '(for example, "%s"). Check your configuration.',
      $request_path,
      $conduit_path,
      $example_path);

    return id(new AphrontPlainTextResponse())->setContent($message);
  }

  private function renderError($message) {
    return $this->renderErrorPage(
      pht('Authentication Failure'),
      array($message));
  }

}
Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`<?php`

			`final class PhabricatorAuthStartController`
			`extends PhabricatorAuthController {`

			`public function shouldRequireLogin() {`
			`return false;`
			`}`

			`public function processRequest() {`
			`$request = $this->getRequest();`
			`$viewer = $request->getUser();`

			`if ($viewer->isLoggedIn()) {`
			`// Kick the user home if they are already logged in.`
			`return id(new AphrontRedirectResponse())->setURI('/');`
			`}`

			`if ($request->isAjax()) {`
			`return $this->processAjaxRequest();`
			`}`

			`if ($request->isConduit()) {`
			`return $this->processConduitRequest();`
			`}`

			`if ($request->getCookie('phusr') && $request->getCookie('phsid')) {`
			`// The session cookie is invalid, so clear it.`
			`$request->clearCookie('phusr');`
			`$request->clearCookie('phsid');`

			`return $this->renderError(`
			`pht(`
			`"Your login session is invalid. Try reloading the page and logging ".`
			`"in again. If that does not work, clear your browser cookies."));`
			`}`


			`$providers = PhabricatorAuthProvider::getAllEnabledProviders();`
			`foreach ($providers as $key => $provider) {`
			`if (!$provider->shouldAllowLogin()) {`
			`unset($providers[$key]);`
			`}`
			`}`

			`if (!$providers) {`
			`return $this->renderError(`
			`pht(`
			`"This Phabricator install is not configured with any enabled ".`
			`"authentication providers which can be used to log in."));`
			`}`

			`$next_uri = $request->getStr('next');`
			`if (!$next_uri) {`
			`$next_uri_path = $this->getRequest()->getPath();`
			`if ($next_uri_path == '/auth/start/') {`
			`$next_uri = '/';`
			`} else {`
			`$next_uri = $this->getRequest()->getRequestURI();`
			`}`
			`}`

			`if (!$request->isFormPost()) {`
			`$request->setCookie('next_uri', $next_uri);`
			`}`

			`$out = array();`
			`foreach ($providers as $provider) {`
			`$out[] = $provider->buildLoginForm($this);`
			`}`

			`$login_message = PhabricatorEnv::getEnvConfig('auth.login-message');`
			`$login_message = phutil_safe_html($login_message);`

			`$crumbs = $this->buildApplicationCrumbs();`
			`$crumbs->addCrumb(`
			`id(new PhabricatorCrumbView())`
			`->setName(pht('Login')));`

			`return $this->buildApplicationPage(`
			`array(`
			`$crumbs,`
			`$login_message,`
			`$out,`
			`),`
			`array(`
			`'title' => pht('Login to Phabricator'),`
			`'device' => true,`
			`'dust' => true,`
			`));`
			`}`


			`private function processAjaxRequest() {`
			`$request = $this->getRequest();`
			`$viewer = $request->getViewer();`

			`// We end up here if the user clicks a workflow link that they need to`
			`// login to use. We give them a dialog saying "You need to login...".`

			`if ($request->isDialogFormPost()) {`
			`return id(new AphrontRedirectResponse())->setURI(`
			`$request->getRequestURI());`
			`}`

			`$dialog = new AphrontDialogView();`
			`$dialog->setUser($viewer);`
			`$dialog->setTitle(pht('Login Required'));`
			`$dialog->appendChild(pht('You must login to continue.'));`
			`$dialog->addSubmitButton(pht('Login'));`
			`$dialog->addCancelButton('/');`

			`return id(new AphrontDialogResponse())->setDialog($dialog);`
			`}`


			`private function processConduitRequest() {`
			`$request = $this->getRequest();`
			`$viewer = $request->getViewer();`

			`// A common source of errors in Conduit client configuration is getting`
			`// the request path wrong. The client will end up here, so make some`
			`// effort to give them a comprehensible error message.`

			`$request_path = $this->getRequest()->getPath();`
			`$conduit_path = '/api/<method>';`
			`$example_path = '/api/conduit.ping';`

			`$message = pht(`
			`'ERROR: You are making a Conduit API request to "%s", but the correct '.`
			`'HTTP request path to use in order to access a COnduit method is "%s" '.`
			`'(for example, "%s"). Check your configuration.',`
			`$request_path,`
			`$conduit_path,`
			`$example_path);`

			`return id(new AphrontPlainTextResponse())->setContent($message);`
			`}`

			`private function renderError($message) {`
Implement new auth login flow and login validation controller Summary: Ref T1536. None of this code is reachable. Implements new-auth login (so you can actually login) and login validation (which checks that cookies were set correctly). Test Plan: Manually enabled FB auth, went through the auth flow to login/logout. Manually hit most of the validation errors. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6162 2013-06-16 19:15:33 +02:00			`return $this->renderErrorPage(`
			`pht('Authentication Failure'),`
			`array($message));`
Provide start screen and full registration flow on the new auth stuff Summary: Ref T1536. Code is intentionally made unreachable (see PhabricatorAuthProviderOAuthFacebook->isEnabled()). This adds: - A provider-driven "start" screen (this has the list of ways you can login/register). - Registration actually works. - Facebook OAuth works. @chad, do you have any design ideas on the start screen? I think we poked at it before, but the big issue was that there were a limitless number of providers. Today, we have: - Password - LDAP - Facebook - GitHub - Phabricator - Disqus - Google We plan to add: - Asana - An arbitrary number of additional instances of Phabricator Users want to add: - OpenID - Custom providers And I'd like to have these at some point: - Stripe - WePay - Amazon - Bitbucket So basically any UI for this has to accommodate 300 zillion auth options. I don't think we need to solve any UX problems here (realistically, installs enable 1-2 auth options and users don't actually face an overwhelming number of choices) but making the login forms less ugly would be nice. No combination of prebuilt elements seems to look very good for this use case. Test Plan: Registered a new acount with Facebook. Reviewers: btrahan, chad Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6161 2013-06-16 19:15:16 +02:00			`}`

			`}`