diff --git a/resources/celerity/map.php b/resources/celerity/map.php index a28ddfe8b3..b6aaf80f5a 100644 --- a/resources/celerity/map.php +++ b/resources/celerity/map.php @@ -9,7 +9,7 @@ return array( 'names' => array( 'conpherence.pkg.css' => '3c8a0668', 'conpherence.pkg.js' => '020aebcf', - 'core.pkg.css' => '77c4f199', + 'core.pkg.css' => '20f3fea5', 'core.pkg.js' => '69247edd', 'differential.pkg.css' => '8d8360fb', 'differential.pkg.js' => '67e02996', @@ -160,7 +160,7 @@ return array( 'rsrc/css/phui/phui-icon-set-selector.css' => '7aa5f3ec', 'rsrc/css/phui/phui-icon.css' => '4cbc684a', 'rsrc/css/phui/phui-image-mask.css' => '62c7f4d2', - 'rsrc/css/phui/phui-info-view.css' => '37b8d9ce', + 'rsrc/css/phui/phui-info-view.css' => 'a10a909b', 'rsrc/css/phui/phui-invisible-character-view.css' => 'c694c4a4', 'rsrc/css/phui/phui-left-right.css' => '68513c34', 'rsrc/css/phui/phui-lightbox.css' => '4ebf22da', @@ -842,7 +842,7 @@ return array( 'phui-icon-set-selector-css' => '7aa5f3ec', 'phui-icon-view-css' => '4cbc684a', 'phui-image-mask-css' => '62c7f4d2', - 'phui-info-view-css' => '37b8d9ce', + 'phui-info-view-css' => 'a10a909b', 'phui-inline-comment-view-css' => '48acce5b', 'phui-invisible-character-view-css' => 'c694c4a4', 'phui-left-right-css' => '68513c34', diff --git a/src/applications/auth/controller/config/PhabricatorAuthListController.php b/src/applications/auth/controller/config/PhabricatorAuthListController.php index f4b05e8adf..b6ba91e7cd 100644 --- a/src/applications/auth/controller/config/PhabricatorAuthListController.php +++ b/src/applications/auth/controller/config/PhabricatorAuthListController.php @@ -13,6 +13,7 @@ final class PhabricatorAuthListController $list = new PHUIObjectItemListView(); $can_manage = $this->hasApplicationCapability( AuthManageProvidersCapability::CAPABILITY); + $is_locked = PhabricatorEnv::getEnvConfig('auth.lock-config'); foreach ($configs as $config) { $item = new PHUIObjectItemView(); @@ -69,7 +70,8 @@ final class PhabricatorAuthListController $crumbs->addTextCrumb(pht('Login and Registration')); $crumbs->setBorder(true); - $guidance_context = new PhabricatorAuthProvidersGuidanceContext(); + $guidance_context = id(new PhabricatorAuthProvidersGuidanceContext()) + ->setCanManage($can_manage); $guidance = id(new PhabricatorGuidanceEngine()) ->setViewer($viewer) @@ -81,7 +83,7 @@ final class PhabricatorAuthListController ->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE) ->setHref($this->getApplicationURI('config/new/')) ->setIcon('fa-plus') - ->setDisabled(!$can_manage) + ->setDisabled(!$can_manage || $is_locked) ->setText(pht('Add Provider')); $list->setFlush(true); diff --git a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php index 1302846ec3..12c8300811 100644 --- a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php +++ b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceContext.php @@ -1,4 +1,17 @@ canManage = $can_manage; + return $this; + } + + public function getCanManage() { + return $this->canManage; + } + +} diff --git a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php index d1f67393ca..32482a582a 100644 --- a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php +++ b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php @@ -92,6 +92,25 @@ final class PhabricatorAuthProvidersGuidanceEngineExtension ->setMessage($message); } + $locked_config_key = 'auth.lock-config'; + $is_locked = PhabricatorEnv::getEnvConfig($locked_config_key); + if ($is_locked) { + $message = pht( + 'Authentication provider configuration is locked, and can not be '. + 'changed without being unlocked. See the configuration setting %s '. + 'for details.', + phutil_tag( + 'a', + array( + 'href' => '/config/edit/'.$locked_config_key, + ), + $locked_config_key)); + + $results[] = $this->newWarning('auth.locked-config') + ->setPriority(500) + ->setMessage($message); + } + return $results; } diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php index 55e7223da5..8058ecafcb 100644 --- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php +++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php @@ -85,13 +85,13 @@ final class PhabricatorAuthenticationConfigOptions 'configuration from the CLI before it can be edited.')) ->setDescription( pht( - 'Normally, administrators configure authentication providers only '. - 'once, immediately after instance creation. To further secure '. - 'your instance, you can set this configuration option to `true`, '. - 'which will require an adminstrator with CLI access to run '. - '`bin/auth unlock` to make any later changes to authentication '. - "provider configuration.\n\nAfter changing the config, you should ". - 'run `bin/auth lock` again from the CLI.')) + 'When set to `true`, the authentication provider configuration '. + 'for this instance can not be modified without first running '. + '`bin/auth unlock` from the command line. This is to reduce '. + 'the security impact of a compromised administrator account. '. + "\n\n". + 'After running `bin/auth unlock` and making your changes to the '. + 'authentication provider config, you should run `bin/auth lock`.')) ->setLocked(true), $this->newOption('account.editable', 'bool', true) ->setBoolOptions( diff --git a/webroot/rsrc/css/phui/phui-info-view.css b/webroot/rsrc/css/phui/phui-info-view.css index b4fafc6e59..0d15d08e4b 100644 --- a/webroot/rsrc/css/phui/phui-info-view.css +++ b/webroot/rsrc/css/phui/phui-info-view.css @@ -74,8 +74,8 @@ h1.phui-info-view-head { } .phui-info-view-list { - margin: 0; - list-style: none; + margin-left: 30px; + list-style: disc; line-height: 1.6em; }