Handle user aborts during auth workflows in Phabricator

Summary: Depends on D6872. Ref T3687. Give the user a nice dialog instead of a bare exception. Test Plan: Cancelled out of Twitter and JIRA workflows. We should probably do this for the OAuth2 workflows too, but they're a bit of a pain to de-auth and I am lazy. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3687 Differential Revision: https://secure.phabricator.com/D6873
2024-11-27 01:02:42 +01:00 · 2013-09-03 10:30:39 -07:00 · 2013-09-03 10:30:39 -07:00 · 25eb401e18
commit 25eb401e18
parent 6e63adaf54
2 changed files with 29 additions and 1 deletions
--- a/src/applications/auth/controller/PhabricatorAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorAuthLoginController.php
@ -25,7 +25,28 @@ final class PhabricatorAuthLoginController

    $provider = $this->provider;

-    list($account, $response) = $provider->processLoginRequest($this);
+    try {
+      list($account, $response) = $provider->processLoginRequest($this);
+    } catch (PhutilAuthUserAbortedException $ex) {
+      if ($viewer->isLoggedIn()) {
+        // If a logged-in user cancels, take them back to the external accounts
+        // panel.
+        $next_uri = '/settings/panel/external/';
+      } else {
+        // If a logged-out user cancels, take them back to the auth start page.
+        $next_uri = '/';
+      }
+
+      // User explicitly hit "Cancel".
+      $dialog = id(new AphrontDialogView())
+        ->setUser($viewer)
+        ->setTitle(pht('Authentication Canceled'))
+        ->appendChild(
+          pht('You canceled authentication.'))
+        ->addCancelButton($next_uri, pht('Continue'));
+      return id(new AphrontDialogResponse())->setDialog($dialog);
+    }
+
    if ($response) {
      return $response;
    }
--- a/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php
+++ b/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php
@ -103,6 +103,13 @@ abstract class PhabricatorAuthProviderOAuth1 extends PhabricatorAuthProvider {
      return array($account, $response);
    }

+    $denied = $request->getStr('denied');
+    if (strlen($denied)) {
+      // Twitter indicates that the user cancelled the login attempt by
+      // returning "denied" as a parameter.
+      throw new PhutilAuthUserAbortedException();
+    }
+
    // NOTE: You can get here via GET, this should probably be a bit more
    // user friendly.