From 25eb401e18ae757100b001ae83fa56cb39c70089 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 3 Sep 2013 10:30:39 -0700
Subject: [PATCH] Handle user aborts during auth workflows in Phabricator

Summary: Depends on D6872. Ref T3687. Give the user a nice dialog instead of a bare exception.

Test Plan: Cancelled out of Twitter and JIRA workflows. We should probably do this for the OAuth2 workflows too, but they're a bit of a pain to de-auth and I am lazy.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3687

Differential Revision: https://secure.phabricator.com/D6873
---
 .../PhabricatorAuthLoginController.php        | 23 ++++++++++++++++++-
 .../PhabricatorAuthProviderOAuth1.php         |  7 ++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/applications/auth/controller/PhabricatorAuthLoginController.php b/src/applications/auth/controller/PhabricatorAuthLoginController.php
index 4552dc15ee..deb71a75b1 100644
--- a/src/applications/auth/controller/PhabricatorAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorAuthLoginController.php
@@ -25,7 +25,28 @@ final class PhabricatorAuthLoginController
 
     $provider = $this->provider;
 
-    list($account, $response) = $provider->processLoginRequest($this);
+    try {
+      list($account, $response) = $provider->processLoginRequest($this);
+    } catch (PhutilAuthUserAbortedException $ex) {
+      if ($viewer->isLoggedIn()) {
+        // If a logged-in user cancels, take them back to the external accounts
+        // panel.
+        $next_uri = '/settings/panel/external/';
+      } else {
+        // If a logged-out user cancels, take them back to the auth start page.
+        $next_uri = '/';
+      }
+
+      // User explicitly hit "Cancel".
+      $dialog = id(new AphrontDialogView())
+        ->setUser($viewer)
+        ->setTitle(pht('Authentication Canceled'))
+        ->appendChild(
+          pht('You canceled authentication.'))
+        ->addCancelButton($next_uri, pht('Continue'));
+      return id(new AphrontDialogResponse())->setDialog($dialog);
+    }
+
     if ($response) {
       return $response;
     }
diff --git a/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php b/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php
index 3f161c9eee..c5931cacd0 100644
--- a/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php
+++ b/src/applications/auth/provider/PhabricatorAuthProviderOAuth1.php
@@ -103,6 +103,13 @@ abstract class PhabricatorAuthProviderOAuth1 extends PhabricatorAuthProvider {
       return array($account, $response);
     }
 
+    $denied = $request->getStr('denied');
+    if (strlen($denied)) {
+      // Twitter indicates that the user cancelled the login attempt by
+      // returning "denied" as a parameter.
+      throw new PhutilAuthUserAbortedException();
+    }
+
     // NOTE: You can get here via GET, this should probably be a bit more
     // user friendly.