mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 20:40:56 +01:00
Clarify registration rules more aggressively when configuring auth
Summary: See private chatter. Make it explicitly clear when adding a provider that anyone who can browse to Phabricator can register. Test Plan: See screenshots. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7570
This commit is contained in:
parent
13514892e2
commit
30a51dac36
2 changed files with 60 additions and 4 deletions
|
@ -169,14 +169,35 @@ final class PhabricatorAuthEditController
|
||||||
$cancel_uri = $this->getApplicationURI();
|
$cancel_uri = $this->getApplicationURI();
|
||||||
}
|
}
|
||||||
|
|
||||||
$str_registration = hsprintf(
|
$config_name = 'auth.email-domains';
|
||||||
'<strong>%s:</strong> %s',
|
$config_href = '/config/edit/'.$config_name.'/';
|
||||||
pht('Allow Registration'),
|
|
||||||
|
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
|
||||||
|
if ($email_domains) {
|
||||||
|
$registration_warning = pht(
|
||||||
|
"Users will only be able to register with a verified email address ".
|
||||||
|
"at one of the configured [[ %s | %s ]] domains: **%s**",
|
||||||
|
$config_href,
|
||||||
|
$config_name,
|
||||||
|
implode(', ', $email_domains));
|
||||||
|
} else {
|
||||||
|
$registration_warning = pht(
|
||||||
|
"NOTE: Any user who can browse to this install's login page will be ".
|
||||||
|
"able to register a Phabricator account. To restrict who can register ".
|
||||||
|
"an account, configure [[ %s | %s ]].",
|
||||||
|
$config_href,
|
||||||
|
$config_name);
|
||||||
|
}
|
||||||
|
|
||||||
|
$str_registration = array(
|
||||||
|
phutil_tag('strong', array(), pht('Allow Registration:')),
|
||||||
|
' ',
|
||||||
pht(
|
pht(
|
||||||
'Allow users to register new Phabricator accounts using this '.
|
'Allow users to register new Phabricator accounts using this '.
|
||||||
'provider. If you disable registration, users can still use this '.
|
'provider. If you disable registration, users can still use this '.
|
||||||
'provider to log in to existing accounts, but will not be able to '.
|
'provider to log in to existing accounts, but will not be able to '.
|
||||||
'create new accounts.'));
|
'create new accounts.'),
|
||||||
|
);
|
||||||
|
|
||||||
$str_link = hsprintf(
|
$str_link = hsprintf(
|
||||||
'<strong>%s:</strong> %s',
|
'<strong>%s:</strong> %s',
|
||||||
|
@ -229,6 +250,7 @@ final class PhabricatorAuthEditController
|
||||||
1,
|
1,
|
||||||
$str_registration,
|
$str_registration,
|
||||||
$v_registration))
|
$v_registration))
|
||||||
|
->appendRemarkupInstructions($registration_warning)
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormCheckboxControl())
|
id(new AphrontFormCheckboxControl())
|
||||||
->addCheckbox(
|
->addCheckbox(
|
||||||
|
|
|
@ -90,9 +90,43 @@ final class PhabricatorAuthListController
|
||||||
id(new PhabricatorCrumbView())
|
id(new PhabricatorCrumbView())
|
||||||
->setName(pht('Auth Providers')));
|
->setName(pht('Auth Providers')));
|
||||||
|
|
||||||
|
$config_name = 'auth.email-domains';
|
||||||
|
$config_href = '/config/edit/'.$config_name.'/';
|
||||||
|
$config_link = phutil_tag(
|
||||||
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => $config_href,
|
||||||
|
'target' => '_blank',
|
||||||
|
),
|
||||||
|
$config_name);
|
||||||
|
|
||||||
|
$warning = new AphrontErrorView();
|
||||||
|
|
||||||
|
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
|
||||||
|
if ($email_domains) {
|
||||||
|
$warning->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
|
||||||
|
$warning->setTitle(pht('Registration is Restricted'));
|
||||||
|
$warning->appendChild(
|
||||||
|
pht(
|
||||||
|
'Only users with a verified email address at one of the %s domains '.
|
||||||
|
'will be able to register a Phabricator account: %s',
|
||||||
|
$config_link,
|
||||||
|
phutil_tag('strong', array(), implode(', ', $email_domains))));
|
||||||
|
} else {
|
||||||
|
$warning->setSeverity(AphrontErrorView::SEVERITY_WARNING);
|
||||||
|
$warning->setTitle(pht('Anyone Can Register an Account'));
|
||||||
|
$warning->appendChild(
|
||||||
|
pht(
|
||||||
|
'Anyone who can browse to this Phabricator install will be able to '.
|
||||||
|
'register an account. To restrict who can register an account, '.
|
||||||
|
'configure %s.',
|
||||||
|
$config_link));
|
||||||
|
}
|
||||||
|
|
||||||
return $this->buildApplicationPage(
|
return $this->buildApplicationPage(
|
||||||
array(
|
array(
|
||||||
$crumbs,
|
$crumbs,
|
||||||
|
$warning,
|
||||||
$list,
|
$list,
|
||||||
),
|
),
|
||||||
array(
|
array(
|
||||||
|
|
Loading…
Reference in a new issue