Allow users to register with non-registration providers if they are invited to an instance

Summary: Depends on D20117. Fixes T10071. When you're sent an email invitation, it's intended to allow you to register an account even if you otherwise could not (see D11737). Some time between D11737 and today, this stopped working (or perhaps it never worked and I got things wrong in D11737). I think this actually ended up not mattering for us, given the way Phacility auth was ultimately built. This feature generally seems reasonable, though, and probably //should// work. Make it work in the "password" and "oauth" cases, at least. This may //still// not work for LDAP, but testing that is nontrivial. Test Plan: - Enabled only passwords, turned off registration, sent an invite, registered with a password. - Enabled only Google OAuth, turned off registration, sent an invite, registered with Google OAuth. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T10071 Differential Revision: https://secure.phabricator.com/D20118
2024-11-10 00:42:41 +01:00 · 2019-02-06 17:55:31 -08:00 · 2019-02-06 17:55:31 -08:00 · 3f35c0068a
commit 3f35c0068a
parent d22495a820
2 changed files with 13 additions and 9 deletions
--- a/src/applications/auth/controller/PhabricatorAuthLoginController.php
+++ b/src/applications/auth/controller/PhabricatorAuthLoginController.php
@ -35,6 +35,7 @@ final class PhabricatorAuthLoginController
      return $response;
    }

+    $invite = $this->loadInvite();
    $provider = $this->provider;

    try {
@ -103,7 +104,7 @@ final class PhabricatorAuthLoginController
      // The account is not yet attached to a Phabricator user, so this is
      // either a registration or an account link request.
      if (!$viewer->isLoggedIn()) {
-        if ($provider->shouldAllowRegistration()) {
+        if ($provider->shouldAllowRegistration() || $invite) {
          return $this->processRegisterUser($account);
        } else {
          return $this->renderError(
--- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php
+++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
@ -11,10 +11,12 @@ final class PhabricatorAuthRegisterController
    $viewer = $this->getViewer();
    $account_key = $request->getURIData('akey');

-    if ($request->getUser()->isLoggedIn()) {
+    if ($viewer->isLoggedIn()) {
      return id(new AphrontRedirectResponse())->setURI('/');
    }

+    $invite = $this->loadInvite();
+
    $is_setup = false;
    if (strlen($account_key)) {
      $result = $this->loadAccountForRegistrationOrLinking($account_key);
@ -27,7 +29,7 @@ final class PhabricatorAuthRegisterController
      $is_default = true;
      $is_setup = true;
    } else {
-      list($account, $provider, $response) = $this->loadDefaultAccount();
+      list($account, $provider, $response) = $this->loadDefaultAccount($invite);
      $is_default = true;
    }

@ -35,8 +37,6 @@ final class PhabricatorAuthRegisterController
      return $response;
    }

-    $invite = $this->loadInvite();
-
    if (!$is_setup) {
      if (!$provider->shouldAllowRegistration()) {
        if ($invite) {
@ -643,17 +643,20 @@ final class PhabricatorAuthRegisterController
      ->appendChild($view);
  }

-  private function loadDefaultAccount() {
+  private function loadDefaultAccount($invite) {
    $providers = PhabricatorAuthProvider::getAllEnabledProviders();
    $account = null;
    $provider = null;
    $response = null;

    foreach ($providers as $key => $candidate_provider) {
-      if (!$candidate_provider->shouldAllowRegistration()) {
-        unset($providers[$key]);
-        continue;
+      if (!$invite) {
+        if (!$candidate_provider->shouldAllowRegistration()) {
+          unset($providers[$key]);
+          continue;
+        }
      }
+
      if (!$candidate_provider->isDefaultRegistrationProvider()) {
        unset($providers[$key]);
      }