mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-18 12:52:42 +01:00
Auth - allow for "auto login" providers
Summary: Ref T7153. I am not sure if this is 100% correct because sometimes you have to POST vs GET and I don't know if the redirect response will / can do the right thing? I think options to fix this would be to 1) restrict this functionality to JUST the Phabricator OAuth provider type or 2) something really fancy with an HTTP(S) future. The other rub right now is when you logout you get half auto-logged in again... Thoughts on that? Test Plan: setup my local instance to JUST have phabricator oauth available to login. was presented with the dialog automagically...! Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7153 Differential Revision: https://secure.phabricator.com/D11701
This commit is contained in:
Bob Trahan
parent
345966cb41
commit
472f316bbd
9 changed files with 65 additions and 5 deletions
|
|
@ -0,0 +1,2 @@
|
||||||
|
ALTER TABLE {$NAMESPACE}_auth.auth_providerconfig
|
||||||
|
ADD shouldAutoLogin TINYINT(1) NOT NULL DEFAULT '0';
|
||||||
|
|
@ -97,6 +97,7 @@ final class PhabricatorAuthApplication extends PhabricatorApplication {
|
||||||
),
|
),
|
||||||
'login/(?P<pkey>[^/]+)/(?:(?P<extra>[^/]+)/)?'
|
'login/(?P<pkey>[^/]+)/(?:(?P<extra>[^/]+)/)?'
|
||||||
=> 'PhabricatorAuthLoginController',
|
=> 'PhabricatorAuthLoginController',
|
||||||
|
'(?P<loggedout>loggedout)/' => 'PhabricatorAuthStartController',
|
||||||
'register/(?:(?P<akey>[^/]+)/)?' => 'PhabricatorAuthRegisterController',
|
'register/(?:(?P<akey>[^/]+)/)?' => 'PhabricatorAuthRegisterController',
|
||||||
'start/' => 'PhabricatorAuthStartController',
|
'start/' => 'PhabricatorAuthStartController',
|
||||||
'validate/' => 'PhabricatorAuthValidateController',
|
'validate/' => 'PhabricatorAuthValidateController',
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,7 @@ final class PhabricatorAuthStartController
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function processRequest() {
|
public function handleRequest(AphrontRequest $request) {
|
||||||
$request = $this->getRequest();
|
|
||||||
$viewer = $request->getUser();
|
$viewer = $request->getUser();
|
||||||
|
|
||||||
if ($viewer->isLoggedIn()) {
|
if ($viewer->isLoggedIn()) {
|
||||||
|
|
@ -97,6 +96,19 @@ final class PhabricatorAuthStartController
|
||||||
PhabricatorCookies::setClientIDCookie($request);
|
PhabricatorCookies::setClientIDCookie($request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!$request->getURIData('loggedout') && count($providers) == 1) {
|
||||||
|
$auto_login_provider = head($providers);
|
||||||
|
$auto_login_config = $auto_login_provider->getProviderConfig();
|
||||||
|
if ($auto_login_provider instanceof PhabricatorPhabricatorAuthProvider &&
|
||||||
|
$auto_login_config->getShouldAutoLogin()) {
|
||||||
|
$auto_login_adapter = $provider->getAdapter();
|
||||||
|
$auto_login_adapter->setState($provider->getAuthCSRFCode($request));
|
||||||
|
return id(new AphrontRedirectResponse())
|
||||||
|
->setIsExternal(true)
|
||||||
|
->setURI($provider->getAdapter()->getAuthenticateURI());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$not_buttons = array();
|
$not_buttons = array();
|
||||||
$are_buttons = array();
|
$are_buttons = array();
|
||||||
$providers = msort($providers, 'getLoginOrder');
|
$providers = msort($providers, 'getLoginOrder');
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ final class PhabricatorLogoutController
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function processRequest() {
|
public function handleRequest(AphrontRequest $request) {
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$user = $request->getUser();
|
$user = $request->getUser();
|
||||||
|
|
||||||
|
|
@ -49,7 +49,7 @@ final class PhabricatorLogoutController
|
||||||
$request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
|
$request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
|
||||||
|
|
||||||
return id(new AphrontRedirectResponse())
|
return id(new AphrontRedirectResponse())
|
||||||
->setURI('/login/');
|
->setURI('/auth/loggedout/');
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($user->getPHID()) {
|
if ($user->getPHID()) {
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,7 @@ final class PhabricatorAuthEditController
|
||||||
$v_link = $config->getShouldAllowLink();
|
$v_link = $config->getShouldAllowLink();
|
||||||
$v_unlink = $config->getShouldAllowUnlink();
|
$v_unlink = $config->getShouldAllowUnlink();
|
||||||
$v_trust_email = $config->getShouldTrustEmails();
|
$v_trust_email = $config->getShouldTrustEmails();
|
||||||
|
$v_auto_login = $config->getShouldAutoLogin();
|
||||||
|
|
||||||
if ($request->isFormPost()) {
|
if ($request->isFormPost()) {
|
||||||
|
|
||||||
|
|
@ -123,6 +124,13 @@ final class PhabricatorAuthEditController
|
||||||
PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
|
PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
|
||||||
->setNewValue($request->getInt('trustEmails', 0));
|
->setNewValue($request->getInt('trustEmails', 0));
|
||||||
|
|
||||||
|
if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
|
||||||
|
$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
|
||||||
|
->setTransactionType(
|
||||||
|
PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)
|
||||||
|
->setNewValue($request->getInt('autoLogin', 0));
|
||||||
|
}
|
||||||
|
|
||||||
foreach ($properties as $key => $value) {
|
foreach ($properties as $key => $value) {
|
||||||
$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
|
$xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
|
||||||
->setTransactionType(
|
->setTransactionType(
|
||||||
|
|
@ -224,6 +232,12 @@ final class PhabricatorAuthEditController
|
||||||
pht(
|
pht(
|
||||||
'Phabricator will skip email verification for accounts registered '.
|
'Phabricator will skip email verification for accounts registered '.
|
||||||
'through this provider.'));
|
'through this provider.'));
|
||||||
|
$str_auto_login = hsprintf(
|
||||||
|
'<strong>%s:</strong> %s',
|
||||||
|
pht('Allow Auto Login'),
|
||||||
|
pht(
|
||||||
|
'Phabricator will automatically login with this provider if it is '.
|
||||||
|
'the only available provider.'));
|
||||||
|
|
||||||
$status_tag = id(new PHUITagView())
|
$status_tag = id(new PHUITagView())
|
||||||
->setType(PHUITagView::TYPE_STATE);
|
->setType(PHUITagView::TYPE_STATE);
|
||||||
|
|
@ -285,6 +299,16 @@ final class PhabricatorAuthEditController
|
||||||
$v_trust_email));
|
$v_trust_email));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
|
||||||
|
$form->appendChild(
|
||||||
|
id(new AphrontFormCheckboxControl())
|
||||||
|
->addCheckbox(
|
||||||
|
'autoLogin',
|
||||||
|
1,
|
||||||
|
$str_auto_login,
|
||||||
|
$v_auto_login));
|
||||||
|
}
|
||||||
|
|
||||||
$provider->extendEditForm($request, $form, $properties, $issues);
|
$provider->extendEditForm($request, $form, $properties, $issues);
|
||||||
|
|
||||||
$form
|
$form
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
|
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
|
||||||
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
|
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
|
||||||
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS;
|
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS;
|
||||||
|
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN;
|
||||||
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY;
|
$types[] = PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY;
|
||||||
|
|
||||||
return $types;
|
return $types;
|
||||||
|
|
@ -43,6 +44,8 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
return (int)$object->getShouldAllowUnlink();
|
return (int)$object->getShouldAllowUnlink();
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
||||||
return (int)$object->getShouldTrustEmails();
|
return (int)$object->getShouldTrustEmails();
|
||||||
|
case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
|
||||||
|
return (int)$object->getShouldAutoLogin();
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
||||||
$key = $xaction->getMetadataValue(
|
$key = $xaction->getMetadataValue(
|
||||||
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
|
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
|
||||||
|
|
@ -60,6 +63,7 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
||||||
|
case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
||||||
return $xaction->getNewValue();
|
return $xaction->getNewValue();
|
||||||
}
|
}
|
||||||
|
|
@ -80,6 +84,8 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
return $object->setShouldAllowUnlink($v);
|
return $object->setShouldAllowUnlink($v);
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
||||||
return $object->setShouldTrustEmails($v);
|
return $object->setShouldTrustEmails($v);
|
||||||
|
case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
|
||||||
|
return $object->setShouldAutoLogin($v);
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
|
||||||
$key = $xaction->getMetadataValue(
|
$key = $xaction->getMetadataValue(
|
||||||
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
|
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
|
||||||
|
|
@ -104,6 +110,7 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
|
||||||
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
|
||||||
|
case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
|
||||||
// For these types, last transaction wins.
|
// For these types, last transaction wins.
|
||||||
return $v;
|
return $v;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -449,7 +449,7 @@ abstract class PhabricatorAuthProvider {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getAuthCSRFCode(AphrontRequest $request) {
|
public function getAuthCSRFCode(AphrontRequest $request) {
|
||||||
$phcid = $request->getCookie(PhabricatorCookies::COOKIE_CLIENTID);
|
$phcid = $request->getCookie(PhabricatorCookies::COOKIE_CLIENTID);
|
||||||
if (!strlen($phcid)) {
|
if (!strlen($phcid)) {
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ final class PhabricatorAuthProviderConfig
|
||||||
protected $shouldAllowLink = 0;
|
protected $shouldAllowLink = 0;
|
||||||
protected $shouldAllowUnlink = 0;
|
protected $shouldAllowUnlink = 0;
|
||||||
protected $shouldTrustEmails = 0;
|
protected $shouldTrustEmails = 0;
|
||||||
|
protected $shouldAutoLogin = 0;
|
||||||
|
|
||||||
protected $properties = array();
|
protected $properties = array();
|
||||||
|
|
||||||
|
|
@ -42,6 +43,7 @@ final class PhabricatorAuthProviderConfig
|
||||||
'shouldAllowLink' => 'bool',
|
'shouldAllowLink' => 'bool',
|
||||||
'shouldAllowUnlink' => 'bool',
|
'shouldAllowUnlink' => 'bool',
|
||||||
'shouldTrustEmails' => 'bool',
|
'shouldTrustEmails' => 'bool',
|
||||||
|
'shouldAutoLogin' => 'bool',
|
||||||
),
|
),
|
||||||
self::CONFIG_KEY_SCHEMA => array(
|
self::CONFIG_KEY_SCHEMA => array(
|
||||||
'key_provider' => array(
|
'key_provider' => array(
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ final class PhabricatorAuthProviderConfigTransaction
|
||||||
const TYPE_LINK = 'config:link';
|
const TYPE_LINK = 'config:link';
|
||||||
const TYPE_UNLINK = 'config:unlink';
|
const TYPE_UNLINK = 'config:unlink';
|
||||||
const TYPE_TRUST_EMAILS = 'config:trustEmails';
|
const TYPE_TRUST_EMAILS = 'config:trustEmails';
|
||||||
|
const TYPE_AUTO_LOGIN = 'config:autoLogin';
|
||||||
const TYPE_PROPERTY = 'config:property';
|
const TYPE_PROPERTY = 'config:property';
|
||||||
|
|
||||||
const PROPERTY_KEY = 'auth:property';
|
const PROPERTY_KEY = 'auth:property';
|
||||||
|
|
@ -133,6 +134,17 @@ final class PhabricatorAuthProviderConfigTransaction
|
||||||
$this->renderHandleLink($author_phid));
|
$this->renderHandleLink($author_phid));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case self::TYPE_AUTO_LOGIN:
|
||||||
|
if ($new) {
|
||||||
|
return pht(
|
||||||
|
'%s enabled auto login.',
|
||||||
|
$this->renderHandleLink($author_phid));
|
||||||
|
} else {
|
||||||
|
return pht(
|
||||||
|
'%s disabled auto login.',
|
||||||
|
$this->renderHandleLink($author_phid));
|
||||||
|
}
|
||||||
|
break;
|
||||||
case self::TYPE_PROPERTY:
|
case self::TYPE_PROPERTY:
|
||||||
$provider = $this->getProvider();
|
$provider = $this->getProvider();
|
||||||
if ($provider) {
|
if ($provider) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue