Auth - allow for "auto login" providers

Summary: Ref T7153. I am not sure if this is 100% correct because sometimes you have to POST vs GET and I don't know if the redirect response will / can do the right thing? I think options to fix this would be to 1) restrict this functionality to JUST the Phabricator OAuth provider type or 2) something really fancy with an HTTP(S) future.  The other rub right now is when you logout you get half auto-logged in again... Thoughts on that?

Test Plan: setup my local instance to JUST have phabricator oauth available to login. was presented with the dialog automagically...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7153

Differential Revision: https://secure.phabricator.com/D11701

resources/sql/autopatches/20150205.authprovider.autologin.sql

@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_auth.auth_providerconfig
+  ADD shouldAutoLogin TINYINT(1) NOT NULL DEFAULT '0';

src/applications/auth/application/PhabricatorAuthApplication.php

@@ -97,6 +97,7 @@ final class PhabricatorAuthApplication extends PhabricatorApplication {
         ),
         'login/(?P<pkey>[^/]+)/(?:(?P<extra>[^/]+)/)?'
           => 'PhabricatorAuthLoginController',
+        '(?P<loggedout>loggedout)/' => 'PhabricatorAuthStartController',
         'register/(?:(?P<akey>[^/]+)/)?' => 'PhabricatorAuthRegisterController',
         'start/' => 'PhabricatorAuthStartController',
         'validate/' => 'PhabricatorAuthValidateController',

src/applications/auth/controller/PhabricatorAuthStartController.php

@@ -7,8 +7,7 @@ final class PhabricatorAuthStartController
     return false;
   }
 
-  public function processRequest() {
-    $request = $this->getRequest();
+  public function handleRequest(AphrontRequest $request) {
     $viewer = $request->getUser();
 
     if ($viewer->isLoggedIn()) {
@@ -97,6 +96,19 @@ final class PhabricatorAuthStartController
       PhabricatorCookies::setClientIDCookie($request);
     }
 
+    if (!$request->getURIData('loggedout') && count($providers) == 1) {
+      $auto_login_provider = head($providers);
+      $auto_login_config = $auto_login_provider->getProviderConfig();
+      if ($auto_login_provider instanceof PhabricatorPhabricatorAuthProvider &&
+          $auto_login_config->getShouldAutoLogin()) {
+        $auto_login_adapter = $provider->getAdapter();
+        $auto_login_adapter->setState($provider->getAuthCSRFCode($request));
+        return id(new AphrontRedirectResponse())
+          ->setIsExternal(true)
+          ->setURI($provider->getAdapter()->getAuthenticateURI());
+      }
+    }
+
     $not_buttons = array();
     $are_buttons = array();
     $providers = msort($providers, 'getLoginOrder');

src/applications/auth/controller/PhabricatorLogoutController.php

@@ -21,7 +21,7 @@ final class PhabricatorLogoutController
     return true;
   }
 
-  public function processRequest() {
+  public function handleRequest(AphrontRequest $request) {
     $request = $this->getRequest();
     $user = $request->getUser();
 
@@ -49,7 +49,7 @@ final class PhabricatorLogoutController
       $request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
 
       return id(new AphrontRedirectResponse())
-        ->setURI('/login/');
+        ->setURI('/auth/loggedout/');
     }
 
     if ($user->getPHID()) {

src/applications/auth/controller/config/PhabricatorAuthEditController.php

@@ -83,6 +83,7 @@ final class PhabricatorAuthEditController
     $v_link = $config->getShouldAllowLink();
     $v_unlink = $config->getShouldAllowUnlink();
     $v_trust_email = $config->getShouldTrustEmails();
+    $v_auto_login = $config->getShouldAutoLogin();
 
     if ($request->isFormPost()) {
 
@@ -123,6 +124,13 @@ final class PhabricatorAuthEditController
             PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
           ->setNewValue($request->getInt('trustEmails', 0));
 
+        if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
+          $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
+            ->setTransactionType(
+              PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)
+            ->setNewValue($request->getInt('autoLogin', 0));
+        }
+
         foreach ($properties as $key => $value) {
           $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
             ->setTransactionType(
@@ -224,6 +232,12 @@ final class PhabricatorAuthEditController
       pht(
         'Phabricator will skip email verification for accounts registered '.
         'through this provider.'));
+    $str_auto_login = hsprintf(
+      '<strong>%s:</strong> %s',
+      pht('Allow Auto Login'),
+      pht(
+        'Phabricator will automatically login with this provider if it is '.
+        'the only available provider.'));
 
     $status_tag = id(new PHUITagView())
       ->setType(PHUITagView::TYPE_STATE);
@@ -285,6 +299,16 @@ final class PhabricatorAuthEditController
             $v_trust_email));
     }
 
+    if ($provider instanceof PhabricatorPhabricatorAuthProvider) {
+      $form->appendChild(
+        id(new AphrontFormCheckboxControl())
+          ->addCheckbox(
+            'autoLogin',
+            1,
+            $str_auto_login,
+            $v_auto_login));
+    }
+
     $provider->extendEditForm($request, $form, $properties, $issues);
 
     $form

src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php

@@ -19,6 +19,7 @@ final class PhabricatorAuthProviderConfigEditor
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS;
+    $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY;
 
     return $types;
@@ -43,6 +44,8 @@ final class PhabricatorAuthProviderConfigEditor
         return (int)$object->getShouldAllowUnlink();
       case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
         return (int)$object->getShouldTrustEmails();
+      case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
+        return (int)$object->getShouldAutoLogin();
       case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
         $key = $xaction->getMetadataValue(
           PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
@@ -60,6 +63,7 @@ final class PhabricatorAuthProviderConfigEditor
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
         return $xaction->getNewValue();
     }
@@ -80,6 +84,8 @@ final class PhabricatorAuthProviderConfigEditor
         return $object->setShouldAllowUnlink($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
         return $object->setShouldTrustEmails($v);
+      case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
+        return $object->setShouldAutoLogin($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_PROPERTY:
         $key = $xaction->getMetadataValue(
           PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
@@ -104,6 +110,7 @@ final class PhabricatorAuthProviderConfigEditor
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN:
         // For these types, last transaction wins.
         return $v;
     }

src/applications/auth/provider/PhabricatorAuthProvider.php

@@ -449,7 +449,7 @@ abstract class PhabricatorAuthProvider {
     return null;
   }
 
-  protected function getAuthCSRFCode(AphrontRequest $request) {
+  public function getAuthCSRFCode(AphrontRequest $request) {
     $phcid = $request->getCookie(PhabricatorCookies::COOKIE_CLIENTID);
     if (!strlen($phcid)) {
       throw new Exception(

src/applications/auth/storage/PhabricatorAuthProviderConfig.php

@@ -16,6 +16,7 @@ final class PhabricatorAuthProviderConfig
   protected $shouldAllowLink          = 0;
   protected $shouldAllowUnlink        = 0;
   protected $shouldTrustEmails        = 0;
+  protected $shouldAutoLogin          = 0;
 
   protected $properties = array();
 
@@ -42,6 +43,7 @@ final class PhabricatorAuthProviderConfig
         'shouldAllowLink' => 'bool',
         'shouldAllowUnlink' => 'bool',
         'shouldTrustEmails' => 'bool',
+        'shouldAutoLogin' => 'bool',
       ),
       self::CONFIG_KEY_SCHEMA => array(
         'key_provider' => array(

src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php

@@ -8,6 +8,7 @@ final class PhabricatorAuthProviderConfigTransaction
   const TYPE_LINK           = 'config:link';
   const TYPE_UNLINK         = 'config:unlink';
   const TYPE_TRUST_EMAILS   = 'config:trustEmails';
+  const TYPE_AUTO_LOGIN     = 'config:autoLogin';
   const TYPE_PROPERTY       = 'config:property';
 
   const PROPERTY_KEY        = 'auth:property';
@@ -133,6 +134,17 @@ final class PhabricatorAuthProviderConfigTransaction
             $this->renderHandleLink($author_phid));
         }
         break;
+      case self::TYPE_AUTO_LOGIN:
+        if ($new) {
+          return pht(
+            '%s enabled auto login.',
+            $this->renderHandleLink($author_phid));
+        } else {
+          return pht(
+            '%s disabled auto login.',
+            $this->renderHandleLink($author_phid));
+        }
+        break;
       case self::TYPE_PROPERTY:
         $provider = $this->getProvider();
         if ($provider) {