1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00

Give ExternalAccount a providerConfigPHID, tying it to a particular provider

Summary:
Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by `providerType` + `providerDomain`. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The `domain` also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value `self` in all cases. Yeah, yikes.

Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world.

(On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.)

Test Plan: Ran migrations, sanity-checked database. See followup changes for more comprehensive testing.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T6703

Differential Revision: https://secure.phabricator.com/D20112
This commit is contained in:
epriestley 2019-02-06 13:11:34 -08:00
parent 55c18bc900
commit 541d794c13
7 changed files with 85 additions and 25 deletions

View file

@ -0,0 +1,2 @@
ALTER TABLE {$NAMESPACE}_user.user_externalaccount
ADD providerConfigPHID VARBINARY(64) NOT NULL;

View file

@ -0,0 +1,36 @@
<?php
$account_table = new PhabricatorExternalAccount();
$account_conn = $account_table->establishConnection('w');
$table_name = $account_table->getTableName();
$config_table = new PhabricatorAuthProviderConfig();
$config_conn = $config_table->establishConnection('w');
foreach (new LiskRawMigrationIterator($account_conn, $table_name) as $row) {
if (strlen($row['providerConfigPHID'])) {
continue;
}
$config_row = queryfx_one(
$config_conn,
'SELECT phid
FROM %R
WHERE providerType = %s AND providerDomain = %s
LIMIT 1',
$config_table,
$row['accountType'],
$row['accountDomain']);
if (!$config_row) {
continue;
}
queryfx(
$account_conn,
'UPDATE %R
SET providerConfigPHID = %s
WHERE id = %d',
$account_table,
$config_row['phid'],
$row['id']);
}

View file

@ -671,7 +671,7 @@ final class PhabricatorAuthRegisterController
}
$provider = head($providers);
$account = $provider->getDefaultExternalAccount();
$account = $provider->newDefaultExternalAccount();
return array($account, $provider, $response);
}

View file

@ -220,9 +220,7 @@ abstract class PhabricatorAuthProvider extends Phobject {
$adapter->getAdapterDomain(),
$account_id);
if (!$account) {
$account = id(new PhabricatorExternalAccount())
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain())
$account = $this->newExternalAccount()
->setAccountID($account_id);
}
@ -299,8 +297,18 @@ abstract class PhabricatorAuthProvider extends Phobject {
return false;
}
public function getDefaultExternalAccount() {
throw new PhutilMethodNotImplementedException();
public function newDefaultExternalAccount() {
return $this->newExternalAccount();
}
protected function newExternalAccount() {
$config = $this->getProviderConfig();
$adapter = $this->getAdapter();
return id(new PhabricatorExternalAccount())
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain())
->setProviderConfigPHID($config->getPHID());
}
public function getLoginOrder() {

View file

@ -359,14 +359,6 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
return true;
}
public function getDefaultExternalAccount() {
$adapter = $this->getAdapter();
return id(new PhabricatorExternalAccount())
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain());
}
protected function willSaveAccount(PhabricatorExternalAccount $account) {
parent::willSaveAccount($account);
$account->setUserPHID($account->getAccountID());

View file

@ -71,6 +71,26 @@ final class PhabricatorExternalAccountQuery
}
protected function willFilterPage(array $accounts) {
$viewer = $this->getViewer();
$configs = id(new PhabricatorAuthProviderConfigQuery())
->setViewer($viewer)
->withPHIDs(mpull($accounts, 'getProviderConfigPHID'))
->execute();
$configs = mpull($configs, null, 'getPHID');
foreach ($accounts as $key => $account) {
$config_phid = $account->getProviderConfigPHID();
$config = idx($configs, $config_phid);
if (!$config) {
unset($accounts[$key]);
continue;
}
$account->attachProviderConfig($config);
}
if ($this->needImages) {
$file_phids = mpull($accounts, 'getProfileImagePHID');
$file_phids = array_filter($file_phids);

View file

@ -16,8 +16,10 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
protected $accountURI;
protected $profileImagePHID;
protected $properties = array();
protected $providerConfigPHID;
private $profileImageFile = self::ATTACHABLE;
private $providerConfig = self::ATTACHABLE;
public function getProfileImageFile() {
return $this->assertAttached($this->profileImageFile);
@ -65,13 +67,6 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
) + parent::getConfiguration();
}
public function getPhabricatorUser() {
$tmp_usr = id(new PhabricatorUser())
->makeEphemeral()
->setPHID($this->getPHID());
return $tmp_usr;
}
public function getProviderKey() {
return $this->getAccountType().':'.$this->getAccountDomain();
}
@ -93,13 +88,12 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
}
public function isUsableForLogin() {
$key = $this->getProviderKey();
$provider = PhabricatorAuthProvider::getEnabledProviderByKey($key);
if (!$provider) {
$config = $this->getProviderConfig();
if (!$config->getIsEnabled()) {
return false;
}
$provider = $config->getProvider();
if (!$provider->shouldAllowLogin()) {
return false;
}
@ -125,6 +119,14 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
return idx($map, $type, pht('"%s" User', $type));
}
public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
$this->providerConfig = $config;
return $this;
}
public function getProviderConfig() {
return $this->assertAttached($this->providerConfig);
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */