1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-26 08:42:41 +01:00

Give ExternalAccount a providerConfigPHID, tying it to a particular provider

Summary:
Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by `providerType` + `providerDomain`. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The `domain` also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value `self` in all cases. Yeah, yikes.

Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world.

(On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.)

Test Plan: Ran migrations, sanity-checked database. See followup changes for more comprehensive testing.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T6703

Differential Revision: https://secure.phabricator.com/D20112
This commit is contained in:
epriestley 2019-02-06 13:11:34 -08:00
parent 55c18bc900
commit 541d794c13
7 changed files with 85 additions and 25 deletions

View file

@ -0,0 +1,2 @@
ALTER TABLE {$NAMESPACE}_user.user_externalaccount
ADD providerConfigPHID VARBINARY(64) NOT NULL;

View file

@ -0,0 +1,36 @@
<?php
$account_table = new PhabricatorExternalAccount();
$account_conn = $account_table->establishConnection('w');
$table_name = $account_table->getTableName();
$config_table = new PhabricatorAuthProviderConfig();
$config_conn = $config_table->establishConnection('w');
foreach (new LiskRawMigrationIterator($account_conn, $table_name) as $row) {
if (strlen($row['providerConfigPHID'])) {
continue;
}
$config_row = queryfx_one(
$config_conn,
'SELECT phid
FROM %R
WHERE providerType = %s AND providerDomain = %s
LIMIT 1',
$config_table,
$row['accountType'],
$row['accountDomain']);
if (!$config_row) {
continue;
}
queryfx(
$account_conn,
'UPDATE %R
SET providerConfigPHID = %s
WHERE id = %d',
$account_table,
$config_row['phid'],
$row['id']);
}

View file

@ -671,7 +671,7 @@ final class PhabricatorAuthRegisterController
} }
$provider = head($providers); $provider = head($providers);
$account = $provider->getDefaultExternalAccount(); $account = $provider->newDefaultExternalAccount();
return array($account, $provider, $response); return array($account, $provider, $response);
} }

View file

@ -220,9 +220,7 @@ abstract class PhabricatorAuthProvider extends Phobject {
$adapter->getAdapterDomain(), $adapter->getAdapterDomain(),
$account_id); $account_id);
if (!$account) { if (!$account) {
$account = id(new PhabricatorExternalAccount()) $account = $this->newExternalAccount()
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain())
->setAccountID($account_id); ->setAccountID($account_id);
} }
@ -299,8 +297,18 @@ abstract class PhabricatorAuthProvider extends Phobject {
return false; return false;
} }
public function getDefaultExternalAccount() { public function newDefaultExternalAccount() {
throw new PhutilMethodNotImplementedException(); return $this->newExternalAccount();
}
protected function newExternalAccount() {
$config = $this->getProviderConfig();
$adapter = $this->getAdapter();
return id(new PhabricatorExternalAccount())
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain())
->setProviderConfigPHID($config->getPHID());
} }
public function getLoginOrder() { public function getLoginOrder() {

View file

@ -359,14 +359,6 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
return true; return true;
} }
public function getDefaultExternalAccount() {
$adapter = $this->getAdapter();
return id(new PhabricatorExternalAccount())
->setAccountType($adapter->getAdapterType())
->setAccountDomain($adapter->getAdapterDomain());
}
protected function willSaveAccount(PhabricatorExternalAccount $account) { protected function willSaveAccount(PhabricatorExternalAccount $account) {
parent::willSaveAccount($account); parent::willSaveAccount($account);
$account->setUserPHID($account->getAccountID()); $account->setUserPHID($account->getAccountID());

View file

@ -71,6 +71,26 @@ final class PhabricatorExternalAccountQuery
} }
protected function willFilterPage(array $accounts) { protected function willFilterPage(array $accounts) {
$viewer = $this->getViewer();
$configs = id(new PhabricatorAuthProviderConfigQuery())
->setViewer($viewer)
->withPHIDs(mpull($accounts, 'getProviderConfigPHID'))
->execute();
$configs = mpull($configs, null, 'getPHID');
foreach ($accounts as $key => $account) {
$config_phid = $account->getProviderConfigPHID();
$config = idx($configs, $config_phid);
if (!$config) {
unset($accounts[$key]);
continue;
}
$account->attachProviderConfig($config);
}
if ($this->needImages) { if ($this->needImages) {
$file_phids = mpull($accounts, 'getProfileImagePHID'); $file_phids = mpull($accounts, 'getProfileImagePHID');
$file_phids = array_filter($file_phids); $file_phids = array_filter($file_phids);

View file

@ -16,8 +16,10 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
protected $accountURI; protected $accountURI;
protected $profileImagePHID; protected $profileImagePHID;
protected $properties = array(); protected $properties = array();
protected $providerConfigPHID;
private $profileImageFile = self::ATTACHABLE; private $profileImageFile = self::ATTACHABLE;
private $providerConfig = self::ATTACHABLE;
public function getProfileImageFile() { public function getProfileImageFile() {
return $this->assertAttached($this->profileImageFile); return $this->assertAttached($this->profileImageFile);
@ -65,13 +67,6 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
) + parent::getConfiguration(); ) + parent::getConfiguration();
} }
public function getPhabricatorUser() {
$tmp_usr = id(new PhabricatorUser())
->makeEphemeral()
->setPHID($this->getPHID());
return $tmp_usr;
}
public function getProviderKey() { public function getProviderKey() {
return $this->getAccountType().':'.$this->getAccountDomain(); return $this->getAccountType().':'.$this->getAccountDomain();
} }
@ -93,13 +88,12 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
} }
public function isUsableForLogin() { public function isUsableForLogin() {
$key = $this->getProviderKey(); $config = $this->getProviderConfig();
$provider = PhabricatorAuthProvider::getEnabledProviderByKey($key); if (!$config->getIsEnabled()) {
if (!$provider) {
return false; return false;
} }
$provider = $config->getProvider();
if (!$provider->shouldAllowLogin()) { if (!$provider->shouldAllowLogin()) {
return false; return false;
} }
@ -125,6 +119,14 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
return idx($map, $type, pht('"%s" User', $type)); return idx($map, $type, pht('"%s" User', $type));
} }
public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
$this->providerConfig = $config;
return $this;
}
public function getProviderConfig() {
return $this->assertAttached($this->providerConfig);
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */ /* -( PhabricatorPolicyInterface )----------------------------------------- */