Give ExternalAccount a providerConfigPHID, tying it to a particular provider

Summary:
Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by `providerType` + `providerDomain`. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The `domain` also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value `self` in all cases. Yeah, yikes.

Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world.

(On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.)

Test Plan: Ran migrations, sanity-checked database. See followup changes for more comprehensive testing.

Reviewers: amckinley

Reviewed By: amckinley

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T6703

Differential Revision: https://secure.phabricator.com/D20112

resources/sql/autopatches/20190206.external.03.providerphid.sql

@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_user.user_externalaccount
+  ADD providerConfigPHID VARBINARY(64) NOT NULL;

resources/sql/autopatches/20190206.external.04.providerlink.php

@@ -0,0 +1,36 @@
+<?php
+
+$account_table = new PhabricatorExternalAccount();
+$account_conn = $account_table->establishConnection('w');
+$table_name = $account_table->getTableName();
+
+$config_table = new PhabricatorAuthProviderConfig();
+$config_conn = $config_table->establishConnection('w');
+
+foreach (new LiskRawMigrationIterator($account_conn, $table_name) as $row) {
+  if (strlen($row['providerConfigPHID'])) {
+    continue;
+  }
+
+  $config_row = queryfx_one(
+    $config_conn,
+    'SELECT phid
+      FROM %R
+      WHERE providerType = %s AND providerDomain = %s
+      LIMIT 1',
+    $config_table,
+    $row['accountType'],
+    $row['accountDomain']);
+  if (!$config_row) {
+    continue;
+  }
+
+  queryfx(
+    $account_conn,
+    'UPDATE %R
+      SET providerConfigPHID = %s
+      WHERE id = %d',
+    $account_table,
+    $config_row['phid'],
+    $row['id']);
+}

src/applications/auth/controller/PhabricatorAuthRegisterController.php

@@ -671,7 +671,7 @@ final class PhabricatorAuthRegisterController
     }
 
     $provider = head($providers);
-    $account = $provider->getDefaultExternalAccount();
+    $account = $provider->newDefaultExternalAccount();
 
     return array($account, $provider, $response);
   }

src/applications/auth/provider/PhabricatorAuthProvider.php

@@ -220,9 +220,7 @@ abstract class PhabricatorAuthProvider extends Phobject {
       $adapter->getAdapterDomain(),
       $account_id);
     if (!$account) {
-      $account = id(new PhabricatorExternalAccount())
+      $account = $this->newExternalAccount()
-        ->setAccountType($adapter->getAdapterType())
-        ->setAccountDomain($adapter->getAdapterDomain())
         ->setAccountID($account_id);
     }
 
@@ -299,8 +297,18 @@ abstract class PhabricatorAuthProvider extends Phobject {
     return false;
   }
 
-  public function getDefaultExternalAccount() {
+  public function newDefaultExternalAccount() {
-    throw new PhutilMethodNotImplementedException();
+    return $this->newExternalAccount();
+  }
+
+  protected function newExternalAccount() {
+    $config = $this->getProviderConfig();
+    $adapter = $this->getAdapter();
+
+    return id(new PhabricatorExternalAccount())
+      ->setAccountType($adapter->getAdapterType())
+      ->setAccountDomain($adapter->getAdapterDomain())
+      ->setProviderConfigPHID($config->getPHID());
   }
 
   public function getLoginOrder() {

src/applications/auth/provider/PhabricatorPasswordAuthProvider.php

@@ -359,14 +359,6 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
     return true;
   }
 
-  public function getDefaultExternalAccount() {
-    $adapter = $this->getAdapter();
-
-    return id(new PhabricatorExternalAccount())
-      ->setAccountType($adapter->getAdapterType())
-      ->setAccountDomain($adapter->getAdapterDomain());
-  }
-
   protected function willSaveAccount(PhabricatorExternalAccount $account) {
     parent::willSaveAccount($account);
     $account->setUserPHID($account->getAccountID());

src/applications/auth/query/PhabricatorExternalAccountQuery.php

@@ -71,6 +71,26 @@ final class PhabricatorExternalAccountQuery
   }
 
   protected function willFilterPage(array $accounts) {
+    $viewer = $this->getViewer();
+
+    $configs = id(new PhabricatorAuthProviderConfigQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(mpull($accounts, 'getProviderConfigPHID'))
+      ->execute();
+    $configs = mpull($configs, null, 'getPHID');
+
+    foreach ($accounts as $key => $account) {
+      $config_phid = $account->getProviderConfigPHID();
+      $config = idx($configs, $config_phid);
+
+      if (!$config) {
+        unset($accounts[$key]);
+        continue;
+      }
+
+      $account->attachProviderConfig($config);
+    }
+
     if ($this->needImages) {
       $file_phids = mpull($accounts, 'getProfileImagePHID');
       $file_phids = array_filter($file_phids);

src/applications/people/storage/PhabricatorExternalAccount.php

@@ -16,8 +16,10 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
   protected $accountURI;
   protected $profileImagePHID;
   protected $properties = array();
+  protected $providerConfigPHID;
 
   private $profileImageFile = self::ATTACHABLE;
+  private $providerConfig = self::ATTACHABLE;
 
   public function getProfileImageFile() {
     return $this->assertAttached($this->profileImageFile);
@@ -65,13 +67,6 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
     ) + parent::getConfiguration();
   }
 
-  public function getPhabricatorUser() {
-    $tmp_usr = id(new PhabricatorUser())
-      ->makeEphemeral()
-      ->setPHID($this->getPHID());
-    return $tmp_usr;
-  }
-
   public function getProviderKey() {
     return $this->getAccountType().':'.$this->getAccountDomain();
   }
@@ -93,13 +88,12 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
   }
 
   public function isUsableForLogin() {
-    $key = $this->getProviderKey();
+    $config = $this->getProviderConfig();
-    $provider = PhabricatorAuthProvider::getEnabledProviderByKey($key);
+    if (!$config->getIsEnabled()) {
-
-    if (!$provider) {
       return false;
     }
 
+    $provider = $config->getProvider();
     if (!$provider->shouldAllowLogin()) {
       return false;
     }
@@ -125,6 +119,14 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
     return idx($map, $type, pht('"%s" User', $type));
   }
 
+  public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
+    $this->providerConfig = $config;
+    return $this;
+  }
+
+  public function getProviderConfig() {
+    return $this->assertAttached($this->providerConfig);
+  }
 
 
 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */