Give ExternalAccount a providerConfigPHID, tying it to a particular provider

Summary: Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by `providerType` + `providerDomain`. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The `domain` also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value `self` in all cases. Yeah, yikes. Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world. (On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.) Test Plan: Ran migrations, sanity-checked database. See followup changes for more comprehensive testing. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T6703 Differential Revision: https://secure.phabricator.com/D20112
2024-11-10 00:42:41 +01:00 · 2019-02-06 13:11:34 -08:00 · 2019-02-06 13:11:34 -08:00 · 541d794c13
commit 541d794c13
parent 55c18bc900
7 changed files with 85 additions and 25 deletions
--- a/resources/sql/autopatches/20190206.external.03.providerphid.sql
+++ b/resources/sql/autopatches/20190206.external.03.providerphid.sql
@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_user.user_externalaccount
+  ADD providerConfigPHID VARBINARY(64) NOT NULL;
--- a/resources/sql/autopatches/20190206.external.04.providerlink.php
+++ b/resources/sql/autopatches/20190206.external.04.providerlink.php
@ -0,0 +1,36 @@
+<?php
+
+$account_table = new PhabricatorExternalAccount();
+$account_conn = $account_table->establishConnection('w');
+$table_name = $account_table->getTableName();
+
+$config_table = new PhabricatorAuthProviderConfig();
+$config_conn = $config_table->establishConnection('w');
+
+foreach (new LiskRawMigrationIterator($account_conn, $table_name) as $row) {
+  if (strlen($row['providerConfigPHID'])) {
+    continue;
+  }
+
+  $config_row = queryfx_one(
+    $config_conn,
+    'SELECT phid
+      FROM %R
+      WHERE providerType = %s AND providerDomain = %s
+      LIMIT 1',
+    $config_table,
+    $row['accountType'],
+    $row['accountDomain']);
+  if (!$config_row) {
+    continue;
+  }
+
+  queryfx(
+    $account_conn,
+    'UPDATE %R
+      SET providerConfigPHID = %s
+      WHERE id = %d',
+    $account_table,
+    $config_row['phid'],
+    $row['id']);
+}
--- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php
+++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php
@ -671,7 +671,7 @@ final class PhabricatorAuthRegisterController
    }

    $provider = head($providers);
-    $account = $provider->getDefaultExternalAccount();
+    $account = $provider->newDefaultExternalAccount();

    return array($account, $provider, $response);
  }
--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
@ -220,9 +220,7 @@ abstract class PhabricatorAuthProvider extends Phobject {
      $adapter->getAdapterDomain(),
      $account_id);
    if (!$account) {
-      $account = id(new PhabricatorExternalAccount())
-        ->setAccountType($adapter->getAdapterType())
-        ->setAccountDomain($adapter->getAdapterDomain())
+      $account = $this->newExternalAccount()
        ->setAccountID($account_id);
    }

@ -299,8 +297,18 @@ abstract class PhabricatorAuthProvider extends Phobject {
    return false;
  }

-  public function getDefaultExternalAccount() {
-    throw new PhutilMethodNotImplementedException();
+  public function newDefaultExternalAccount() {
+    return $this->newExternalAccount();
+  }
+
+  protected function newExternalAccount() {
+    $config = $this->getProviderConfig();
+    $adapter = $this->getAdapter();
+
+    return id(new PhabricatorExternalAccount())
+      ->setAccountType($adapter->getAdapterType())
+      ->setAccountDomain($adapter->getAdapterDomain())
+      ->setProviderConfigPHID($config->getPHID());
  }

  public function getLoginOrder() {
--- a/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorPasswordAuthProvider.php
@ -359,14 +359,6 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
    return true;
  }

-  public function getDefaultExternalAccount() {
-    $adapter = $this->getAdapter();
-
-    return id(new PhabricatorExternalAccount())
-      ->setAccountType($adapter->getAdapterType())
-      ->setAccountDomain($adapter->getAdapterDomain());
-  }
-
  protected function willSaveAccount(PhabricatorExternalAccount $account) {
    parent::willSaveAccount($account);
    $account->setUserPHID($account->getAccountID());
--- a/src/applications/auth/query/PhabricatorExternalAccountQuery.php
+++ b/src/applications/auth/query/PhabricatorExternalAccountQuery.php
@ -71,6 +71,26 @@ final class PhabricatorExternalAccountQuery
  }

  protected function willFilterPage(array $accounts) {
+    $viewer = $this->getViewer();
+
+    $configs = id(new PhabricatorAuthProviderConfigQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(mpull($accounts, 'getProviderConfigPHID'))
+      ->execute();
+    $configs = mpull($configs, null, 'getPHID');
+
+    foreach ($accounts as $key => $account) {
+      $config_phid = $account->getProviderConfigPHID();
+      $config = idx($configs, $config_phid);
+
+      if (!$config) {
+        unset($accounts[$key]);
+        continue;
+      }
+
+      $account->attachProviderConfig($config);
+    }
+
    if ($this->needImages) {
      $file_phids = mpull($accounts, 'getProfileImagePHID');
      $file_phids = array_filter($file_phids);
--- a/src/applications/people/storage/PhabricatorExternalAccount.php
+++ b/src/applications/people/storage/PhabricatorExternalAccount.php
@ -16,8 +16,10 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
  protected $accountURI;
  protected $profileImagePHID;
  protected $properties = array();
+  protected $providerConfigPHID;

  private $profileImageFile = self::ATTACHABLE;
+  private $providerConfig = self::ATTACHABLE;

  public function getProfileImageFile() {
    return $this->assertAttached($this->profileImageFile);
@ -65,13 +67,6 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
    ) + parent::getConfiguration();
  }

-  public function getPhabricatorUser() {
-    $tmp_usr = id(new PhabricatorUser())
-      ->makeEphemeral()
-      ->setPHID($this->getPHID());
-    return $tmp_usr;
-  }
-
  public function getProviderKey() {
    return $this->getAccountType().':'.$this->getAccountDomain();
  }
@ -93,13 +88,12 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
  }

  public function isUsableForLogin() {
-    $key = $this->getProviderKey();
-    $provider = PhabricatorAuthProvider::getEnabledProviderByKey($key);
-
-    if (!$provider) {
+    $config = $this->getProviderConfig();
+    if (!$config->getIsEnabled()) {
      return false;
    }

+    $provider = $config->getProvider();
    if (!$provider->shouldAllowLogin()) {
      return false;
    }
@ -125,6 +119,14 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
    return idx($map, $type, pht('"%s" User', $type));
  }

+  public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
+    $this->providerConfig = $config;
+    return $this;
+  }
+
+  public function getProviderConfig() {
+    return $this->assertAttached($this->providerConfig);
+  }


 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */