mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Give ExternalAccount a providerConfigPHID, tying it to a particular provider
Summary: Depends on D20111. Ref T6703. Currently, each ExternalAccount row is tied to a provider by `providerType` + `providerDomain`. This effectively prevents multiple providers of the same type, since, e.g., two LDAP providers may be on different ports on the same domain. The `domain` also isn't really a useful idea anyway because you can move which hostname an LDAP server is on, and LDAP actually uses the value `self` in all cases. Yeah, yikes. Instead, just bind each account to a particular provider. Then we can have an LDAP "alice" on seven different servers on different ports on the same machine and they can all move around and we'll still have a consistent, cohesive view of the world. (On its own, this creates some issues with the link/unlink/refresh flows. Those will be updated in followups, and doing this change in a way with no intermediate breaks would require fixing them to use IDs to reference providerType/providerDomain, then fixing this, then undoing the first fix most of the way.) Test Plan: Ran migrations, sanity-checked database. See followup changes for more comprehensive testing. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T6703 Differential Revision: https://secure.phabricator.com/D20112
This commit is contained in:
parent
55c18bc900
commit
541d794c13
7 changed files with 85 additions and 25 deletions
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE {$NAMESPACE}_user.user_externalaccount
|
||||
ADD providerConfigPHID VARBINARY(64) NOT NULL;
|
|
@ -0,0 +1,36 @@
|
|||
<?php
|
||||
|
||||
$account_table = new PhabricatorExternalAccount();
|
||||
$account_conn = $account_table->establishConnection('w');
|
||||
$table_name = $account_table->getTableName();
|
||||
|
||||
$config_table = new PhabricatorAuthProviderConfig();
|
||||
$config_conn = $config_table->establishConnection('w');
|
||||
|
||||
foreach (new LiskRawMigrationIterator($account_conn, $table_name) as $row) {
|
||||
if (strlen($row['providerConfigPHID'])) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$config_row = queryfx_one(
|
||||
$config_conn,
|
||||
'SELECT phid
|
||||
FROM %R
|
||||
WHERE providerType = %s AND providerDomain = %s
|
||||
LIMIT 1',
|
||||
$config_table,
|
||||
$row['accountType'],
|
||||
$row['accountDomain']);
|
||||
if (!$config_row) {
|
||||
continue;
|
||||
}
|
||||
|
||||
queryfx(
|
||||
$account_conn,
|
||||
'UPDATE %R
|
||||
SET providerConfigPHID = %s
|
||||
WHERE id = %d',
|
||||
$account_table,
|
||||
$config_row['phid'],
|
||||
$row['id']);
|
||||
}
|
|
@ -671,7 +671,7 @@ final class PhabricatorAuthRegisterController
|
|||
}
|
||||
|
||||
$provider = head($providers);
|
||||
$account = $provider->getDefaultExternalAccount();
|
||||
$account = $provider->newDefaultExternalAccount();
|
||||
|
||||
return array($account, $provider, $response);
|
||||
}
|
||||
|
|
|
@ -220,9 +220,7 @@ abstract class PhabricatorAuthProvider extends Phobject {
|
|||
$adapter->getAdapterDomain(),
|
||||
$account_id);
|
||||
if (!$account) {
|
||||
$account = id(new PhabricatorExternalAccount())
|
||||
->setAccountType($adapter->getAdapterType())
|
||||
->setAccountDomain($adapter->getAdapterDomain())
|
||||
$account = $this->newExternalAccount()
|
||||
->setAccountID($account_id);
|
||||
}
|
||||
|
||||
|
@ -299,8 +297,18 @@ abstract class PhabricatorAuthProvider extends Phobject {
|
|||
return false;
|
||||
}
|
||||
|
||||
public function getDefaultExternalAccount() {
|
||||
throw new PhutilMethodNotImplementedException();
|
||||
public function newDefaultExternalAccount() {
|
||||
return $this->newExternalAccount();
|
||||
}
|
||||
|
||||
protected function newExternalAccount() {
|
||||
$config = $this->getProviderConfig();
|
||||
$adapter = $this->getAdapter();
|
||||
|
||||
return id(new PhabricatorExternalAccount())
|
||||
->setAccountType($adapter->getAdapterType())
|
||||
->setAccountDomain($adapter->getAdapterDomain())
|
||||
->setProviderConfigPHID($config->getPHID());
|
||||
}
|
||||
|
||||
public function getLoginOrder() {
|
||||
|
|
|
@ -359,14 +359,6 @@ final class PhabricatorPasswordAuthProvider extends PhabricatorAuthProvider {
|
|||
return true;
|
||||
}
|
||||
|
||||
public function getDefaultExternalAccount() {
|
||||
$adapter = $this->getAdapter();
|
||||
|
||||
return id(new PhabricatorExternalAccount())
|
||||
->setAccountType($adapter->getAdapterType())
|
||||
->setAccountDomain($adapter->getAdapterDomain());
|
||||
}
|
||||
|
||||
protected function willSaveAccount(PhabricatorExternalAccount $account) {
|
||||
parent::willSaveAccount($account);
|
||||
$account->setUserPHID($account->getAccountID());
|
||||
|
|
|
@ -71,6 +71,26 @@ final class PhabricatorExternalAccountQuery
|
|||
}
|
||||
|
||||
protected function willFilterPage(array $accounts) {
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
$configs = id(new PhabricatorAuthProviderConfigQuery())
|
||||
->setViewer($viewer)
|
||||
->withPHIDs(mpull($accounts, 'getProviderConfigPHID'))
|
||||
->execute();
|
||||
$configs = mpull($configs, null, 'getPHID');
|
||||
|
||||
foreach ($accounts as $key => $account) {
|
||||
$config_phid = $account->getProviderConfigPHID();
|
||||
$config = idx($configs, $config_phid);
|
||||
|
||||
if (!$config) {
|
||||
unset($accounts[$key]);
|
||||
continue;
|
||||
}
|
||||
|
||||
$account->attachProviderConfig($config);
|
||||
}
|
||||
|
||||
if ($this->needImages) {
|
||||
$file_phids = mpull($accounts, 'getProfileImagePHID');
|
||||
$file_phids = array_filter($file_phids);
|
||||
|
|
|
@ -16,8 +16,10 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
|
|||
protected $accountURI;
|
||||
protected $profileImagePHID;
|
||||
protected $properties = array();
|
||||
protected $providerConfigPHID;
|
||||
|
||||
private $profileImageFile = self::ATTACHABLE;
|
||||
private $providerConfig = self::ATTACHABLE;
|
||||
|
||||
public function getProfileImageFile() {
|
||||
return $this->assertAttached($this->profileImageFile);
|
||||
|
@ -65,13 +67,6 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
|
|||
) + parent::getConfiguration();
|
||||
}
|
||||
|
||||
public function getPhabricatorUser() {
|
||||
$tmp_usr = id(new PhabricatorUser())
|
||||
->makeEphemeral()
|
||||
->setPHID($this->getPHID());
|
||||
return $tmp_usr;
|
||||
}
|
||||
|
||||
public function getProviderKey() {
|
||||
return $this->getAccountType().':'.$this->getAccountDomain();
|
||||
}
|
||||
|
@ -93,13 +88,12 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
|
|||
}
|
||||
|
||||
public function isUsableForLogin() {
|
||||
$key = $this->getProviderKey();
|
||||
$provider = PhabricatorAuthProvider::getEnabledProviderByKey($key);
|
||||
|
||||
if (!$provider) {
|
||||
$config = $this->getProviderConfig();
|
||||
if (!$config->getIsEnabled()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$provider = $config->getProvider();
|
||||
if (!$provider->shouldAllowLogin()) {
|
||||
return false;
|
||||
}
|
||||
|
@ -125,6 +119,14 @@ final class PhabricatorExternalAccount extends PhabricatorUserDAO
|
|||
return idx($map, $type, pht('"%s" User', $type));
|
||||
}
|
||||
|
||||
public function attachProviderConfig(PhabricatorAuthProviderConfig $config) {
|
||||
$this->providerConfig = $config;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getProviderConfig() {
|
||||
return $this->assertAttached($this->providerConfig);
|
||||
}
|
||||
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
|
Loading…
Reference in a new issue