Add storage for Auth configuration in preparation for moving it into a web interface

Summary:
Ref T1536. Currently, we have about 40 auth-related configuration options. This is already roughly 20% of our config, and we want to add more providers. Additionally, we want to turn some of these auth options into multi-auth options (e.g., allow multiple Phabricator OAuth installs, or, theoretically multiple LDAP servers).

I'm going to move this into a separate "Auth" tool with a minimal CLI (`bin/auth`) interface and a more full web interface. Roughly:

  - Administrators will use the app to manage authentication providers.
  - The `bin/auth` CLI will provide a safety hatch if you lock yourself out by disabling all usable providers somehow.
  - We'll migrate existing configuration into the app and remove it.

General goals:

  - Make it much easier to configure authentication by providing an interface for it.
  - Make it easier to configure everything else by reducing the total number of available options.

Test Plan: Ran storage upgrade.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6196

resources/sql/patches/20130613.authdb.sql

@@ -0,0 +1,40 @@
+CREATE TABLE {$NAMESPACE}_auth.auth_providerconfig (
+  id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
+  phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  providerClass VARCHAR(128) NOT NULL COLLATE utf8_bin,
+  providerType VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  providerDomain VARCHAR(128) NOT NULL COLLATE utf8_bin,
+  isEnabled BOOL NOT NULL,
+  shouldAllowLogin BOOL NOT NULL,
+  shouldAllowRegistration BOOL NOT NULL,
+  shouldAllowLink BOOL NOT NULL,
+  shouldAllowUnlink BOOL NOT NULL,
+  properties LONGTEXT NOT NULL COLLATE utf8_bin,
+  dateCreated INT UNSIGNED NOT NULL,
+  dateModified INT UNSIGNED NOT NULL,
+  UNIQUE KEY `key_phid` (phid),
+  KEY `key_class` (providerClass),
+  UNIQUE KEY `key_provider` (providerType, providerDomain)
+) ENGINE=InnoDB, COLLATE utf8_general_ci;
+
+CREATE TABLE {$NAMESPACE}_auth.auth_providerconfigtransaction (
+  id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
+  phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  authorPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  objectPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  viewPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  editPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
+  commentPHID VARCHAR(64) COLLATE utf8_bin,
+  commentVersion INT UNSIGNED NOT NULL,
+  transactionType VARCHAR(32) NOT NULL COLLATE utf8_bin,
+  oldValue LONGTEXT NOT NULL COLLATE utf8_bin,
+  newValue LONGTEXT NOT NULL COLLATE utf8_bin,
+  metadata LONGTEXT NOT NULL COLLATE utf8_bin,
+  contentSource LONGTEXT NOT NULL COLLATE utf8_bin,
+  dateCreated INT UNSIGNED NOT NULL,
+  dateModified INT UNSIGNED NOT NULL,
+
+  UNIQUE KEY `key_phid` (phid),
+  KEY `key_object` (objectPHID)
+
+) ENGINE=InnoDB, COLLATE utf8_general_ci;

src/__phutil_library_map__.php

@@ -817,9 +817,12 @@ phutil_register_library_map(array(
     'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php',
     'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
     'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
+    'PhabricatorAuthDAO' => 'applications/auth/storage/PhabricatorAuthDAO.php',
     'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
     'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
     'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
+    'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
+    'PhabricatorAuthProviderConfigTransaction' => 'applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php',
     'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php',
     'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php',
     'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php',
@@ -2682,8 +2685,11 @@ phutil_register_library_map(array(
     'PhabricatorAuthAccountView' => 'AphrontView',
     'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController',
     'PhabricatorAuthController' => 'PhabricatorController',
+    'PhabricatorAuthDAO' => 'PhabricatorLiskDAO',
     'PhabricatorAuthLinkController' => 'PhabricatorAuthController',
     'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
+    'PhabricatorAuthProviderConfig' => 'PhabricatorAuthDAO',
+    'PhabricatorAuthProviderConfigTransaction' => 'PhabricatorApplicationTransaction',
     'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider',
     'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider',
     'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth',

src/applications/auth/storage/PhabricatorAuthDAO.php

@@ -0,0 +1,9 @@
+<?php
+
+abstract class PhabricatorAuthDAO extends PhabricatorLiskDAO {
+
+  public function getApplicationName() {
+    return 'auth';
+  }
+
+}

src/applications/auth/storage/PhabricatorAuthProviderConfig.php

@@ -0,0 +1,41 @@
+<?php
+
+final class PhabricatorAuthProviderConfig extends PhabricatorAuthDAO {
+
+  protected $phid;
+  protected $providerClass;
+  protected $providerType;
+  protected $providerDomain;
+
+  protected $isEnabled                = 0;
+  protected $shouldAllowLogin         = 0;
+  protected $shouldAllowRegistration  = 0;
+  protected $shouldAllowLink          = 0;
+  protected $shouldAllowUnlink        = 0;
+
+  protected $properties = array();
+
+  public function generatePHID() {
+    return PhabricatorPHID::generateNewPHID(
+      PhabricatorPHIDConstants::PHID_TYPE_AUTH);
+  }
+
+  public function getConfiguration() {
+    return array(
+      self::CONFIG_SERIALIZATION => array(
+        'properties' => self::SERIALIZATION_JSON,
+      ),
+    ) + parent::getConfiguration();
+  }
+
+  public function getProperty($key, $default = null) {
+    return idx($this->properties, $key, $default);
+  }
+
+  public function setProperty($key, $value) {
+    $this->properties[$key] = $value;
+    return $this;
+  }
+
+
+}

src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php

@@ -0,0 +1,23 @@
+<?php
+
+final class PhabricatorAuthProviderConfigTransaction
+  extends PhabricatorApplicationTransaction {
+
+  public function getApplicationName() {
+    return 'auth';
+  }
+
+  public function getApplicationTransactionType() {
+    return PhabricatorPHIDConstants::PHID_TYPE_AUTH;
+  }
+
+  public function getApplicationTransactionCommentObject() {
+    return null;
+  }
+
+  public function getApplicationObjectTypeName() {
+    return pht('authentication provider');
+  }
+
+}
+

src/applications/phid/PhabricatorPHIDConstants.php

@@ -47,6 +47,7 @@ final class PhabricatorPHIDConstants {
 
   const PHID_TYPE_BOOK    = 'BOOK';
   const PHID_TYPE_ATOM    = 'ATOM';
+  const PHID_TYPE_AUTH    = 'AUTH';
 
   const PHID_TYPE_VOID    = 'VOID';
   const PHID_VOID         = 'PHID-VOID-00000000000000000000';

src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php

@@ -191,6 +191,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
         'type' => 'db',
         'name' => 'diviner',
       ),
+      'db.auth' => array(
+        'type' => 'db',
+        'name' => 'auth',
+      ),
       '0000.legacy.sql' => array(
         'type'    => 'sql',
         'name'    => $this->getPatchPath('0000.legacy.sql'),
@@ -1366,6 +1370,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
         'type' => 'php',
         'name' => $this->getPatchPath('20130611.nukeldap.php'),
       ),
+      '20130613.authdb.sql' => array(
+        'type' => 'sql',
+        'name' => $this->getPatchPath('20130613.authdb.sql'),
+      ),
     );
   }
 }