1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 10:12:41 +01:00

Add storage for Auth configuration in preparation for moving it into a web interface

Summary:
Ref T1536. Currently, we have about 40 auth-related configuration options. This is already roughly 20% of our config, and we want to add more providers. Additionally, we want to turn some of these auth options into multi-auth options (e.g., allow multiple Phabricator OAuth installs, or, theoretically multiple LDAP servers).

I'm going to move this into a separate "Auth" tool with a minimal CLI (`bin/auth`) interface and a more full web interface. Roughly:

  - Administrators will use the app to manage authentication providers.
  - The `bin/auth` CLI will provide a safety hatch if you lock yourself out by disabling all usable providers somehow.
  - We'll migrate existing configuration into the app and remove it.

General goals:

  - Make it much easier to configure authentication by providing an interface for it.
  - Make it easier to configure everything else by reducing the total number of available options.

Test Plan: Ran storage upgrade.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6196
This commit is contained in:
epriestley 2013-06-17 10:48:41 -07:00
parent 86ff112eeb
commit 5f29ccaaca
7 changed files with 128 additions and 0 deletions

View file

@ -0,0 +1,40 @@
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfig (
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
providerClass VARCHAR(128) NOT NULL COLLATE utf8_bin,
providerType VARCHAR(64) NOT NULL COLLATE utf8_bin,
providerDomain VARCHAR(128) NOT NULL COLLATE utf8_bin,
isEnabled BOOL NOT NULL,
shouldAllowLogin BOOL NOT NULL,
shouldAllowRegistration BOOL NOT NULL,
shouldAllowLink BOOL NOT NULL,
shouldAllowUnlink BOOL NOT NULL,
properties LONGTEXT NOT NULL COLLATE utf8_bin,
dateCreated INT UNSIGNED NOT NULL,
dateModified INT UNSIGNED NOT NULL,
UNIQUE KEY `key_phid` (phid),
KEY `key_class` (providerClass),
UNIQUE KEY `key_provider` (providerType, providerDomain)
) ENGINE=InnoDB, COLLATE utf8_general_ci;
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfigtransaction (
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
authorPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
objectPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
viewPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
editPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
commentPHID VARCHAR(64) COLLATE utf8_bin,
commentVersion INT UNSIGNED NOT NULL,
transactionType VARCHAR(32) NOT NULL COLLATE utf8_bin,
oldValue LONGTEXT NOT NULL COLLATE utf8_bin,
newValue LONGTEXT NOT NULL COLLATE utf8_bin,
metadata LONGTEXT NOT NULL COLLATE utf8_bin,
contentSource LONGTEXT NOT NULL COLLATE utf8_bin,
dateCreated INT UNSIGNED NOT NULL,
dateModified INT UNSIGNED NOT NULL,
UNIQUE KEY `key_phid` (phid),
KEY `key_object` (objectPHID)
) ENGINE=InnoDB, COLLATE utf8_general_ci;

View file

@ -817,9 +817,12 @@ phutil_register_library_map(array(
'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php', 'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php',
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php', 'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php', 'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
'PhabricatorAuthDAO' => 'applications/auth/storage/PhabricatorAuthDAO.php',
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php', 'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php', 'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php', 'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
'PhabricatorAuthProviderConfigTransaction' => 'applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php',
'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php', 'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php',
'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php', 'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php',
'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php', 'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php',
@ -2682,8 +2685,11 @@ phutil_register_library_map(array(
'PhabricatorAuthAccountView' => 'AphrontView', 'PhabricatorAuthAccountView' => 'AphrontView',
'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController', 'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController',
'PhabricatorAuthController' => 'PhabricatorController', 'PhabricatorAuthController' => 'PhabricatorController',
'PhabricatorAuthDAO' => 'PhabricatorLiskDAO',
'PhabricatorAuthLinkController' => 'PhabricatorAuthController', 'PhabricatorAuthLinkController' => 'PhabricatorAuthController',
'PhabricatorAuthLoginController' => 'PhabricatorAuthController', 'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
'PhabricatorAuthProviderConfig' => 'PhabricatorAuthDAO',
'PhabricatorAuthProviderConfigTransaction' => 'PhabricatorApplicationTransaction',
'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider', 'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider',
'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider', 'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider',
'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth', 'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth',

View file

@ -0,0 +1,9 @@
<?php
abstract class PhabricatorAuthDAO extends PhabricatorLiskDAO {
public function getApplicationName() {
return 'auth';
}
}

View file

@ -0,0 +1,41 @@
<?php
final class PhabricatorAuthProviderConfig extends PhabricatorAuthDAO {
protected $phid;
protected $providerClass;
protected $providerType;
protected $providerDomain;
protected $isEnabled = 0;
protected $shouldAllowLogin = 0;
protected $shouldAllowRegistration = 0;
protected $shouldAllowLink = 0;
protected $shouldAllowUnlink = 0;
protected $properties = array();
public function generatePHID() {
return PhabricatorPHID::generateNewPHID(
PhabricatorPHIDConstants::PHID_TYPE_AUTH);
}
public function getConfiguration() {
return array(
self::CONFIG_SERIALIZATION => array(
'properties' => self::SERIALIZATION_JSON,
),
) + parent::getConfiguration();
}
public function getProperty($key, $default = null) {
return idx($this->properties, $key, $default);
}
public function setProperty($key, $value) {
$this->properties[$key] = $value;
return $this;
}
}

View file

@ -0,0 +1,23 @@
<?php
final class PhabricatorAuthProviderConfigTransaction
extends PhabricatorApplicationTransaction {
public function getApplicationName() {
return 'auth';
}
public function getApplicationTransactionType() {
return PhabricatorPHIDConstants::PHID_TYPE_AUTH;
}
public function getApplicationTransactionCommentObject() {
return null;
}
public function getApplicationObjectTypeName() {
return pht('authentication provider');
}
}

View file

@ -47,6 +47,7 @@ final class PhabricatorPHIDConstants {
const PHID_TYPE_BOOK = 'BOOK'; const PHID_TYPE_BOOK = 'BOOK';
const PHID_TYPE_ATOM = 'ATOM'; const PHID_TYPE_ATOM = 'ATOM';
const PHID_TYPE_AUTH = 'AUTH';
const PHID_TYPE_VOID = 'VOID'; const PHID_TYPE_VOID = 'VOID';
const PHID_VOID = 'PHID-VOID-00000000000000000000'; const PHID_VOID = 'PHID-VOID-00000000000000000000';

View file

@ -191,6 +191,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
'type' => 'db', 'type' => 'db',
'name' => 'diviner', 'name' => 'diviner',
), ),
'db.auth' => array(
'type' => 'db',
'name' => 'auth',
),
'0000.legacy.sql' => array( '0000.legacy.sql' => array(
'type' => 'sql', 'type' => 'sql',
'name' => $this->getPatchPath('0000.legacy.sql'), 'name' => $this->getPatchPath('0000.legacy.sql'),
@ -1366,6 +1370,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
'type' => 'php', 'type' => 'php',
'name' => $this->getPatchPath('20130611.nukeldap.php'), 'name' => $this->getPatchPath('20130611.nukeldap.php'),
), ),
'20130613.authdb.sql' => array(
'type' => 'sql',
'name' => $this->getPatchPath('20130613.authdb.sql'),
),
); );
} }
} }