mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 10:12:41 +01:00
Add storage for Auth configuration in preparation for moving it into a web interface
Summary: Ref T1536. Currently, we have about 40 auth-related configuration options. This is already roughly 20% of our config, and we want to add more providers. Additionally, we want to turn some of these auth options into multi-auth options (e.g., allow multiple Phabricator OAuth installs, or, theoretically multiple LDAP servers). I'm going to move this into a separate "Auth" tool with a minimal CLI (`bin/auth`) interface and a more full web interface. Roughly: - Administrators will use the app to manage authentication providers. - The `bin/auth` CLI will provide a safety hatch if you lock yourself out by disabling all usable providers somehow. - We'll migrate existing configuration into the app and remove it. General goals: - Make it much easier to configure authentication by providing an interface for it. - Make it easier to configure everything else by reducing the total number of available options. Test Plan: Ran storage upgrade. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6196
This commit is contained in:
parent
86ff112eeb
commit
5f29ccaaca
7 changed files with 128 additions and 0 deletions
40
resources/sql/patches/20130613.authdb.sql
Normal file
40
resources/sql/patches/20130613.authdb.sql
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfig (
|
||||||
|
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
||||||
|
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
providerClass VARCHAR(128) NOT NULL COLLATE utf8_bin,
|
||||||
|
providerType VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
providerDomain VARCHAR(128) NOT NULL COLLATE utf8_bin,
|
||||||
|
isEnabled BOOL NOT NULL,
|
||||||
|
shouldAllowLogin BOOL NOT NULL,
|
||||||
|
shouldAllowRegistration BOOL NOT NULL,
|
||||||
|
shouldAllowLink BOOL NOT NULL,
|
||||||
|
shouldAllowUnlink BOOL NOT NULL,
|
||||||
|
properties LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
dateCreated INT UNSIGNED NOT NULL,
|
||||||
|
dateModified INT UNSIGNED NOT NULL,
|
||||||
|
UNIQUE KEY `key_phid` (phid),
|
||||||
|
KEY `key_class` (providerClass),
|
||||||
|
UNIQUE KEY `key_provider` (providerType, providerDomain)
|
||||||
|
) ENGINE=InnoDB, COLLATE utf8_general_ci;
|
||||||
|
|
||||||
|
CREATE TABLE {$NAMESPACE}_auth.auth_providerconfigtransaction (
|
||||||
|
id INT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT,
|
||||||
|
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
authorPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
objectPHID VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
viewPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
editPolicy VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
commentPHID VARCHAR(64) COLLATE utf8_bin,
|
||||||
|
commentVersion INT UNSIGNED NOT NULL,
|
||||||
|
transactionType VARCHAR(32) NOT NULL COLLATE utf8_bin,
|
||||||
|
oldValue LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
newValue LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
metadata LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
contentSource LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
dateCreated INT UNSIGNED NOT NULL,
|
||||||
|
dateModified INT UNSIGNED NOT NULL,
|
||||||
|
|
||||||
|
UNIQUE KEY `key_phid` (phid),
|
||||||
|
KEY `key_object` (objectPHID)
|
||||||
|
|
||||||
|
) ENGINE=InnoDB, COLLATE utf8_general_ci;
|
|
@ -817,9 +817,12 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php',
|
'PhabricatorAuthAccountView' => 'applications/auth/view/PhabricatorAuthAccountView.php',
|
||||||
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
|
'PhabricatorAuthConfirmLinkController' => 'applications/auth/controller/PhabricatorAuthConfirmLinkController.php',
|
||||||
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
|
'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
|
||||||
|
'PhabricatorAuthDAO' => 'applications/auth/storage/PhabricatorAuthDAO.php',
|
||||||
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
|
||||||
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
|
||||||
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
|
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
|
||||||
|
'PhabricatorAuthProviderConfig' => 'applications/auth/storage/PhabricatorAuthProviderConfig.php',
|
||||||
|
'PhabricatorAuthProviderConfigTransaction' => 'applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php',
|
||||||
'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php',
|
'PhabricatorAuthProviderLDAP' => 'applications/auth/provider/PhabricatorAuthProviderLDAP.php',
|
||||||
'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php',
|
'PhabricatorAuthProviderOAuth' => 'applications/auth/provider/PhabricatorAuthProviderOAuth.php',
|
||||||
'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php',
|
'PhabricatorAuthProviderOAuthDisqus' => 'applications/auth/provider/PhabricatorAuthProviderOAuthDisqus.php',
|
||||||
|
@ -2682,8 +2685,11 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorAuthAccountView' => 'AphrontView',
|
'PhabricatorAuthAccountView' => 'AphrontView',
|
||||||
'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController',
|
'PhabricatorAuthConfirmLinkController' => 'PhabricatorAuthController',
|
||||||
'PhabricatorAuthController' => 'PhabricatorController',
|
'PhabricatorAuthController' => 'PhabricatorController',
|
||||||
|
'PhabricatorAuthDAO' => 'PhabricatorLiskDAO',
|
||||||
'PhabricatorAuthLinkController' => 'PhabricatorAuthController',
|
'PhabricatorAuthLinkController' => 'PhabricatorAuthController',
|
||||||
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
|
||||||
|
'PhabricatorAuthProviderConfig' => 'PhabricatorAuthDAO',
|
||||||
|
'PhabricatorAuthProviderConfigTransaction' => 'PhabricatorApplicationTransaction',
|
||||||
'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider',
|
'PhabricatorAuthProviderLDAP' => 'PhabricatorAuthProvider',
|
||||||
'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider',
|
'PhabricatorAuthProviderOAuth' => 'PhabricatorAuthProvider',
|
||||||
'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth',
|
'PhabricatorAuthProviderOAuthDisqus' => 'PhabricatorAuthProviderOAuth',
|
||||||
|
|
9
src/applications/auth/storage/PhabricatorAuthDAO.php
Normal file
9
src/applications/auth/storage/PhabricatorAuthDAO.php
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
abstract class PhabricatorAuthDAO extends PhabricatorLiskDAO {
|
||||||
|
|
||||||
|
public function getApplicationName() {
|
||||||
|
return 'auth';
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthProviderConfig extends PhabricatorAuthDAO {
|
||||||
|
|
||||||
|
protected $phid;
|
||||||
|
protected $providerClass;
|
||||||
|
protected $providerType;
|
||||||
|
protected $providerDomain;
|
||||||
|
|
||||||
|
protected $isEnabled = 0;
|
||||||
|
protected $shouldAllowLogin = 0;
|
||||||
|
protected $shouldAllowRegistration = 0;
|
||||||
|
protected $shouldAllowLink = 0;
|
||||||
|
protected $shouldAllowUnlink = 0;
|
||||||
|
|
||||||
|
protected $properties = array();
|
||||||
|
|
||||||
|
public function generatePHID() {
|
||||||
|
return PhabricatorPHID::generateNewPHID(
|
||||||
|
PhabricatorPHIDConstants::PHID_TYPE_AUTH);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getConfiguration() {
|
||||||
|
return array(
|
||||||
|
self::CONFIG_SERIALIZATION => array(
|
||||||
|
'properties' => self::SERIALIZATION_JSON,
|
||||||
|
),
|
||||||
|
) + parent::getConfiguration();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getProperty($key, $default = null) {
|
||||||
|
return idx($this->properties, $key, $default);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setProperty($key, $value) {
|
||||||
|
$this->properties[$key] = $value;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorAuthProviderConfigTransaction
|
||||||
|
extends PhabricatorApplicationTransaction {
|
||||||
|
|
||||||
|
public function getApplicationName() {
|
||||||
|
return 'auth';
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getApplicationTransactionType() {
|
||||||
|
return PhabricatorPHIDConstants::PHID_TYPE_AUTH;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getApplicationTransactionCommentObject() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getApplicationObjectTypeName() {
|
||||||
|
return pht('authentication provider');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -47,6 +47,7 @@ final class PhabricatorPHIDConstants {
|
||||||
|
|
||||||
const PHID_TYPE_BOOK = 'BOOK';
|
const PHID_TYPE_BOOK = 'BOOK';
|
||||||
const PHID_TYPE_ATOM = 'ATOM';
|
const PHID_TYPE_ATOM = 'ATOM';
|
||||||
|
const PHID_TYPE_AUTH = 'AUTH';
|
||||||
|
|
||||||
const PHID_TYPE_VOID = 'VOID';
|
const PHID_TYPE_VOID = 'VOID';
|
||||||
const PHID_VOID = 'PHID-VOID-00000000000000000000';
|
const PHID_VOID = 'PHID-VOID-00000000000000000000';
|
||||||
|
|
|
@ -191,6 +191,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
|
||||||
'type' => 'db',
|
'type' => 'db',
|
||||||
'name' => 'diviner',
|
'name' => 'diviner',
|
||||||
),
|
),
|
||||||
|
'db.auth' => array(
|
||||||
|
'type' => 'db',
|
||||||
|
'name' => 'auth',
|
||||||
|
),
|
||||||
'0000.legacy.sql' => array(
|
'0000.legacy.sql' => array(
|
||||||
'type' => 'sql',
|
'type' => 'sql',
|
||||||
'name' => $this->getPatchPath('0000.legacy.sql'),
|
'name' => $this->getPatchPath('0000.legacy.sql'),
|
||||||
|
@ -1366,6 +1370,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
|
||||||
'type' => 'php',
|
'type' => 'php',
|
||||||
'name' => $this->getPatchPath('20130611.nukeldap.php'),
|
'name' => $this->getPatchPath('20130611.nukeldap.php'),
|
||||||
),
|
),
|
||||||
|
'20130613.authdb.sql' => array(
|
||||||
|
'type' => 'sql',
|
||||||
|
'name' => $this->getPatchPath('20130613.authdb.sql'),
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue