From 6c4c93a091fad8ac7f48e886d450860465fa891a Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 15 Dec 2015 14:48:55 -0800
Subject: [PATCH] Allow login to be disabled for authentication providers

Summary:
Fixes T9997. This was in the database since v0, I just never hooked up the UI since it wasn't previously meaningful.

However, it now makes sense to have a provider like Asana with login disabled and use it only for integrations.

Test Plan: Disabled login on a provider, verified it was no longer available for login/registration but still linkable.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9997

Differential Revision: https://secure.phabricator.com/D14794
---
 .../config/PhabricatorAuthEditController.php  | 21 +++++++++++++++++++
 .../PhabricatorAuthProviderConfigEditor.php   |  7 +++++++
 .../auth/provider/PhabricatorAuthProvider.php |  4 ++++
 ...abricatorAuthProviderConfigTransaction.php | 12 +++++++++++
 4 files changed, 44 insertions(+)

diff --git a/src/applications/auth/controller/config/PhabricatorAuthEditController.php b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
index 09742c3726..21ba6ef99a 100644
--- a/src/applications/auth/controller/config/PhabricatorAuthEditController.php
+++ b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
@@ -79,6 +79,7 @@ final class PhabricatorAuthEditController
 
     $errors = array();
 
+    $v_login = $config->getShouldAllowLogin();
     $v_registration = $config->getShouldAllowRegistration();
     $v_link = $config->getShouldAllowLink();
     $v_unlink = $config->getShouldAllowUnlink();
@@ -104,6 +105,11 @@ final class PhabricatorAuthEditController
           }
         }
 
+        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
+          ->setTransactionType(
+            PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN)
+          ->setNewValue($request->getInt('allowLogin', 0));
+
         $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
           ->setTransactionType(
             PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION)
@@ -199,6 +205,14 @@ final class PhabricatorAuthEditController
         $config_name);
     }
 
+    $str_login = array(
+      phutil_tag('strong', array(), pht('Allow Login:')),
+      ' ',
+      pht(
+        'Allow users to log in using this provider. If you disable login, '.
+        'users can still use account integrations for this provider.'),
+    );
+
     $str_registration = array(
       phutil_tag('strong', array(), pht('Allow Registration:')),
       ' ',
@@ -268,6 +282,13 @@ final class PhabricatorAuthEditController
       ->appendChild(
         id(new AphrontFormCheckboxControl())
           ->setLabel(pht('Allow'))
+          ->addCheckbox(
+            'allowLogin',
+            1,
+            $str_login,
+            $v_login))
+      ->appendChild(
+        id(new AphrontFormCheckboxControl())
           ->addCheckbox(
             'allowRegistration',
             1,
diff --git a/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php b/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
index cdb021678a..5599ff5364 100644
--- a/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
+++ b/src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php
@@ -15,6 +15,7 @@ final class PhabricatorAuthProviderConfigEditor
     $types = parent::getTransactionTypes();
 
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE;
+    $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
@@ -36,6 +37,8 @@ final class PhabricatorAuthProviderConfigEditor
         } else {
           return (int)$object->getIsEnabled();
         }
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return (int)$object->getShouldAllowLogin();
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return (int)$object->getShouldAllowRegistration();
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -59,6 +62,7 @@ final class PhabricatorAuthProviderConfigEditor
 
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
@@ -76,6 +80,8 @@ final class PhabricatorAuthProviderConfigEditor
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
         return $object->setIsEnabled($v);
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return $object->setShouldAllowLogin($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return $object->setShouldAllowRegistration($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -106,6 +112,7 @@ final class PhabricatorAuthProviderConfigEditor
     $type = $u->getTransactionType();
     switch ($type) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
diff --git a/src/applications/auth/provider/PhabricatorAuthProvider.php b/src/applications/auth/provider/PhabricatorAuthProvider.php
index 55e193f481..9484109943 100644
--- a/src/applications/auth/provider/PhabricatorAuthProvider.php
+++ b/src/applications/auth/provider/PhabricatorAuthProvider.php
@@ -121,6 +121,10 @@ abstract class PhabricatorAuthProvider extends Phobject {
   }
 
   public function shouldAllowRegistration() {
+    if (!$this->shouldAllowLogin()) {
+      return false;
+    }
+
     return $this->getProviderConfig()->getShouldAllowRegistration();
   }
 
diff --git a/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php b/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
index 3853c31a66..8314b652ce 100644
--- a/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
+++ b/src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php
@@ -4,6 +4,7 @@ final class PhabricatorAuthProviderConfigTransaction
   extends PhabricatorApplicationTransaction {
 
   const TYPE_ENABLE         = 'config:enable';
+  const TYPE_LOGIN          = 'config:login';
   const TYPE_REGISTRATION   = 'config:registration';
   const TYPE_LINK           = 'config:link';
   const TYPE_UNLINK         = 'config:unlink';
@@ -90,6 +91,17 @@ final class PhabricatorAuthProviderConfigTransaction
             $this->renderHandleLink($author_phid));
         }
         break;
+      case self::TYPE_LOGIN:
+        if ($new) {
+          return pht(
+            '%s enabled login.',
+            $this->renderHandleLink($author_phid));
+        } else {
+          return pht(
+            '%s disabled login.',
+            $this->renderHandleLink($author_phid));
+        }
+        break;
       case self::TYPE_REGISTRATION:
         if ($new) {
           return pht(