Allow login to be disabled for authentication providers

Summary:
Fixes T9997. This was in the database since v0, I just never hooked up the UI since it wasn't previously meaningful.

However, it now makes sense to have a provider like Asana with login disabled and use it only for integrations.

Test Plan: Disabled login on a provider, verified it was no longer available for login/registration but still linkable.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9997

Differential Revision: https://secure.phabricator.com/D14794

src/applications/auth/controller/config/PhabricatorAuthEditController.php

@@ -79,6 +79,7 @@ final class PhabricatorAuthEditController
 
     $errors = array();
 
+    $v_login = $config->getShouldAllowLogin();
     $v_registration = $config->getShouldAllowRegistration();
     $v_link = $config->getShouldAllowLink();
     $v_unlink = $config->getShouldAllowUnlink();
@@ -104,6 +105,11 @@ final class PhabricatorAuthEditController
           }
         }
 
+        $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
+          ->setTransactionType(
+            PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN)
+          ->setNewValue($request->getInt('allowLogin', 0));
+
         $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
           ->setTransactionType(
             PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION)
@@ -199,6 +205,14 @@ final class PhabricatorAuthEditController
         $config_name);
     }
 
+    $str_login = array(
+      phutil_tag('strong', array(), pht('Allow Login:')),
+      ' ',
+      pht(
+        'Allow users to log in using this provider. If you disable login, '.
+        'users can still use account integrations for this provider.'),
+    );
+
     $str_registration = array(
       phutil_tag('strong', array(), pht('Allow Registration:')),
       ' ',
@@ -268,6 +282,13 @@ final class PhabricatorAuthEditController
       ->appendChild(
         id(new AphrontFormCheckboxControl())
           ->setLabel(pht('Allow'))
+          ->addCheckbox(
+            'allowLogin',
+            1,
+            $str_login,
+            $v_login))
+      ->appendChild(
+        id(new AphrontFormCheckboxControl())
           ->addCheckbox(
             'allowRegistration',
             1,

src/applications/auth/editor/PhabricatorAuthProviderConfigEditor.php

@@ -15,6 +15,7 @@ final class PhabricatorAuthProviderConfigEditor
     $types = parent::getTransactionTypes();
 
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE;
+    $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_LINK;
     $types[] = PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK;
@@ -36,6 +37,8 @@ final class PhabricatorAuthProviderConfigEditor
         } else {
           return (int)$object->getIsEnabled();
         }
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return (int)$object->getShouldAllowLogin();
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return (int)$object->getShouldAllowRegistration();
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -59,6 +62,7 @@ final class PhabricatorAuthProviderConfigEditor
 
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:
@@ -76,6 +80,8 @@ final class PhabricatorAuthProviderConfigEditor
     switch ($xaction->getTransactionType()) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
         return $object->setIsEnabled($v);
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
+        return $object->setShouldAllowLogin($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
         return $object->setShouldAllowRegistration($v);
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
@@ -106,6 +112,7 @@ final class PhabricatorAuthProviderConfigEditor
     $type = $u->getTransactionType();
     switch ($type) {
       case PhabricatorAuthProviderConfigTransaction::TYPE_ENABLE:
+      case PhabricatorAuthProviderConfigTransaction::TYPE_LOGIN:
       case PhabricatorAuthProviderConfigTransaction::TYPE_REGISTRATION:
       case PhabricatorAuthProviderConfigTransaction::TYPE_LINK:
       case PhabricatorAuthProviderConfigTransaction::TYPE_UNLINK:

src/applications/auth/provider/PhabricatorAuthProvider.php

@@ -121,6 +121,10 @@ abstract class PhabricatorAuthProvider extends Phobject {
   }
 
   public function shouldAllowRegistration() {
+    if (!$this->shouldAllowLogin()) {
+      return false;
+    }
+
     return $this->getProviderConfig()->getShouldAllowRegistration();
   }
 

src/applications/auth/storage/PhabricatorAuthProviderConfigTransaction.php

@@ -4,6 +4,7 @@ final class PhabricatorAuthProviderConfigTransaction
   extends PhabricatorApplicationTransaction {
 
   const TYPE_ENABLE         = 'config:enable';
+  const TYPE_LOGIN          = 'config:login';
   const TYPE_REGISTRATION   = 'config:registration';
   const TYPE_LINK           = 'config:link';
   const TYPE_UNLINK         = 'config:unlink';
@@ -90,6 +91,17 @@ final class PhabricatorAuthProviderConfigTransaction
             $this->renderHandleLink($author_phid));
         }
         break;
+      case self::TYPE_LOGIN:
+        if ($new) {
+          return pht(
+            '%s enabled login.',
+            $this->renderHandleLink($author_phid));
+        } else {
+          return pht(
+            '%s disabled login.',
+            $this->renderHandleLink($author_phid));
+        }
+        break;
       case self::TYPE_REGISTRATION:
         if ($new) {
           return pht(