mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Actually enforce auth.lock-config
Summary: Forgot to post this after D20394. Fixes T7667. Test Plan: * Edited some providers with the config locked and unlocked. * Opened the edit form with the config unlocked, locked the config, then saved, and got a sensible error: {F6576023} Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T7667 Differential Revision: https://secure.phabricator.com/D20645
This commit is contained in:
Austin McKinley
parent
d2935fd7bd
commit
7852adb84b
4 changed files with 82 additions and 6 deletions
|
|
@ -79,6 +79,7 @@ final class PhabricatorAuthEditController
|
|||
}
|
||||
|
||||
$errors = array();
|
||||
$validation_exception = null;
|
||||
|
||||
$v_login = $config->getShouldAllowLogin();
|
||||
$v_registration = $config->getShouldAllowRegistration();
|
||||
|
|
@ -153,12 +154,16 @@ final class PhabricatorAuthEditController
|
|||
$editor = id(new PhabricatorAuthProviderConfigEditor())
|
||||
->setActor($viewer)
|
||||
->setContentSourceFromRequest($request)
|
||||
->setContinueOnNoEffect(true)
|
||||
->applyTransactions($config, $xactions);
|
||||
->setContinueOnNoEffect(true);
|
||||
|
||||
$next_uri = $config->getURI();
|
||||
try {
|
||||
$editor->applyTransactions($config, $xactions);
|
||||
$next_uri = $config->getURI();
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($next_uri);
|
||||
return id(new AphrontRedirectResponse())->setURI($next_uri);
|
||||
} catch (Exception $ex) {
|
||||
$validation_exception = $ex;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$properties = $provider->readFormValuesFromProvider();
|
||||
|
|
@ -325,12 +330,35 @@ final class PhabricatorAuthEditController
|
|||
|
||||
$provider->extendEditForm($request, $form, $properties, $issues);
|
||||
|
||||
$locked_config_key = 'auth.lock-config';
|
||||
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||
|
||||
$locked_warning = null;
|
||||
if ($is_locked && !$validation_exception) {
|
||||
$message = pht(
|
||||
'Authentication provider configuration is locked, and can not be '.
|
||||
'changed without being unlocked. See the configuration setting %s '.
|
||||
'for details.',
|
||||
phutil_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => '/config/edit/'.$locked_config_key,
|
||||
),
|
||||
$locked_config_key));
|
||||
$locked_warning = id(new PHUIInfoView())
|
||||
->setViewer($viewer)
|
||||
->setSeverity(PHUIInfoView::SEVERITY_WARNING)
|
||||
->setErrors(array($message));
|
||||
}
|
||||
|
||||
$form
|
||||
->appendChild(
|
||||
id(new AphrontFormSubmitControl())
|
||||
->addCancelButton($cancel_uri)
|
||||
->setDisabled($is_locked)
|
||||
->setValue($button));
|
||||
|
||||
|
||||
$help = $provider->getConfigurationHelp();
|
||||
if ($help) {
|
||||
$form->appendChild(id(new PHUIFormDividerControl()));
|
||||
|
|
@ -346,12 +374,16 @@ final class PhabricatorAuthEditController
|
|||
$form_box = id(new PHUIObjectBoxView())
|
||||
->setHeaderText(pht('Provider'))
|
||||
->setFormErrors($errors)
|
||||
->setValidationException($validation_exception)
|
||||
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
|
||||
->setForm($form);
|
||||
|
||||
|
||||
|
||||
$view = id(new PHUITwoColumnView())
|
||||
->setHeader($header)
|
||||
->setFooter(array(
|
||||
$locked_warning,
|
||||
$form_box,
|
||||
$footer,
|
||||
));
|
||||
|
|
|
|||
|
|
@ -78,12 +78,14 @@ final class PhabricatorAuthListController
|
|||
->setGuidanceContext($guidance_context)
|
||||
->newInfoView();
|
||||
|
||||
$is_disabled = (!$can_manage || $is_locked);
|
||||
$button = id(new PHUIButtonView())
|
||||
->setTag('a')
|
||||
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
|
||||
->setHref($this->getApplicationURI('config/new/'))
|
||||
->setIcon('fa-plus')
|
||||
->setDisabled(!$can_manage || $is_locked)
|
||||
->setDisabled($is_disabled)
|
||||
->setWorkflow($is_disabled)
|
||||
->setHref($this->getApplicationURI('config/new/'))
|
||||
->setText(pht('Add Provider'));
|
||||
|
||||
$list->setFlush(true);
|
||||
|
|
|
|||
|
|
@ -9,6 +9,27 @@ final class PhabricatorAuthNewController
|
|||
|
||||
$viewer = $this->getViewer();
|
||||
$cancel_uri = $this->getApplicationURI();
|
||||
$locked_config_key = 'auth.lock-config';
|
||||
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||
|
||||
if ($is_locked) {
|
||||
$message = pht(
|
||||
'Authentication provider configuration is locked, and can not be '.
|
||||
'changed without being unlocked. See the configuration setting %s '.
|
||||
'for details.',
|
||||
phutil_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => '/config/edit/'.$locked_config_key,
|
||||
),
|
||||
$locked_config_key));
|
||||
|
||||
return $this->newDialog()
|
||||
->setUser($viewer)
|
||||
->setTitle(pht('Authentication Config Locked'))
|
||||
->appendChild($message)
|
||||
->addCancelButton($cancel_uri);
|
||||
}
|
||||
|
||||
$providers = PhabricatorAuthProvider::getAllBaseProviders();
|
||||
|
||||
|
|
|
|||
|
|
@ -125,4 +125,25 @@ final class PhabricatorAuthProviderConfigEditor
|
|||
return parent::mergeTransactions($u, $v);
|
||||
}
|
||||
|
||||
protected function validateAllTransactions(
|
||||
PhabricatorLiskDAO $object,
|
||||
array $xactions) {
|
||||
|
||||
$errors = parent::validateAllTransactions($object, $xactions);
|
||||
|
||||
$locked_config_key = 'auth.lock-config';
|
||||
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||
|
||||
if ($is_locked) {
|
||||
$errors[] = new PhabricatorApplicationTransactionValidationError(
|
||||
null,
|
||||
pht('Config Locked'),
|
||||
pht('Authentication provider configuration is locked, and can not be '.
|
||||
'changed without being unlocked.'),
|
||||
null);
|
||||
}
|
||||
|
||||
return $errors;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue