1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 19:22:42 +01:00

Actually enforce auth.lock-config

Summary: Forgot to post this after D20394. Fixes T7667.

Test Plan:
    * Edited some providers with the config locked and unlocked.
    * Opened the edit form with the config unlocked, locked the config, then saved, and got a sensible error: {F6576023}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T7667

Differential Revision: https://secure.phabricator.com/D20645
This commit is contained in:
Austin McKinley 2019-07-09 11:42:53 -07:00
parent d2935fd7bd
commit 7852adb84b
4 changed files with 82 additions and 6 deletions

View file

@ -79,6 +79,7 @@ final class PhabricatorAuthEditController
} }
$errors = array(); $errors = array();
$validation_exception = null;
$v_login = $config->getShouldAllowLogin(); $v_login = $config->getShouldAllowLogin();
$v_registration = $config->getShouldAllowRegistration(); $v_registration = $config->getShouldAllowRegistration();
@ -153,12 +154,16 @@ final class PhabricatorAuthEditController
$editor = id(new PhabricatorAuthProviderConfigEditor()) $editor = id(new PhabricatorAuthProviderConfigEditor())
->setActor($viewer) ->setActor($viewer)
->setContentSourceFromRequest($request) ->setContentSourceFromRequest($request)
->setContinueOnNoEffect(true) ->setContinueOnNoEffect(true);
->applyTransactions($config, $xactions);
try {
$editor->applyTransactions($config, $xactions);
$next_uri = $config->getURI(); $next_uri = $config->getURI();
return id(new AphrontRedirectResponse())->setURI($next_uri); return id(new AphrontRedirectResponse())->setURI($next_uri);
} catch (Exception $ex) {
$validation_exception = $ex;
}
} }
} else { } else {
$properties = $provider->readFormValuesFromProvider(); $properties = $provider->readFormValuesFromProvider();
@ -325,12 +330,35 @@ final class PhabricatorAuthEditController
$provider->extendEditForm($request, $form, $properties, $issues); $provider->extendEditForm($request, $form, $properties, $issues);
$locked_config_key = 'auth.lock-config';
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
$locked_warning = null;
if ($is_locked && !$validation_exception) {
$message = pht(
'Authentication provider configuration is locked, and can not be '.
'changed without being unlocked. See the configuration setting %s '.
'for details.',
phutil_tag(
'a',
array(
'href' => '/config/edit/'.$locked_config_key,
),
$locked_config_key));
$locked_warning = id(new PHUIInfoView())
->setViewer($viewer)
->setSeverity(PHUIInfoView::SEVERITY_WARNING)
->setErrors(array($message));
}
$form $form
->appendChild( ->appendChild(
id(new AphrontFormSubmitControl()) id(new AphrontFormSubmitControl())
->addCancelButton($cancel_uri) ->addCancelButton($cancel_uri)
->setDisabled($is_locked)
->setValue($button)); ->setValue($button));
$help = $provider->getConfigurationHelp(); $help = $provider->getConfigurationHelp();
if ($help) { if ($help) {
$form->appendChild(id(new PHUIFormDividerControl())); $form->appendChild(id(new PHUIFormDividerControl()));
@ -346,12 +374,16 @@ final class PhabricatorAuthEditController
$form_box = id(new PHUIObjectBoxView()) $form_box = id(new PHUIObjectBoxView())
->setHeaderText(pht('Provider')) ->setHeaderText(pht('Provider'))
->setFormErrors($errors) ->setFormErrors($errors)
->setValidationException($validation_exception)
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY) ->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
->setForm($form); ->setForm($form);
$view = id(new PHUITwoColumnView()) $view = id(new PHUITwoColumnView())
->setHeader($header) ->setHeader($header)
->setFooter(array( ->setFooter(array(
$locked_warning,
$form_box, $form_box,
$footer, $footer,
)); ));

View file

@ -78,12 +78,14 @@ final class PhabricatorAuthListController
->setGuidanceContext($guidance_context) ->setGuidanceContext($guidance_context)
->newInfoView(); ->newInfoView();
$is_disabled = (!$can_manage || $is_locked);
$button = id(new PHUIButtonView()) $button = id(new PHUIButtonView())
->setTag('a') ->setTag('a')
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE) ->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
->setHref($this->getApplicationURI('config/new/'))
->setIcon('fa-plus') ->setIcon('fa-plus')
->setDisabled(!$can_manage || $is_locked) ->setDisabled($is_disabled)
->setWorkflow($is_disabled)
->setHref($this->getApplicationURI('config/new/'))
->setText(pht('Add Provider')); ->setText(pht('Add Provider'));
$list->setFlush(true); $list->setFlush(true);

View file

@ -9,6 +9,27 @@ final class PhabricatorAuthNewController
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$cancel_uri = $this->getApplicationURI(); $cancel_uri = $this->getApplicationURI();
$locked_config_key = 'auth.lock-config';
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
if ($is_locked) {
$message = pht(
'Authentication provider configuration is locked, and can not be '.
'changed without being unlocked. See the configuration setting %s '.
'for details.',
phutil_tag(
'a',
array(
'href' => '/config/edit/'.$locked_config_key,
),
$locked_config_key));
return $this->newDialog()
->setUser($viewer)
->setTitle(pht('Authentication Config Locked'))
->appendChild($message)
->addCancelButton($cancel_uri);
}
$providers = PhabricatorAuthProvider::getAllBaseProviders(); $providers = PhabricatorAuthProvider::getAllBaseProviders();

View file

@ -125,4 +125,25 @@ final class PhabricatorAuthProviderConfigEditor
return parent::mergeTransactions($u, $v); return parent::mergeTransactions($u, $v);
} }
protected function validateAllTransactions(
PhabricatorLiskDAO $object,
array $xactions) {
$errors = parent::validateAllTransactions($object, $xactions);
$locked_config_key = 'auth.lock-config';
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
if ($is_locked) {
$errors[] = new PhabricatorApplicationTransactionValidationError(
null,
pht('Config Locked'),
pht('Authentication provider configuration is locked, and can not be '.
'changed without being unlocked.'),
null);
}
return $errors;
}
} }