mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-01 19:22:42 +01:00
Actually enforce auth.lock-config
Summary: Forgot to post this after D20394. Fixes T7667. Test Plan: * Edited some providers with the config locked and unlocked. * Opened the edit form with the config unlocked, locked the config, then saved, and got a sensible error: {F6576023} Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T7667 Differential Revision: https://secure.phabricator.com/D20645
This commit is contained in:
parent
d2935fd7bd
commit
7852adb84b
4 changed files with 82 additions and 6 deletions
|
@ -79,6 +79,7 @@ final class PhabricatorAuthEditController
|
||||||
}
|
}
|
||||||
|
|
||||||
$errors = array();
|
$errors = array();
|
||||||
|
$validation_exception = null;
|
||||||
|
|
||||||
$v_login = $config->getShouldAllowLogin();
|
$v_login = $config->getShouldAllowLogin();
|
||||||
$v_registration = $config->getShouldAllowRegistration();
|
$v_registration = $config->getShouldAllowRegistration();
|
||||||
|
@ -153,12 +154,16 @@ final class PhabricatorAuthEditController
|
||||||
$editor = id(new PhabricatorAuthProviderConfigEditor())
|
$editor = id(new PhabricatorAuthProviderConfigEditor())
|
||||||
->setActor($viewer)
|
->setActor($viewer)
|
||||||
->setContentSourceFromRequest($request)
|
->setContentSourceFromRequest($request)
|
||||||
->setContinueOnNoEffect(true)
|
->setContinueOnNoEffect(true);
|
||||||
->applyTransactions($config, $xactions);
|
|
||||||
|
|
||||||
|
try {
|
||||||
|
$editor->applyTransactions($config, $xactions);
|
||||||
$next_uri = $config->getURI();
|
$next_uri = $config->getURI();
|
||||||
|
|
||||||
return id(new AphrontRedirectResponse())->setURI($next_uri);
|
return id(new AphrontRedirectResponse())->setURI($next_uri);
|
||||||
|
} catch (Exception $ex) {
|
||||||
|
$validation_exception = $ex;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$properties = $provider->readFormValuesFromProvider();
|
$properties = $provider->readFormValuesFromProvider();
|
||||||
|
@ -325,12 +330,35 @@ final class PhabricatorAuthEditController
|
||||||
|
|
||||||
$provider->extendEditForm($request, $form, $properties, $issues);
|
$provider->extendEditForm($request, $form, $properties, $issues);
|
||||||
|
|
||||||
|
$locked_config_key = 'auth.lock-config';
|
||||||
|
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||||
|
|
||||||
|
$locked_warning = null;
|
||||||
|
if ($is_locked && !$validation_exception) {
|
||||||
|
$message = pht(
|
||||||
|
'Authentication provider configuration is locked, and can not be '.
|
||||||
|
'changed without being unlocked. See the configuration setting %s '.
|
||||||
|
'for details.',
|
||||||
|
phutil_tag(
|
||||||
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => '/config/edit/'.$locked_config_key,
|
||||||
|
),
|
||||||
|
$locked_config_key));
|
||||||
|
$locked_warning = id(new PHUIInfoView())
|
||||||
|
->setViewer($viewer)
|
||||||
|
->setSeverity(PHUIInfoView::SEVERITY_WARNING)
|
||||||
|
->setErrors(array($message));
|
||||||
|
}
|
||||||
|
|
||||||
$form
|
$form
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormSubmitControl())
|
id(new AphrontFormSubmitControl())
|
||||||
->addCancelButton($cancel_uri)
|
->addCancelButton($cancel_uri)
|
||||||
|
->setDisabled($is_locked)
|
||||||
->setValue($button));
|
->setValue($button));
|
||||||
|
|
||||||
|
|
||||||
$help = $provider->getConfigurationHelp();
|
$help = $provider->getConfigurationHelp();
|
||||||
if ($help) {
|
if ($help) {
|
||||||
$form->appendChild(id(new PHUIFormDividerControl()));
|
$form->appendChild(id(new PHUIFormDividerControl()));
|
||||||
|
@ -346,12 +374,16 @@ final class PhabricatorAuthEditController
|
||||||
$form_box = id(new PHUIObjectBoxView())
|
$form_box = id(new PHUIObjectBoxView())
|
||||||
->setHeaderText(pht('Provider'))
|
->setHeaderText(pht('Provider'))
|
||||||
->setFormErrors($errors)
|
->setFormErrors($errors)
|
||||||
|
->setValidationException($validation_exception)
|
||||||
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
|
->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)
|
||||||
->setForm($form);
|
->setForm($form);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$view = id(new PHUITwoColumnView())
|
$view = id(new PHUITwoColumnView())
|
||||||
->setHeader($header)
|
->setHeader($header)
|
||||||
->setFooter(array(
|
->setFooter(array(
|
||||||
|
$locked_warning,
|
||||||
$form_box,
|
$form_box,
|
||||||
$footer,
|
$footer,
|
||||||
));
|
));
|
||||||
|
|
|
@ -78,12 +78,14 @@ final class PhabricatorAuthListController
|
||||||
->setGuidanceContext($guidance_context)
|
->setGuidanceContext($guidance_context)
|
||||||
->newInfoView();
|
->newInfoView();
|
||||||
|
|
||||||
|
$is_disabled = (!$can_manage || $is_locked);
|
||||||
$button = id(new PHUIButtonView())
|
$button = id(new PHUIButtonView())
|
||||||
->setTag('a')
|
->setTag('a')
|
||||||
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
|
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
|
||||||
->setHref($this->getApplicationURI('config/new/'))
|
|
||||||
->setIcon('fa-plus')
|
->setIcon('fa-plus')
|
||||||
->setDisabled(!$can_manage || $is_locked)
|
->setDisabled($is_disabled)
|
||||||
|
->setWorkflow($is_disabled)
|
||||||
|
->setHref($this->getApplicationURI('config/new/'))
|
||||||
->setText(pht('Add Provider'));
|
->setText(pht('Add Provider'));
|
||||||
|
|
||||||
$list->setFlush(true);
|
$list->setFlush(true);
|
||||||
|
|
|
@ -9,6 +9,27 @@ final class PhabricatorAuthNewController
|
||||||
|
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
$cancel_uri = $this->getApplicationURI();
|
$cancel_uri = $this->getApplicationURI();
|
||||||
|
$locked_config_key = 'auth.lock-config';
|
||||||
|
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||||
|
|
||||||
|
if ($is_locked) {
|
||||||
|
$message = pht(
|
||||||
|
'Authentication provider configuration is locked, and can not be '.
|
||||||
|
'changed without being unlocked. See the configuration setting %s '.
|
||||||
|
'for details.',
|
||||||
|
phutil_tag(
|
||||||
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => '/config/edit/'.$locked_config_key,
|
||||||
|
),
|
||||||
|
$locked_config_key));
|
||||||
|
|
||||||
|
return $this->newDialog()
|
||||||
|
->setUser($viewer)
|
||||||
|
->setTitle(pht('Authentication Config Locked'))
|
||||||
|
->appendChild($message)
|
||||||
|
->addCancelButton($cancel_uri);
|
||||||
|
}
|
||||||
|
|
||||||
$providers = PhabricatorAuthProvider::getAllBaseProviders();
|
$providers = PhabricatorAuthProvider::getAllBaseProviders();
|
||||||
|
|
||||||
|
|
|
@ -125,4 +125,25 @@ final class PhabricatorAuthProviderConfigEditor
|
||||||
return parent::mergeTransactions($u, $v);
|
return parent::mergeTransactions($u, $v);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function validateAllTransactions(
|
||||||
|
PhabricatorLiskDAO $object,
|
||||||
|
array $xactions) {
|
||||||
|
|
||||||
|
$errors = parent::validateAllTransactions($object, $xactions);
|
||||||
|
|
||||||
|
$locked_config_key = 'auth.lock-config';
|
||||||
|
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
|
||||||
|
|
||||||
|
if ($is_locked) {
|
||||||
|
$errors[] = new PhabricatorApplicationTransactionValidationError(
|
||||||
|
null,
|
||||||
|
pht('Config Locked'),
|
||||||
|
pht('Authentication provider configuration is locked, and can not be '.
|
||||||
|
'changed without being unlocked.'),
|
||||||
|
null);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $errors;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue