1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 12:30:56 +01:00

Reduce severity of auth provider warning

Summary:
Ref T7208. Now that we have approvals (new installs are safe by default), take those into account when generating this warning.

Try to soften the warning to cover the case discussed in T7208, hopefully without requiring additional measures.

Test Plan:
{F286014}

{F286015}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7208

Differential Revision: https://secure.phabricator.com/D11708
This commit is contained in:
epriestley 2015-02-07 14:45:27 -08:00
parent 272ce408dc
commit 8c568d88d7
2 changed files with 71 additions and 26 deletions

View file

@ -92,37 +92,59 @@ final class PhabricatorAuthListController
$crumbs = $this->buildApplicationCrumbs();
$crumbs->addTextCrumb(pht('Auth Providers'));
$config_name = 'auth.email-domains';
$config_href = '/config/edit/'.$config_name.'/';
$config_link = phutil_tag(
'a',
array(
'href' => $config_href,
'target' => '_blank',
),
$config_name);
$domains_key = 'auth.email-domains';
$domains_link = $this->renderConfigLink($domains_key);
$domains_value = PhabricatorEnv::getEnvConfig($domains_key);
$warning = new PHUIErrorView();
$approval_key = 'auth.require-approval';
$approval_link = $this->renderConfigLink($approval_key);
$approval_value = PhabricatorEnv::getEnvConfig($approval_key);
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
if ($email_domains) {
$warning->setSeverity(PHUIErrorView::SEVERITY_NOTICE);
$warning->appendChild(
pht(
'Only users with a verified email address at one of the %s domains '.
'will be able to register a Phabricator account: %s',
$config_link,
phutil_tag('strong', array(), implode(', ', $email_domains))));
$issues = array();
if ($domains_value) {
$issues[] = pht(
'Phabricator is configured with an email domain whitelist (in %s), so '.
'only users with a verified email address at one of these %s '.
'allowed domain(s) will be able to register an account: %s',
$domains_link,
new PhutilNumber(count($domains_value)),
phutil_tag('strong', array(), implode(', ', $domains_value)));
} else {
$warning->setSeverity(PHUIErrorView::SEVERITY_WARNING);
$warning->appendChild(
pht(
'Anyone who can browse to this Phabricator install will be able to '.
'register an account. To restrict who can register an account, '.
'configure %s.',
$config_link));
$issues[] = pht(
'Anyone who can browse to this Phabricator install will be able to '.
'register an account. To add email domain restrictions, configure '.
'%s.',
$domains_link);
}
if ($approval_value) {
$issues[] = pht(
'Administrative approvals are enabled (in %s), so all new users must '.
'have their accounts approved by an administrator.',
$approval_link);
} else {
$issues[] = pht(
'Administrative approvals are disabled, so users who register will '.
'be able to use their accounts immediately. To enable approvals, '.
'configure %s.',
$approval_link);
}
if (!$domains_value && !$approval_value) {
$severity = PHUIErrorView::SEVERITY_WARNING;
$issues[] = pht(
'You can safely ignore this warning if the install itself has '.
'access controls (for example, it is deployed on a VPN) or if all of '.
'the configured providers have access controls (for example, they are '.
'all private LDAP or OAuth servers).');
} else {
$severity = PHUIErrorView::SEVERITY_NOTICE;
}
$warning = id(new PHUIErrorView())
->setSeverity($severity)
->setErrors($issues);
$image = id(new PHUIIconView())
->setIconFont('fa-plus');
$button = id(new PHUIButtonView())
@ -152,4 +174,14 @@ final class PhabricatorAuthListController
));
}
private function renderConfigLink($key) {
return phutil_tag(
'a',
array(
'href' => '/config/edit/'.$key.'/',
'target' => '_blank',
),
$key);
}
}

View file

@ -911,6 +911,19 @@ abstract class PhabricatorBaseEnglishTranslation
'The configurations differ:',
'The configurations differ in these ways:',
),
'Phabricator is configured with an email domain whitelist (in %s), so '.
'only users with a verified email address at one of these %s '.
'allowed domain(s) will be able to register an account: %s' => array(
array(
'Phabricator is configured with an email domain whitelist (in %s), '.
'so only users with a verified email address at %3$s will be '.
'allowed to register an account.',
'Phabricator is configured with an email domain whitelist (in %s), '.
'so only users with a verified email address at one of these '.
'allowed domains will be able to register an account: %3$s',
),
),
);
}