mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 12:30:56 +01:00
Reduce severity of auth provider warning
Summary: Ref T7208. Now that we have approvals (new installs are safe by default), take those into account when generating this warning. Try to soften the warning to cover the case discussed in T7208, hopefully without requiring additional measures. Test Plan: {F286014} {F286015} Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T7208 Differential Revision: https://secure.phabricator.com/D11708
This commit is contained in:
parent
272ce408dc
commit
8c568d88d7
2 changed files with 71 additions and 26 deletions
|
@ -92,37 +92,59 @@ final class PhabricatorAuthListController
|
|||
$crumbs = $this->buildApplicationCrumbs();
|
||||
$crumbs->addTextCrumb(pht('Auth Providers'));
|
||||
|
||||
$config_name = 'auth.email-domains';
|
||||
$config_href = '/config/edit/'.$config_name.'/';
|
||||
$config_link = phutil_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => $config_href,
|
||||
'target' => '_blank',
|
||||
),
|
||||
$config_name);
|
||||
$domains_key = 'auth.email-domains';
|
||||
$domains_link = $this->renderConfigLink($domains_key);
|
||||
$domains_value = PhabricatorEnv::getEnvConfig($domains_key);
|
||||
|
||||
$warning = new PHUIErrorView();
|
||||
$approval_key = 'auth.require-approval';
|
||||
$approval_link = $this->renderConfigLink($approval_key);
|
||||
$approval_value = PhabricatorEnv::getEnvConfig($approval_key);
|
||||
|
||||
$email_domains = PhabricatorEnv::getEnvConfig($config_name);
|
||||
if ($email_domains) {
|
||||
$warning->setSeverity(PHUIErrorView::SEVERITY_NOTICE);
|
||||
$warning->appendChild(
|
||||
pht(
|
||||
'Only users with a verified email address at one of the %s domains '.
|
||||
'will be able to register a Phabricator account: %s',
|
||||
$config_link,
|
||||
phutil_tag('strong', array(), implode(', ', $email_domains))));
|
||||
$issues = array();
|
||||
if ($domains_value) {
|
||||
$issues[] = pht(
|
||||
'Phabricator is configured with an email domain whitelist (in %s), so '.
|
||||
'only users with a verified email address at one of these %s '.
|
||||
'allowed domain(s) will be able to register an account: %s',
|
||||
$domains_link,
|
||||
new PhutilNumber(count($domains_value)),
|
||||
phutil_tag('strong', array(), implode(', ', $domains_value)));
|
||||
} else {
|
||||
$warning->setSeverity(PHUIErrorView::SEVERITY_WARNING);
|
||||
$warning->appendChild(
|
||||
pht(
|
||||
'Anyone who can browse to this Phabricator install will be able to '.
|
||||
'register an account. To restrict who can register an account, '.
|
||||
'configure %s.',
|
||||
$config_link));
|
||||
$issues[] = pht(
|
||||
'Anyone who can browse to this Phabricator install will be able to '.
|
||||
'register an account. To add email domain restrictions, configure '.
|
||||
'%s.',
|
||||
$domains_link);
|
||||
}
|
||||
|
||||
if ($approval_value) {
|
||||
$issues[] = pht(
|
||||
'Administrative approvals are enabled (in %s), so all new users must '.
|
||||
'have their accounts approved by an administrator.',
|
||||
$approval_link);
|
||||
} else {
|
||||
$issues[] = pht(
|
||||
'Administrative approvals are disabled, so users who register will '.
|
||||
'be able to use their accounts immediately. To enable approvals, '.
|
||||
'configure %s.',
|
||||
$approval_link);
|
||||
}
|
||||
|
||||
if (!$domains_value && !$approval_value) {
|
||||
$severity = PHUIErrorView::SEVERITY_WARNING;
|
||||
$issues[] = pht(
|
||||
'You can safely ignore this warning if the install itself has '.
|
||||
'access controls (for example, it is deployed on a VPN) or if all of '.
|
||||
'the configured providers have access controls (for example, they are '.
|
||||
'all private LDAP or OAuth servers).');
|
||||
} else {
|
||||
$severity = PHUIErrorView::SEVERITY_NOTICE;
|
||||
}
|
||||
|
||||
$warning = id(new PHUIErrorView())
|
||||
->setSeverity($severity)
|
||||
->setErrors($issues);
|
||||
|
||||
$image = id(new PHUIIconView())
|
||||
->setIconFont('fa-plus');
|
||||
$button = id(new PHUIButtonView())
|
||||
|
@ -152,4 +174,14 @@ final class PhabricatorAuthListController
|
|||
));
|
||||
}
|
||||
|
||||
private function renderConfigLink($key) {
|
||||
return phutil_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => '/config/edit/'.$key.'/',
|
||||
'target' => '_blank',
|
||||
),
|
||||
$key);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -911,6 +911,19 @@ abstract class PhabricatorBaseEnglishTranslation
|
|||
'The configurations differ:',
|
||||
'The configurations differ in these ways:',
|
||||
),
|
||||
|
||||
'Phabricator is configured with an email domain whitelist (in %s), so '.
|
||||
'only users with a verified email address at one of these %s '.
|
||||
'allowed domain(s) will be able to register an account: %s' => array(
|
||||
array(
|
||||
'Phabricator is configured with an email domain whitelist (in %s), '.
|
||||
'so only users with a verified email address at %3$s will be '.
|
||||
'allowed to register an account.',
|
||||
'Phabricator is configured with an email domain whitelist (in %s), '.
|
||||
'so only users with a verified email address at one of these '.
|
||||
'allowed domains will be able to register an account: %3$s',
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue