1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00

Restore/respect "require secure browsing" for Facebook (phabricator)

Summary:
Ref T1536. Because Facebook publishes data from Phabricator to user profiles and that data is sensitive, it wants to require secure browsing to be enabled in order to login.

Respect the existing option, and support it in the UI.

The UI part isn't reachable yet.

Test Plan: {F46723}

Reviewers: chad, btrahan

Reviewed By: chad

CC: arice, wez, aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6224
This commit is contained in:
epriestley 2013-06-18 15:52:01 -07:00
parent c42f986e1a
commit 8c8ab25fa1

View file

@ -3,12 +3,16 @@
final class PhabricatorAuthProviderOAuthFacebook
extends PhabricatorAuthProviderOAuth {
const KEY_REQUIRE_SECURE = 'oauth:facebook:require-secure';
public function getProviderName() {
return pht('Facebook');
}
protected function newOAuthAdapter() {
return new PhutilAuthAdapterOAuthFacebook();
$secure_only = PhabricatorEnv::getEnvConfig('facebook.require-https-auth');
return id(new PhutilAuthAdapterOAuthFacebook())
->setRequireSecureBrowsing($secure_only);
}
protected function getLoginIcon() {
@ -48,4 +52,76 @@ final class PhabricatorAuthProviderOAuthFacebook
return !PhabricatorEnv::getEnvConfig('facebook.auth-permanent');
}
public function readFormValuesFromProvider() {
$require_secure = PhabricatorEnv::getEnvConfig(
'facebook.require-https-auth');
// TODO: When we read from config, default this on for new providers.
return parent::readFormValuesFromProvider() + array(
self::KEY_REQUIRE_SECURE => $require_secure,
);
}
public function readFormValuesFromRequest(AphrontRequest $request) {
return parent::readFormValuesFromRequest($request) + array(
self::KEY_REQUIRE_SECURE => $request->getBool(self::KEY_REQUIRE_SECURE),
);
}
public function extendEditForm(
AphrontRequest $request,
AphrontFormView $form,
array $values,
array $issues) {
parent::extendEditForm($request, $form, $values, $issues);
$key_require = self::KEY_REQUIRE_SECURE;
$v_require = idx($values, $key_require);
$form
->appendChild(
id(new AphrontFormCheckboxControl())
->addCheckbox(
$key_require,
$v_require,
pht(
"%s ".
"Require users to enable 'secure browsing' on Facebook in order ".
"to use Facebook to authenticate with Phabricator. This ".
"improves security by preventing an attacker from capturing ".
"an insecure Facebook session and escalating it into a ".
"Phabricator session. Enabling it is recommended.",
hsprintf(
'<strong>%s</strong>',
pht('Require Secure Browsing:')))));
}
public function renderConfigPropertyTransactionTitle(
PhabricatorAuthProviderConfigTransaction $xaction) {
$author_phid = $xaction->getAuthorPHID();
$old = $xaction->getOldValue();
$new = $xaction->getNewValue();
$key = $xaction->getMetadataValue(
PhabricatorAuthProviderConfigTransaction::PROPERTY_KEY);
switch ($key) {
case self::KEY_REQUIRE_SECURE:
if ($new) {
return pht(
'%s turned "Require Secure Browsing" on.',
$xaction->renderHandleLink($author_phid));
} else {
return pht(
'%s turned "Require Secure Browsing" off.',
$xaction->renderHandleLink($author_phid));
}
}
return parent::renderConfigPropertyTransactionTitle($xaction);
}
}