From 9aa772ed00339b50abb4ccb3be5542986037637a Mon Sep 17 00:00:00 2001
From: Ricky Elrod <ricky@elrod.me>
Date: Mon, 7 Jan 2013 12:48:39 -0800
Subject: [PATCH] First go at Authentication config options.

Test Plan: Looked at them in the web UI.

Reviewers: epriestley, chad, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4355
---
 src/__phutil_library_map__.php                |   2 +
 ...PhabricatorAuthenticationConfigOptions.php | 120 ++++++++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 src/applications/config/option/PhabricatorAuthenticationConfigOptions.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 113f990fc1..722084f576 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -649,6 +649,7 @@ phutil_register_library_map(array(
     'PhabricatorAuditReplyHandler' => 'applications/audit/PhabricatorAuditReplyHandler.php',
     'PhabricatorAuditStatusConstants' => 'applications/audit/constants/PhabricatorAuditStatusConstants.php',
     'PhabricatorAuthController' => 'applications/auth/controller/PhabricatorAuthController.php',
+    'PhabricatorAuthenticationConfigOptions' => 'applications/config/option/PhabricatorAuthenticationConfigOptions.php',
     'PhabricatorBarePageExample' => 'applications/uiexample/examples/PhabricatorBarePageExample.php',
     'PhabricatorBarePageView' => 'view/page/PhabricatorBarePageView.php',
     'PhabricatorBaseEnglishTranslation' => 'infrastructure/internationalization/PhabricatorBaseEnglishTranslation.php',
@@ -1999,6 +2000,7 @@ phutil_register_library_map(array(
     'PhabricatorAuditPreviewController' => 'PhabricatorAuditController',
     'PhabricatorAuditReplyHandler' => 'PhabricatorMailReplyHandler',
     'PhabricatorAuthController' => 'PhabricatorController',
+    'PhabricatorAuthenticationConfigOptions' => 'PhabricatorApplicationConfigOptions',
     'PhabricatorBarePageExample' => 'PhabricatorUIExample',
     'PhabricatorBarePageView' => 'AphrontPageView',
     'PhabricatorBaseEnglishTranslation' => 'PhabricatorTranslation',
diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
new file mode 100644
index 0000000000..8034f82a37
--- /dev/null
+++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
@@ -0,0 +1,120 @@
+<?php
+
+final class PhabricatorAuthenticationConfigOptions
+  extends PhabricatorApplicationConfigOptions {
+
+  public function getName() {
+    return pht("Authentication");
+  }
+
+  public function getDescription() {
+    return pht("Options relating to authentication.");
+  }
+
+  public function getOptions() {
+    return array(
+      $this->newOption(
+        'auth.password-auth-enabled', 'bool', true)
+        ->setOptions(
+          array(
+            pht("Allow password authentication"),
+            pht("Don't allow password authentication")))
+        ->setSummary(pht("Enables password-based authentication."))
+        ->setDescription(
+          pht(
+            "Can users login with a username/password, or by following the ".
+            "link from a password reset email? You can disable this and ".
+            "configure one or more OAuth providers instead.")),
+      $this->newOption('auth.sessions.web', 'int', 5)
+        ->setSummary(
+          pht("Number of web sessions a user can have simultaneously."))
+        ->setDescription(
+          pht(
+            "Maximum number of simultaneous web sessions each user is ".
+            "permitted to have. Setting this to '1' will prevent a user from ".
+            "logging in on more than one browser at the same time.")),
+     $this->newOption('auth.sessions.conduit', 'int', 5)
+        ->setSummary(
+          pht(
+            "Number of simultaneous Conduit sessions each user is permitted."))
+        ->setDescription(
+          pht(
+            "Maximum number of simultaneous Conduit sessions each user is ".
+            "permitted to have.")),
+     $this->newOption('auth.sshkeys.enabled', 'bool', false)
+        ->setOptions(
+          array(
+            pht("Enable SSH key storage"),
+            pht("Disable SSH key storage")))
+        ->setSummary(
+          pht("Allow users to associate SSH keys with their accounts."))
+        ->setDescription(
+          pht(
+            "Set this true to enable the Settings -> SSH Public Keys panel, ".
+            "which will allow users to associated SSH public keys with their ".
+            "accounts. This is only really useful if you're setting up ".
+            "services over SSH and want to use Phabricator for ".
+            "authentication; in most situations you can leave this ".
+            "disabled.")),
+     $this->newOption('auth.require-email-verification', 'bool', false)
+        ->setOptions(
+          array(
+            pht("Require email verification"),
+            pht("Don't require email verification")))
+        ->setSummary(
+          pht("Require email verification before a user can log in."))
+        ->setDescription(
+          pht(
+            "If true, email addresses must be verified (by clicking a link ".
+            "in an email) before a user can login. By default, verification ".
+            "is optional unless 'auth.email-domains' is nonempty.")),
+     $this->newOption('auth.email-domains', 'list<string>', array())
+        ->setSummary(pht("Only allow registration from particular domains."))
+        ->setDescription(
+          pht(
+            "You can restrict allowed email addresses to certain domains ".
+            "(like 'yourcompany.com') by setting a list of allowed domains ".
+            "here. Users will only be allowed to register using email ".
+            "addresses at one of the domains, and will only be able to add ".
+            "new email addresses for these domains. If you configure this, ".
+            "it implies 'auth.require-email-verification'.\n\n".
+            "You should omit the '@' from domains. Note that the domain must ".
+            "match exactly. If you allow 'yourcompany.com', that permits ".
+            "'joe@yourcompany.com' but rejects 'joe@mail.yourcompany.com'."))
+        ->addExample(
+          "yourcompany.com\nmail.yourcompany.com",
+          pht('Valid Setting')),
+     $this->newOption('auth.login-message', 'string', null)
+        ->setLocked(true)
+        ->setSummary(pht("A block of HTML displayed on the login screen."))
+        ->setDescription(
+          pht(
+            "You can provide an arbitrary block of HTML here, which will ".
+            "appear on the login screen. Normally, you'd use this to provide ".
+            "login or registration instructions to users.")),
+     $this->newOption('account.editable', 'bool', true)
+        ->setOptions(
+          array(
+            pht("Allow editing"),
+            pht("Prevent editing")))
+        ->setSummary(
+          pht(
+            "Determines whether or not basic account information is ".
+            "editable."))
+        ->setDescription(
+          pht(
+            "Is basic account information (email, real name, profile ".
+            "picture) editable? If you set up Phabricator to automatically ".
+            "synchronize account information from some other authoritative ".
+            "system, you can disable this to ensure information remains ".
+            "consistent across both systems.")),
+     $this->newOption('account.minimum-password-length', 'int', 8)
+        ->setSummary(pht("Minimum password length."))
+        ->setDescription(
+          pht(
+            "When users set or reset a password, it must have at least this ".
+            "many characters.")),
+    );
+  }
+
+}