Fix Facebook OAuth flow to ask for email.

Summary:

Test Plan:

Reviewers:

CC:

src/applications/auth/controller/login/PhabricatorLoginController.php

@@ -109,6 +109,7 @@ class PhabricatorLoginController extends PhabricatorAuthController {
       $redirect_uri   = $provider->getRedirectURI();
       $client_id      = $provider->getClientID();
       $provider_name  = $provider->getProviderName();
+      $minimum_scope  = $provider->getMinimumScope();
 
       // TODO: In theory we should use 'state' to prevent CSRF, but the total
       // effect of the CSRF attack is that an attacker can cause a user to login
@@ -121,6 +122,7 @@ class PhabricatorLoginController extends PhabricatorAuthController {
         ->setAction($auth_uri)
         ->addHiddenInput('client_id', $client_id)
         ->addHiddenInput('redirect_uri', $redirect_uri)
+        ->addHiddenInput('scope', $minimum_scope)
         ->setUser($request->getUser())
         ->setMethod('GET')
         ->appendChild(

src/applications/auth/oauth/provider/base/PhabricatorOAuthProvider.php

@@ -30,6 +30,7 @@ abstract class PhabricatorOAuthProvider {
   abstract public function getAuthURI();
   abstract public function getTokenURI();
   abstract public function getUserInfoURI();
+  abstract public function getMinimumScope();
 
   public function __construct() {
 

src/applications/auth/oauth/provider/facebook/PhabricatorOAuthProviderFacebook.php

@@ -54,4 +54,8 @@ class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {
     return 'https://graph.facebook.com/me';
   }
 
+  public function getMinimumScope() {
+    return 'email';
+  }
+
 }

src/applications/auth/oauth/provider/github/PhabricatorOAuthProviderGithub.php

@@ -54,4 +54,8 @@ class PhabricatorOAuthProviderGithub extends PhabricatorOAuthProvider {
     return 'https://github.com/api/v2/json/user/show';
   }
 
+  public function getMinimumScope() {
+    return null;
+  }
+
 }