1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 09:20:58 +01:00

Make auth provider autologin modular and implement it for all OAuth2 adapters

Summary:
Ref T10785. Around the time we launched Phacility SAAS we implemented this weird autologin hack. It works fine, so clean it up, get rid of the `instanceof` stuff, and support it for any OAuth2 provider.

(We could conceivably support OAuth1 as well, but no one has expressed an interest in it and I don't think I have any OAuth1 providers configured correctly locally so it would take a little bit to set up and test.)

Test Plan:
  - Configured OAuth2 adapters (Facebook) for auto-login.
  - Saw no config option on other adapters (LDAP).
  - Nuked all options but one, did autologin with Facebook and Phabricator.
  - Logged out, got logout screen.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10785

Differential Revision: https://secure.phabricator.com/D16060
This commit is contained in:
epriestley 2016-06-06 13:04:21 -07:00
parent 511f703657
commit e1a9473eda
4 changed files with 57 additions and 13 deletions

View file

@ -113,17 +113,9 @@ final class PhabricatorAuthStartController
PhabricatorCookies::setClientIDCookie($request); PhabricatorCookies::setClientIDCookie($request);
} }
if (!$request->getURIData('loggedout') && count($providers) == 1) { $auto_response = $this->tryAutoLogin($providers);
$auto_login_provider = head($providers); if ($auto_response) {
$auto_login_config = $auto_login_provider->getProviderConfig(); return $auto_response;
if ($auto_login_provider instanceof PhabricatorPhabricatorAuthProvider &&
$auto_login_config->getShouldAutoLogin()) {
$auto_login_adapter = $provider->getAdapter();
$auto_login_adapter->setState($provider->getAuthCSRFCode($request));
return id(new AphrontRedirectResponse())
->setIsExternal(true)
->setURI($provider->getAdapter()->getAuthenticateURI());
}
} }
$invite = $this->loadInvite(); $invite = $this->loadInvite();
@ -282,4 +274,35 @@ final class PhabricatorAuthStartController
array($message)); array($message));
} }
private function tryAutoLogin(array $providers) {
$request = $this->getRequest();
// If the user just logged out, don't immediately log them in again.
if ($request->getURIData('loggedout')) {
return null;
}
// If we have more than one provider, we can't autologin because we
// don't know which one the user wants.
if (count($providers) != 1) {
return null;
}
$provider = head($providers);
if (!$provider->supportsAutoLogin()) {
return null;
}
$config = $provider->getProviderConfig();
if (!$config->getShouldAutoLogin()) {
return null;
}
$auto_uri = $provider->getAutoLoginURI($request);
return id(new AphrontRedirectResponse())
->setIsExternal(true)
->setURI($auto_uri);
}
} }

View file

@ -130,7 +130,7 @@ final class PhabricatorAuthEditController
PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS) PhabricatorAuthProviderConfigTransaction::TYPE_TRUST_EMAILS)
->setNewValue($request->getInt('trustEmails', 0)); ->setNewValue($request->getInt('trustEmails', 0));
if ($provider instanceof PhabricatorPhabricatorAuthProvider) { if ($provider->supportsAutoLogin()) {
$xactions[] = id(new PhabricatorAuthProviderConfigTransaction()) $xactions[] = id(new PhabricatorAuthProviderConfigTransaction())
->setTransactionType( ->setTransactionType(
PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN) PhabricatorAuthProviderConfigTransaction::TYPE_AUTO_LOGIN)
@ -314,7 +314,7 @@ final class PhabricatorAuthEditController
$v_trust_email)); $v_trust_email));
} }
if ($provider instanceof PhabricatorPhabricatorAuthProvider) { if ($provider->supportsAutoLogin()) {
$form->appendChild( $form->appendChild(
id(new AphrontFormCheckboxControl()) id(new AphrontFormCheckboxControl())
->addCheckbox( ->addCheckbox(

View file

@ -495,4 +495,12 @@ abstract class PhabricatorAuthProvider extends Phobject {
} }
} }
public function supportsAutoLogin() {
return false;
}
public function getAutoLoginURI(AphrontRequest $request) {
throw new PhutilMethodNotImplementedException();
}
} }

View file

@ -273,4 +273,17 @@ abstract class PhabricatorOAuth2AuthProvider
parent::willRenderLinkedAccount($viewer, $item, $account); parent::willRenderLinkedAccount($viewer, $item, $account);
} }
public function supportsAutoLogin() {
return true;
}
public function getAutoLoginURI(AphrontRequest $request) {
$csrf_code = $this->getAuthCSRFCode($request);
$adapter = $this->getAdapter();
$adapter->setState($csrf_code);
return $adapter->getAuthenticateURI();
}
} }