1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 10:42:41 +01:00
phorge-phorge/resources/sql/patches/20130619.authconf.php
epriestley 582ec54465 Add a checkbox to the LDAP auth configuration UI to "Always Search"
Summary: Fixes T3208. This forces us to bind+search even if there are no anonymous credentials.

Test Plan: Checked the box, saved the form. Unchecked the box, saved the form. LDAP??

Reviewers: Firehed

Reviewed By: Firehed

Subscribers: epriestley

Maniphest Tasks: T3208

Differential Revision: https://secure.phabricator.com/D8723
2014-04-08 11:36:23 -07:00

164 lines
5.3 KiB
PHP

<?php
$config_map = array(
'PhabricatorAuthProviderLDAP' => array(
'enabled' => 'ldap.auth-enabled',
'registration' => true,
'type' => 'ldap',
'domain' => 'self',
),
'PhabricatorAuthProviderOAuthDisqus' => array(
'enabled' => 'disqus.auth-enabled',
'registration' => 'disqus.registration-enabled',
'permanent' => 'disqus.auth-permanent',
'oauth.id' => 'disqus.application-id',
'oauth.secret' => 'disqus.application-secret',
'type' => 'disqus',
'domain' => 'disqus.com',
),
'PhabricatorAuthProviderOAuthFacebook' => array(
'enabled' => 'facebook.auth-enabled',
'registration' => 'facebook.registration-enabled',
'permanent' => 'facebook.auth-permanent',
'oauth.id' => 'facebook.application-id',
'oauth.secret' => 'facebook.application-secret',
'type' => 'facebook',
'domain' => 'facebook.com',
),
'PhabricatorAuthProviderOAuthGitHub' => array(
'enabled' => 'github.auth-enabled',
'registration' => 'github.registration-enabled',
'permanent' => 'github.auth-permanent',
'oauth.id' => 'github.application-id',
'oauth.secret' => 'github.application-secret',
'type' => 'github',
'domain' => 'github.com',
),
'PhabricatorAuthProviderOAuthGoogle' => array(
'enabled' => 'google.auth-enabled',
'registration' => 'google.registration-enabled',
'permanent' => 'google.auth-permanent',
'oauth.id' => 'google.application-id',
'oauth.secret' => 'google.application-secret',
'type' => 'google',
'domain' => 'google.com',
),
'PhabricatorAuthProviderPassword' => array(
'enabled' => 'auth.password-auth-enabled',
'enabled-default' => false,
'registration' => false,
'type' => 'password',
'domain' => 'self',
),
);
foreach ($config_map as $provider_class => $spec) {
$enabled_key = idx($spec, 'enabled');
$enabled_default = idx($spec, 'enabled-default', false);
$enabled = PhabricatorEnv::getEnvConfigIfExists(
$enabled_key,
$enabled_default);
if (!$enabled) {
echo pht("Skipping %s (not enabled).\n", $provider_class);
// This provider was not previously enabled, so we can skip migrating it.
continue;
} else {
echo pht("Migrating %s...\n", $provider_class);
}
$registration_key = idx($spec, 'registration');
if ($registration_key === true) {
$registration = 1;
} else if ($registration_key === false) {
$registration = 0;
} else {
$registration = (int)PhabricatorEnv::getEnvConfigIfExists(
$registration_key,
true);
}
$unlink_key = idx($spec, 'permanent');
if (!$unlink_key) {
$unlink = 1;
} else {
$unlink = (int)(!PhabricatorEnv::getEnvConfigIfExists($unlink_key));
}
$config = id(new PhabricatorAuthProviderConfig())
->setIsEnabled(1)
->setShouldAllowLogin(1)
->setShouldAllowRegistration($registration)
->setShouldAllowLink(1)
->setShouldAllowUnlink($unlink)
->setProviderType(idx($spec, 'type'))
->setProviderDomain(idx($spec, 'domain'))
->setProviderClass($provider_class);
if (isset($spec['oauth.id'])) {
$config->setProperty(
PhabricatorAuthProviderOAuth::PROPERTY_APP_ID,
PhabricatorEnv::getEnvConfigIfExists(idx($spec, 'oauth.id')));
$config->setProperty(
PhabricatorAuthProviderOAuth::PROPERTY_APP_SECRET,
PhabricatorEnv::getEnvConfigIfExists(idx($spec, 'oauth.secret')));
}
switch ($provider_class) {
case 'PhabricatorAuthProviderOAuthFacebook':
$config->setProperty(
PhabricatorAuthProviderOAuthFacebook::KEY_REQUIRE_SECURE,
(int)PhabricatorEnv::getEnvConfigIfExists(
'facebook.require-https-auth'));
break;
case 'PhabricatorAuthProviderLDAP':
$ldap_map = array(
PhabricatorAuthProviderLDAP::KEY_HOSTNAME
=> 'ldap.hostname',
PhabricatorAuthProviderLDAP::KEY_PORT
=> 'ldap.port',
PhabricatorAuthProviderLDAP::KEY_DISTINGUISHED_NAME
=> 'ldap.base_dn',
PhabricatorAuthProviderLDAP::KEY_SEARCH_ATTRIBUTES
=> 'ldap.search_attribute',
PhabricatorAuthProviderLDAP::KEY_USERNAME_ATTRIBUTE
=> 'ldap.username-attribute',
PhabricatorAuthProviderLDAP::KEY_REALNAME_ATTRIBUTES
=> 'ldap.real_name_attributes',
PhabricatorAuthProviderLDAP::KEY_VERSION
=> 'ldap.version',
PhabricatorAuthProviderLDAP::KEY_REFERRALS
=> 'ldap.referrals',
PhabricatorAuthProviderLDAP::KEY_START_TLS
=> 'ldap.start-tls',
PhabricatorAuthProviderLDAP::KEY_ANONYMOUS_USERNAME
=> 'ldap.anonymous-user-name',
PhabricatorAuthProviderLDAP::KEY_ANONYMOUS_PASSWORD
=> 'ldap.anonymous-user-password',
// Update the old "search first" setting to the newer but similar
// "always search" setting.
PhabricatorAuthProviderLDAP::KEY_ALWAYS_SEARCH
=> 'ldap.search-first',
PhabricatorAuthProviderLDAP::KEY_ACTIVEDIRECTORY_DOMAIN
=> 'ldap.activedirectory_domain',
);
$defaults = array(
'ldap.version' => 3,
'ldap.port' => 389,
);
foreach ($ldap_map as $pkey => $ckey) {
$default = idx($defaults, $ckey);
$config->setProperty(
$pkey,
PhabricatorEnv::getEnvConfigIfExists($ckey, $default));
}
break;
}
$config->save();
}
echo "Done.\n";