1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00
phorge-phorge/scripts
epriestley 7f11e8d740 Improve handling of email verification and "activated" accounts
Summary:
Small step forward which improves existing stuff or lays groudwork for future stuff:

  - Currently, to check for email verification, we have to single-query the email address on every page. Instead, denoramlize it into the user object.
    - Migrate all the existing users.
    - When the user verifies an email, mark them as `isEmailVerified` if the email is their primary email.
    - Just make the checks look at the `isEmailVerified` field.
  - Add a new check, `isUserActivated()`, to cover email-verified plus disabled. Currently, a non-verified-but-not-disabled user could theoretically use Conduit over SSH, if anyone deployed it. Tighten that up.
  - Add an `isApproved` flag, which is always true for now. In a future diff, I want to add a default-on admin approval queue for new accounts, to prevent configuration mistakes. The way it will work is:
    - When the queue is enabled, registering users are created with `isApproved = false`.
    - Admins are sent an email, "[Phabricator] New User Approval (alincoln)", telling them that a new user is waiting for approval.
    - They go to the web UI and approve the user.
    - Manually-created accounts are auto-approved.
    - The email will have instructions for disabling the queue.

I think this queue will be helpful for new installs and give them peace of mind, and when you go to disable it we have a better opportunity to warn you about exactly what that means.

Generally, I want to improve the default safety of registration, since if you just blindly coast through the path of least resistance right now your install ends up pretty open, and realistically few installs are on VPNs.

Test Plan:
  - Ran migration, verified `isEmailVerified` populated correctly.
  - Created a new user, checked DB for verified (not verified).
  - Verified, checked DB (now verified).
  - Used Conduit, People, Diffusion.

Reviewers: btrahan

Reviewed By: btrahan

CC: chad, aran

Differential Revision: https://secure.phabricator.com/D7572
2013-11-12 14:37:04 -08:00
..
aphront Delete license headers from files 2012-11-05 11:16:51 -08:00
cache Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
calendar Increment year. 2013-01-03 05:45:08 -08:00
celerity Projects Icons Series 1 2013-10-12 19:15:38 -07:00
daemon Add bin/phd log <id> to dump all logs to the CLI 2013-07-23 16:58:19 -07:00
differential Add DifferentialDiffQuery and change most callsites 2013-07-01 12:38:42 -07:00
diviner Port Diviner Core to Phabricator 2013-01-07 14:04:23 -08:00
drydock Allow leases to be explicitly released via web or CLI 2012-12-14 15:42:58 -08:00
fact Delete license headers from files 2012-11-05 11:16:51 -08:00
files Add a bin/files purge workflow 2013-05-29 06:28:57 -07:00
fpm Delete license headers from files 2012-11-05 11:16:51 -08:00
install Simplify the "update_phabricator.sh" script 2013-02-14 07:22:43 -08:00
lipsum First Diff of Test Data Generator 2013-04-12 14:07:16 -07:00
mail Move outbound mail lists to CLI and enhance details 2013-07-10 18:52:22 -07:00
profile Delete license headers from files 2012-11-05 11:16:51 -08:00
repository Add an administrative bin/repository importing command to list importing commits 2013-11-06 11:26:41 -08:00
search Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
setup Add bin/policy unlock 2013-10-01 16:01:15 -07:00
sql Add explicit mysql.port configuration 2013-07-14 16:06:23 -07:00
ssh Improve handling of email verification and "activated" accounts 2013-11-12 14:37:04 -08:00
symbols Quick hack to make symbol lookup work for C#. 2013-11-09 15:08:50 -08:00
user Fix some Phabricator lint warnings 2013-06-04 15:28:24 -07:00
util Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
__init_script__.php Consolidate environmental initialization 2012-12-25 06:15:28 -08:00
celerity_mapper.php PHUIPropertyListView 2013-10-11 07:53:56 -07:00