Adding 'Secure Browsing' config setting to Facebook OAuth.

Summary: The Graph API exposes a new field, security_settings, which allows applications to see whether a user has enabled Secure Browsing. This diff adds a configuration setting to Phabricator which forces users to have Secure Browsing enabled when logging in via Facebook.

Test Plan: With the configuration setting off, verify that secure browsing does not affect the ability to log in. With the configuration setting on and secure browsing off, verify that the login attempts is rejected. Then verify that the login attempt succeeds when secure browsing is enabled.

Reviewers: epriestley

Reviewed By: epriestley

CC: arice, aran, Korvin

Maniphest Tasks: T1487

Differential Revision: https://secure.phabricator.com/D2964

src/applications/auth/controller/PhabricatorOAuthLoginController.php

@@ -70,7 +70,7 @@ final class PhabricatorOAuthLoginController
       }
       $provider->setUserData($user_data);
     } catch (PhabricatorOAuthProviderException $e) {
-      return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
+      return $this->buildErrorResponse(new PhabricatorOAuthFailureView(), $e);
     }
     $provider->setAccessToken($this->accessToken);
 
@@ -243,12 +243,18 @@ final class PhabricatorOAuthLoginController
     return $this->delegateToController($controller);
   }
 
-  private function buildErrorResponse(PhabricatorOAuthFailureView $view) {
+  private function buildErrorResponse(PhabricatorOAuthFailureView $view,
+    Exception $e = null) {
+
     $provider = $this->provider;
 
     $provider_name = $provider->getProviderName();
     $view->setOAuthProvider($provider);
 
+    if ($e) {
+      $view->setException($e);
+    }
+
     return $this->buildStandardPageResponse(
       $view,
       array(