When users follow an email login link but an install does not use passwords, try to get them to link an account
Summary:
Ref T13249. See PHI774. When users follow an email login link ("Forgot password?", "Send Welcome Email", "Send a login link to your email address.", `bin/auth recover`), we send them to a password reset flow if an install uses passwords.
If an install does not use passwords, we previously dumped them unceremoniously into the {nav Settings > External Accounts} UI with no real guidance about what they were supposed to do. Since D20094 we do a slightly better job here in some cases. Continue improving this workflow.
This adds a page like "Reset Password" for "Hey, You Should Probably Link An Account, Here's Some Options".
Overall, this stuff is still pretty rough in a couple of areas that I imagine addressing in the future:
- When you finish linking, we still dump you back in Settings. At least we got you to link things. But better would be to return you here and say "great job, you're a pro".
- This UI can become a weird pile of buttons in certain configs and generally looks a little unintentional. This problem is shared among all the "linkable" providers, and the non-login link flow is also weird.
So: step forward, but more work to be done.
Test Plan: {F6211115}
Reviewers: amckinley
Reviewed By: amckinley
Maniphest Tasks: T13249
Differential Revision: https://secure.phabricator.com/D20170
This commit is contained in:
epriestley
@@ -225,17 +225,45 @@ final class PhabricatorAuthOneTimeLoginController
|
||||
return (string)new PhutilURI($panel_uri, $params);
|
||||
}
|
||||
|
||||
$providers = id(new PhabricatorAuthProviderConfigQuery())
|
||||
// Check if the user already has external accounts linked. If they do,
|
||||
// it's not obvious why they aren't using them to log in, but assume they
|
||||
// know what they're doing. We won't send them to the link workflow.
|
||||
$accounts = id(new PhabricatorExternalAccountQuery())
|
||||
->setViewer($user)
|
||||
->withUserPHIDs(array($user->getPHID()))
|
||||
->execute();
|
||||
|
||||
$configs = id(new PhabricatorAuthProviderConfigQuery())
|
||||
->setViewer($user)
|
||||
->withIsEnabled(true)
|
||||
->execute();
|
||||
|
||||
$linkable = array();
|
||||
foreach ($configs as $config) {
|
||||
if (!$config->getShouldAllowLink()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$provider = $config->getProvider();
|
||||
if (!$provider->isLoginFormAButton()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$linkable[] = $provider;
|
||||
}
|
||||
|
||||
// If there's at least one linkable provider, and the user doesn't already
|
||||
// have accounts, send the user to the link workflow.
|
||||
if (!$accounts && $linkable) {
|
||||
return '/auth/external/';
|
||||
}
|
||||
|
||||
// If there are no configured providers and the user is an administrator,
|
||||
// send them to Auth to configure a provider. This is probably where they
|
||||
// want to go. You can end up in this state by accidentally losing your
|
||||
// first session during initial setup, or after restoring exported data
|
||||
// from a hosted instance.
|
||||
if (!$providers && $user->getIsAdmin()) {
|
||||
if (!$configs && $user->getIsAdmin()) {
|
||||
return '/auth/';
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user