OAuth linking/unlinking controls.

Summary:

Test Plan:

Reviewers:

CC:

src/applications/auth/controller/login/PhabricatorLoginController.php

@@ -25,6 +25,11 @@ class PhabricatorLoginController extends PhabricatorAuthController {
   public function processRequest() {
     $request = $this->getRequest();
 
+    if ($request->getUser()->getPHID()) {
+      // Kick the user out if they're already logged in.
+      return id(new AphrontRedirectResponse())->setURI('/');
+    }
+
     $error = false;
     $username = $request->getCookie('phusr');
     if ($request->isFormPost()) {

src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php

@@ -32,17 +32,15 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
 
   public function processRequest() {
     $current_user = $this->getRequest()->getUser();
-    if ($current_user->getPHID()) {
-      // If we're already logged in, ignore everything going on here. TODO:
-      // restore account linking.
-      return id(new AphrontRedirectResponse())->setURI('/');
-    }
 
     $provider = $this->provider;
     if (!$provider->isProviderEnabled()) {
       return new Aphront400Response();
     }
 
+    $provider_name = $provider->getProviderName();
+    $provider_key = $provider->getProviderKey();
+
     $request = $this->getRequest();
 
     if ($request->getStr('error')) {
@@ -115,12 +113,60 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
 
     $user_id = $this->retrieveUserID();
 
-    // Login with known auth.
-
     $known_oauth = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
       'oauthProvider = %s and oauthUID = %s',
       $provider->getProviderKey(),
       $user_id);
+
+    if ($current_user->getPHID()) {
+
+      if ($known_oauth) {
+        if ($known_oauth->getUserID() != $current_user->getID()) {
+          $dialog = new AphrontDialogView();
+          $dialog->setUser($current_user);
+          $dialog->setTitle('Already Linked to Another Account');
+          $dialog->appendChild(
+            '<p>The '.$provider_name.' account you just authorized '.
+            'is already linked to another Phabricator account. Before you can '.
+            'associate your '.$provider_name.' account with this Phabriactor '.
+            'account, you must unlink it from the Phabricator account it is '.
+            'currently linked to.</p>');
+          $dialog->addCancelButton('/settings/page/'.$provider_key.'/');
+
+          return id(new AphrontDialogResponse())->setDialog($dialog);
+        } else {
+          return id(new AphrontRedirectResponse())
+            ->setURI('/settings/page/'.$provider_key.'/');
+        }
+      }
+
+      if (!$request->isDialogFormPost()) {
+        $dialog = new AphrontDialogView();
+        $dialog->setUser($current_user);
+        $dialog->setTitle('Link '.$provider_name.' Account');
+        $dialog->appendChild(
+          '<p>Link your '.$provider_name.' account to your Phabricator '.
+          'account?</p>');
+        $dialog->addHiddenInput('token', $token);
+        $dialog->addSubmitButton('Link Accounts');
+        $dialog->addCancelButton('/settings/page/'.$provider_key.'/');
+
+        return id(new AphrontDialogResponse())->setDialog($dialog);
+      }
+
+      $oauth_info = new PhabricatorUserOAuthInfo();
+      $oauth_info->setUserID($current_user->getID());
+      $oauth_info->setOAuthProvider($provider_key);
+      $oauth_info->setOAuthUID($user_id);
+      $oauth_info->save();
+
+      return id(new AphrontRedirectResponse())
+        ->setURI('/settings/page/'.$provider_key.'/');
+    }
+
+
+    // Login with known auth.
+
     if ($known_oauth) {
       $known_user = id(new PhabricatorUser())->load($known_oauth->getUserID());
       $session_key = $known_user->establishSession('web');

src/applications/auth/controller/oauth/__init__.php

@@ -7,6 +7,7 @@
 
 
 phutil_require_module('phabricator', 'aphront/response/400');
+phutil_require_module('phabricator', 'aphront/response/dialog');
 phutil_require_module('phabricator', 'aphront/response/redirect');
 phutil_require_module('phabricator', 'applications/auth/controller/base');
 phutil_require_module('phabricator', 'applications/auth/oauth/provider/base');
@@ -14,6 +15,7 @@ phutil_require_module('phabricator', 'applications/auth/view/oauthfailure');
 phutil_require_module('phabricator', 'applications/files/storage/file');
 phutil_require_module('phabricator', 'applications/people/storage/user');
 phutil_require_module('phabricator', 'applications/people/storage/useroauthinfo');
+phutil_require_module('phabricator', 'view/dialog');
 phutil_require_module('phabricator', 'view/form/base');
 phutil_require_module('phabricator', 'view/form/control/submit');
 phutil_require_module('phabricator', 'view/form/control/text');

src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php

@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+class PhabricatorOAuthUnlinkController extends PhabricatorAuthController {
+
+  private $provider;
+
+  public function willProcessRequest(array $data) {
+    $this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
+  }
+
+  public function processRequest() {
+    $request = $this->getRequest();
+    $user = $request->getUser();
+
+    $provider = $this->provider;
+    $provider_name = $provider->getProviderName();
+    $provider_key = $provider->getProviderKey();
+
+    $oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
+      'userID = %d AND oauthProvider = %s',
+      $user->getID(),
+      $provider_key);
+
+    if (!$oauth_info) {
+      return new Aphront400Response();
+    }
+
+    if (!$request->isDialogFormPost()) {
+      $dialog = new AphrontDialogView();
+      $dialog->setUser($user);
+      $dialog->setTitle('Really unlink account?');
+      $dialog->appendChild(
+        '<p><strong>You will not be able to login</strong> using this account '.
+        'once you unlink it. Continue?</p>');
+      $dialog->addSubmitButton('Unlink Account');
+      $dialog->addCancelButton('/settings/page/'.$provider_key.'/');
+
+      return id(new AphrontDialogResponse())->setDialog($dialog);
+    }
+
+    $oauth_info->delete();
+
+    return id(new AphrontRedirectResponse())
+      ->setURI('/settings/page/'.$provider_key.'/');
+  }
+
+}

src/applications/auth/controller/unlink/__init__.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * This file is automatically generated. Lint this module to rebuild it.
+ * @generated
+ */
+
+
+
+phutil_require_module('phabricator', 'aphront/response/400');
+phutil_require_module('phabricator', 'aphront/response/dialog');
+phutil_require_module('phabricator', 'aphront/response/redirect');
+phutil_require_module('phabricator', 'applications/auth/controller/base');
+phutil_require_module('phabricator', 'applications/auth/oauth/provider/base');
+phutil_require_module('phabricator', 'applications/people/storage/useroauthinfo');
+phutil_require_module('phabricator', 'view/dialog');
+
+phutil_require_module('phutil', 'utils');
+
+
+phutil_require_source('PhabricatorOAuthUnlinkController.php');